Security Summit Partners Mark Progress in Identity Theft Battle; Prepare for 2018 Tax Season

Notice: Historical Content

This is an archival or historical document and may not reflect current law, policies or procedures.

IR-2017-176, Oct. 17, 2017

WASHINGTON — The IRS, state tax agencies and private-sector industry leaders today detailed their continued progress against tax-related identity theft and prepared additional safeguards for the 2018 filing season to curb refund fraud.

The latest IRS data continued to show significant improvements as fewer identity theft returns entered the tax system, fewer fraudulent refunds were issued and fewer taxpayers were reporting themselves as victims of identity theft.

The progress also underscored that the Security Summit partnership created in March 2015 has led to stronger federal and state tax systems than just a few years ago with important new protections for taxpayers – which take on even greater importance given recent high-profile data breaches, 

“We’ve made tremendous progress since the Security Summit partnership held its first session in 2015,” said IRS Commissioner John Koskinen. “We’ve seen the number of identity theft-related tax returns fall by about two-thirds since 2015. This dramatic decline helped prevent hundreds of thousands of taxpayers from facing the challenges of dealing with identity theft issues. This reflects the unique collaboration between the tax industry, the states and the IRS. But we have much more work facing us. As we evolve, so do the cybercriminals here and abroad. We must constantly be on guard.”

“The collaborative work of the Summit is helping states, industry and the IRS identify fraudulent schemes and tax returns earlier,” said Courtney M. Kay-Decker, director of the Iowa Department of Revenue and a representative of the Federation of Tax Administrators. “These efforts mean we are better able to protect our taxpayers from tax refund fraud and from the effects of identity theft.”

This is Koskinen’s final Security Summit meeting prior to the end of his term as IRS commissioner in November. Koskinen convened the various groups together for an unprecedented meeting in 2015. This session led to the creation of the Security Summit and a series of initiatives that resulted in greater protections for the taxpayers and the tax system.

Significant Progress Against Identity Theft in 2016 and 2017

Since 2015, the IRS has put in place numerous safeguards as the federal, state and private sectors worked together. For example, the tax industry shares dozens of important data points from returns that help the IRS and states identify potential identity theft fraud. Password protocols for both individual and tax professional software have been enhanced. States have worked with financial institutions to create their own program to help identify suspect refunds. The IRS continues to pilot a Form W-2 Verification Code that helps verify income information and employers.

“These efforts have made a remarkable difference for taxpayers,” Koskinen said. “The numbers show we are making progress on multiple fronts, with significant improvements in 2016. And we continued this dramatic trend in 2017.”

Among the highlights seen by the IRS since 2015:

  • Confirmed identity theft returns declined. In calendar year 2016, the IRS stopped 883,000 confirmed identity theft returns, a 37 percent drop in confirmed identity theft returns from 2015. During the first eight months of 2017, the IRS has stopped 443,000 confirmed identity theft returns, a 30 percent decline from same time last year.
  • Financial firms stopped suspect refunds. Financial institutions stopped 124,000 suspect refunds in 2016, a 50 percent decline from 2015. Financial institutions have stopped 127,000 suspect refunds so far this year, which in part reflects a handful of cases involving several thousand accounts.
  • Identity theft victim numbers fell substantially. The number of people reporting that they were victims of identity theft fell to 376,000 in 2016, a 46 percent decline from 699,000 in 2015. This year the strong trend line has continued through August: 189,000 taxpayers have reported themselves as victims of identity theft, which is down approximately 40 percent from the same time last year.

The IRS and its Security Summit partners are already looking at how to refine existing protections and add new ones for the 2018 filing season. For example, Summit partners will be sharing more data points from tax returns than in the past.

Also for 2018, there will be a new “Verification Code” box included on all official Forms W-2 for the first time. Many taxpayers will see a 16-character code on about 66 million Forms W-2 to assist with authenticating the Form W-2. Taxpayers preparing their own returns and tax professionals are urged to enter the code if the box contains the 16-digit number.

Due to security concerns, not everything the partners do is visible to the public or fraudsters. For example, the Summit partners continue to implement information sharing in the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC) where emerging identity theft schemes and alerts are shared within the partnership. So far this year, 67 security alerts have already been shared through this process.

New Protections for Business Returns

The Summit partners also are putting an increased emphasis on identity theft protections for business returns in the Form 1120 and 1041 series. The IRS will be asking tax professionals to gather more information on their business clients. The data being collected assists the IRS in authenticating that the tax return being submitted is actually a legitimate return filing and not an identity theft return. Some of the new questions people may be asked to provide when filing their business, trust or estate client returns include:

  • The name and Social Security number of the company individual authorized to sign the business return. Is the person signing the return authorized to do so?
  • Payment history – Were estimated tax payments made? If yes, when were they made, how were they made, and how much was paid?
  • Parent company information – Is there a parent company? If yes, who?
  • Additional information based on deductions claimed.
  • Filing history – Has the business filed Form(s) 940, 941 or other business-related tax forms?

To help businesses and business return preparers, the IRS has created a new Identity Theft Guide for Business, Partnerships and Estate and Trusts.

Taxpayers, Tax Professionals Can Help Protect Themselves

The IRS warned all tax and payroll professionals and other entities holding personally identifiable information to be especially alert to cybercriminals impersonating clients to steal additional sensitive information from their files. The IRS urged tax professionals and others to perform due diligence steps regarding email requests for personal information and watch out for phishing emails.

“We know that cybercriminals are planning for the 2018 tax season just as we are. They are stockpiling the names and SSNs they have collected. They try to leverage that data to gather even more personal information. This coming filing season, more than ever, we all need to work diligently and together to combat this common enemy,” Koskinen said. “We all have a role to play in this fight.”

The IRS and Summit partners again will continue a public awareness campaign “Taxes. Security. Together.” to remind taxpayers what steps they can take to better protect their financial data while online. The third year of this campaign will begin next month.

The IRS and Summit partners have a similar awareness program for tax professionals called “Protect Your Clients, Protect Yourself.” This summer, partners promoted a 10-week “Don’t Take the Bait” campaign aimed at warning tax preparers about various phishing scams. The Summit plans to continue this education and outreach effort to tax professionals in the months ahead.

Commissioner Koskinen's full remarks.

Comments of IRS partners on the Security Summit efforts: