Security Summit

The IRS has joined with representatives of the software industry, tax preparation firms, payroll and tax financial product processors and state tax administrators to combat identity theft refund fraud to protect the nation's taxpayers.

The Security SummitPDF consists of IRS, state tax agencies and the tax community, including tax preparation firms, software developers, payroll and tax financial product processors, tax professional organizations and financial institutions. Total membership includes 42 state agencies and 20 industry offices in addition to the IRS. 

The Security Summit members are organized into six work groups, each tasked with addressing an area of need and each with a co-lead from the IRS, states and industry.

Five years following the Summit’s creation, key indicators on identity theft are moving in the right direction. Here are key, calendar-year 2019 indicators and how they compare to the 2015 base year:

Between 2015 and 2019, the number of taxpayers reporting they were identity theft victims fell 80%. These are taxpayers who file identity theft affidavits. In 2019, the IRS received 137,000 reports from taxpayers compared to 677,000 in 2015. This was the fourth consecutive year this number declined. There were 199,000 reports in 2018, 242,000 in 2017 and 401,000 in 2016.

  • Between 2015 and 2019, the number of confirmed identity theft returns stopped by the IRS declined by 68%. For 2019, there were 443,000 confirmed identity theft returns compared to 1.4 million in 2015.  However, starting in 2019, the IRS now allows taxpayers more time to respond to inquiries about the questionable return, which slows the verification process. Still the progress is clear throughout the period. There were 649,000 confirmed identity theft returns in 2018, 597,000 in 2017 and 883,000 in 2016.
  • Between 2015 and 2019, the IRS protected a combined $26 billion in fraudulent refunds by stopping confirmed identity theft returns. In 2019, the 443,000 confirmed fraudulent returns tried to obtain $1.9 billion in refunds. The IRS protected $3.1 billion in 2018, $6 billion in 2017, $6.4 billion in 2016 and $8.7 billion in 2015.
  • Between 2015 and 2019, Summit financial industry partners recovered an additional $1.7 billion in fraudulent refunds. The financial industry is a key partner in fighting identity theft, helping the IRS and states recover fraudulent refunds that may have been issued. In 2019, financial institutions recovered 112,000 federal refunds totaling $294 million. In previous years, there were 84,000 federal refunds totaling $112 million for 2018, 144,000 refunds worth $204 million in 2017, 124,000 refunds worth $281 million in 2016 and 249,000 refunds totaling $852 million in 2015.

In 2016, Security Summit partners agreed there was a need for a formal public-private partnership where sharing could take place in a collaborative environment based on partner-agreed rules.

In 2017, the IRS, state tax agencies and the tax industry created a public/private partnership, to facilitate information sharing consistent with applicable law, and analytics necessary to detect, prevent, and deter activities related to stolen identity refund fraud.

The ISAC purpose is to:

  • Facilitate information exchange for tax administration purposes related to identity theft tax refund fraud.
  • Provide a forum for participants to discuss real-time responses to such fraud schemes.
  • Promote the advancement of data analysis, capabilities, methodologies and strategies to detect, reduce, and prevent this type of fraud.

The ISAC issued its first Annual ReportPDF in April 2018. It highlights key accomplishments across three measures:

  1. Levels of industry and state participation in the ISAC.
  2. Volume and quality of alert and data contributions that identify ecosystem threats.
  3. Volume and quality of ISAC data analysis to identify suspected fraud.

This report also outlines the ISAC strategic plans going forward, to ensure a tax ecosystem where taxpayers can confidently file their taxes safely and securely.

For an overview of what the Identity Theft Tax Refund Fraud (ISAC) is doing to prevent identity theft see Using a PublicPrivate Partnership to Address a Common ProblemPDF and How the ISAC Compliments the Security SummitPDF.

2022 National Tax Security Awareness Week

The IRS, state tax agencies and the nation's tax industry held the 7th Annual National Tax Security Awareness Week on November 28–December 2, focusing attention on taxpayers protecting sensitive financial information against identity thieves.

  • Protect Your Clients; Protect Yourself – Summer 2023 — Protect Your Clients; Protect Yourself focuses on a reminder for tax pros to focus on fundamentals and to stay alert against new and ongoing threats of tax-related identity theft this summer.
  • Boost Security Immunity: Fight Against Identity Theft — Boost Security Immunity: Fight Against Identity Theft will urge tax professionals to take basic actions to stem the data theft from their offices. This is the sixth year that the Security Summit partners – the IRS, state tax agencies and the nation’s tax community – have worked to raise awareness about these issues.
  • Working Virtually: Protecting Tax Data at Home and at Work — Working Virtually: Protecting Tax Data at Home and at Work is a Security Summit awareness campaign to highlight security actions key to protecting tax professionals as they respond to COVID-19 while working remotely from their office and clients.
  • Tax Security 2.0 — The "Taxes-Security-Together" Checklist is a Security Summit awareness campaign to call on tax professionals nationwide to take time to review their current security practices, enhance safeguards where necessary and take steps to protect their businesses from global cybercriminal syndicates prowling the Internet.
  • Protect Your Clients; Protect Yourself: Security 101 — Protect Your Clients; Protect Yourself: Tax Security 101 is a Security Summit awareness campaign intended to provide tax professionals with the basic information they need to better protect taxpayer data and to help prevent the filing of fraudulent tax returns.
  • Don't Take the Bait — The Don't Take the Bait awareness series is focused on the need for tax professionals to increase their computer security and be cautious of spear phishing scams. Tax professionals must remember that they have a legal requirement under federal law to protect taxpayer information. See also: Continuing Education Credit for Qualified Data Security Courses.
  • Protect Your Clients; Protect Yourself — Every tax professional in the United States, whether a member of a major accounting firm or an owner of a one-person storefront, is a potential target for highly sophisticated, well-funded and technologically adept cybercriminals around the world.
  • Taxes-Security-Together — We are asking you, taxpayers, tax professionals and businesses, to join with us to create an even stronger partnership. Our "Taxes-Security-Together" awareness campaign is an effort to better inform you about the actions you can take to protect your sensitive data.

Organizations involved in the preparation and processing of tax returns and refunds (such as software firms, tax preparation firms, payroll processors or financial institutions and/or processors of tax time financial products) and governmental tax agencies are welcome to apply for membership in the Security Summit, a collaborative effort to fight identity theft tax refund fraud. If your agency or organization meets the required Membership CriteriaPDF, please complete the Security Summit Membership ApplicationPDF and submit a statement of interest describing your role, mission and functional responsibilities within the tax ecosystem. Also see the Required Criteria and Qualifications Statement of Interest ExamplePDF.

If you have any questions or need additional information, please email