Prepared Remarks of Commissioner John Koskinen at the Security Summit Press Briefing October 17, 2017


Notice: Historical Content

This is an archival or historical document and may not reflect current law, policies or procedures.

Thank you all for joining us.

We’re here today to update you on our continuing progress against tax-related identity theft, and announce additional safeguards we’re developing to ensure taxpayers and their data are protected during next year’s tax filing season.

We’ve made tremendous progress since the Security Summit partnership held its first session in 2015. This reflects the unique collaboration between the tax industry, the states and the IRS. It’s clear the Security Summit has had a significant impact on our ability to protect taxpayers.

The bottom line for taxpayers is remarkable. We’ve seen the number of identity theft-related tax returns fall by about two-thirds since 2015. Over the past two years, fewer false returns have entered the system, fewer fraudulent refunds have been issued and fewer taxpayers have reported to the IRS that they were victims of identity theft. This dramatic decline helped prevent hundreds of thousands of taxpayers from facing the challenge of dealing with identity theft issues.

Joining me are several of our Security Summit partners, and I want to thank them for being here today and helping us in this effort.

The progress we’ve made in protecting taxpayers is especially important when you look at how much sensitive personal information has fallen into the hands of criminals recently. A wide range of private and public-sector organizations have seen their systems compromised. I cannot imagine where the nation’s tax system would be today if we hadn’t started this effort back in 2015. It’s clear our steps to strengthen our systems and share information are providing an important defense for taxpayers. As tax season approaches, the protections provided by the Security Summit initiative should give comfort to taxpayers concerned their tax returns could be threatened by these recent data breaches.

Recent events are also an important reminder that we need to do everything we can to protect the tax system and taxpayer data. Thanks to the Security Summit, that’s exactly what we’re doing.

Since 2015, the IRS has worked with the states and the private sector to put many safeguards in place to stop identity thieves. Let me give you just a few examples:

  • Our industry partners have shared dozens of important data points on each incoming tax return that helps the IRS and states isolate and identify potential identity theft fraud;
  • Password protocols have been strengthened and enhanced for tax preparation software used by both individuals and tax professionals;
  • The states and the IRS have been improving their ability to stop fraudulent refunds by working with financial institutions to help identify refunds that are questionable; and
  • Since 2015, the IRS has been running a pilot program that tests the idea of adding a verification code to W-2 forms. This helps the IRS confirm the accuracy and integrity of tens of millions of electronically filed tax returns.

These and other initiatives have made a significant difference for taxpayers. The underlying numbers show we are making progress on multiple fronts, with significant improvements taken in 2016. And we continued this dramatic trend in 2017.

For example, in Calendar Year 2016, the IRS stopped 883,000 confirmed identity theft returns. That was a 37-percent drop from 2015. This year, through August, the IRS has stopped 443,000 confirmed identity theft returns. That’s a 30-percent decline from the same period last year. This reflects the fact that we’ve made it harder for criminals to file false returns in volume, so they have to work more on an individual, return-by-return basis.

Another important sign involves the number of people reporting to us that they were victims of identity theft. In 2016, the number of victim reports was 376,000, a drop of 46 percent from the prior year. This year through August, 189,000 taxpayers filed victim reports, an additional drop of about 40 percent from the same period last year.

Taken together, the number of taxpayers who filed victim reports has dropped by about two thirds in a little less than two years. And the number of confirmed identity theft tax returns is down a similar amount. These results, I think it’s fair to say, have far exceeded our initial expectations when we started the Summit process in 2015. If you talk to people around the room and the tax industry, our initial hope was to stop the huge growth in identity theft that was then underway and that threatened to overwhelm our tax system a few years ago.  Beyond that, we thought we might be able to reduce the number of victims by 10 or 15 percent. We’ve far exceeded that goal, and together, have protected hundreds of thousands of taxpayers from identity theft.

While we have made tremendous progress against tax-related identity theft over the past two years, we have much more work facing us. As we evolve, so do the cybercriminals here and abroad. As we increase protections, cybercriminals become more creative and aggressive. We have to keep working together to strengthen our defenses.

Along those lines, the IRS and its Security Summit partners are already looking at how to refine existing protections and add new ones for the 2018 filing season. For example, Summit partners will continue sharing important data points from tax returns. And we will expand our W-2 verification code pilot program to include 66 million W-2s. We encourage taxpayers and tax professionals to include these numbers when completing tax returns in 2018 as a further safeguard.

We will also increase our focus on protecting business returns from tax-related identity theft.One way we plan to do this is by asking tax professionals to obtain more key information on their business clients, such as the client’s tax payment history and parent company information. This will help us ensure that the returns we receive are from a legitimate filer and not an identity thief.

Another continuing area of focus in 2018 will be information sharing. One thing we’ve learned as we have worked together is that our progress on identity theft hinges on increasing the flow of data among Security Summit partners about emerging identity theft schemes. To increase that data flow, last January the Summit partners launched the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center, or ISAC for short. In its first year of operation, the information sharing done through the ISAC has already had a positive impact. It’s helped us stop the issuance of hundreds of thousands of dollars in potentially fraudulent refunds. Through this month, 67 security alerts have already been shared through this process. Over time, we will be working to expand the ISAC’s ability to help us identify and mitigate fraud risks.

There’s one more critical component in our fight against identity I should mention, and that’s the taxpaying public. Early on, we realized that to successfully battle identity thieves, we needed to make taxpayers a partner in this effort. That’s why a big part of the Security Summit’s focus has consistently been on outreach and communications.

We know cybercriminals are planning for the 2018 tax season just as we are. They are stockpiling the names and SSNs they have collected. They try to leverage that data to gather even more personal information. This coming filing season, more than ever, we all need to work more diligently and work together to combat this common enemy. We all have a role to play in this fight.

So, we will continue the taxpayer-focused campaign we began two years ago. It’s called “Taxes. Security. Together.” And it’s designed to increase public awareness about protecting sensitive personal data. We’re also continuing the campaign aimed at tax professionals, “Protect Your Clients – Protect Yourself.” And the Security Summit partners will again sponsor National Tax Security Awareness Week in late November, to remind everyone about the importance of data security, as we approach the holiday shopping season and the 2018 tax season.

Clearly, there’s still much more for all of us to do. But thanks to the Security Summit effort, we’ve come a long way in a short time. I want to thank all of our Summit partners for their hard work and ongoing commitment to this effort. I have no doubt that the Security Summit, which is now a permanent partnership, will keep making progress against tax-related identity theft and keep increasing taxpayer protections for years to come.

With that, let me turn it over to some representatives of the various segments working on the Security Summit. This includes the private sector tax community, the financial community, and the national tax associations. But let’s start with the states and Courtney Kay-Decker. She’s the Director of Iowa’s Department of Revenue, and has some brief remarks on the perspective of the states and the Federation of Tax Administrators.