FS-2016-21, June 2016 The Internal Revenue Service, state tax agencies and private-sector industry continued their unprecedented Security Summit partnership by identifying and implementing additional taxpayer safeguards for the upcoming 2017 filing season. IRS Commissioner John Koskinen convened the public and private tax administration leaders in 2015 to meet the evolving threat posed by increasingly sophisticated identity thieves, which included national and international criminal syndicates. For 2017, the emphasis remains on authentication of legitimate tax filers, information sharing and cybersecurity. Most activities also will be invisible to taxpayers but will be extremely helpful to Summit partners in detecting and preventing identity theft returns and fraudulent refunds. The Security Summit consists of seven work groups. The 2017 initiatives include: Authentication Work Group The IRS and its partners in the payroll and software industries will greatly expand a pilot program to add W-2 Verification Codes to 50 million Forms W-2 in 2017. This safeguard will be among the most visible to taxpayers and tax preparers in the 2017 filing season. The Verification Code is a 16-digit alphanumeric code that taxpayers and tax preparers enter when prompted by their software product. A smaller test involving 2 million forms in 2016 was extremely successful in verifying the information on the forms. The objective is to verify the information at the point of filing and prevent fraudsters from using fake Forms W-2 to create fraudulent refunds. State and the IRS will receive new data elements from individual returns that will help improve authentication of the taxpayer and identify possible identity theft scams. These new data elements are in addition to the more than 20 elements identified last year. Partners also will share data elements from corporate tax returns to expand identity theft protections to businesses. Partners will enhance authentication efforts of tax return preparers and transmitters using Electronic Filing Identification Numbers (EFINs.) Communication and Taxpayer Awareness Work Group The Security Summit’s “Taxes. Security. Together.” campaign will expand to also focus its efforts on education and outreach aimed at the nation’s 700,000 tax return preparers and making sure they have the information they need to protect themselves from cyberattacks and to safeguard taxpayer data. This work group will collaborate with the Tax Professional Work Group on outreach efforts. Financial Services Work Group Twenty-three states worked with the financial industry on an external leads program, similar to the IRS External Leads Program. The program, starting in 2017, allows the financial industry to help identify those state tax refunds that appear fraudulent and return them to states for validation and review rather than depositing them. In an effort to ensure that refunds go only into proper accounts, the Summit partners expanded the definition of Ultimate Bank Account to include all refund transfer products, including gift and pre-paid cards, paper checks and direct deposit. UBA helps identify actual owners of the account. States and the IRS also will expand real-time communications with the pre-paid card industry to block accounts associated with fraud. The work group also is conducting several “test and learn” pilot programs to enhance ways of identifying and stopping fraudulent or questionable refunds. The work group also will work with financial institutions to identify best practices used to identify fraudulent refunds and share that information with other financial institutions. Information Sharing Work Group The work group will collaborate with the Authentication Work Group to evaluate proposed additional data elements from electronic returns and work with industry and state partners for testing the proposed data elements. The work group will improve existing documents, reports and processes, including enhancing analysis of leads to provide more meaningful communication to state and industry partners. The improved communication may provide alerts on filing patterns and other actionable information on questionable filing activity and that will boost efforts to reduce identity theft refund fraud across all platforms. Confirmed identity theft account information will be provided to industry and states at the start of the filing season to provide Summit partners with the opportunity to analyze the information and update their internal fraud and processing filters. The work group also will analyze and address industry lead reporting compliance with Publication 1345 and the requirement upon industry to provide identity theft data. Information Sharing and Analysis Center Work Group (ISAC) Like early warning radar, a new Identity Theft Tax Refund Fraud Information Sharing & Analysis Center (IDTTRF-ISAC)will launch in 2017. A tax ecosystem ISAC will allow for significant gains in detecting and preventing identity theft refund fraud and will provide better data to law enforcement to investigate and prosecute identity thieves. This will provide all Summit partners with a threat assessment capability, early warning and insights about identity theft fraud schemes through nimble and agile information sharing. Tax Professionals Work Group The work group will collaborate with the Communication and Taxpayer Awareness Work Group on an outreach and education campaign aimed at tax professionals. This outreach will also include a filing season guide on locating available information regarding returns filed with a preparer EFIN or PTIN, and the importance of using the capability regularly to detect potential identity theft. Strategic Threat Assessment and Response (STAR) Work Group Tax industry participants will begin implementation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. STAR work group plans include determining future assessment criteria, compliance options and sharing best cybersecurity practices through continued education and outreach. The STAR work group plans to develop a cyber-threat assessment of the tax ecosystem, incorporate any changes in NIST guidance and continue implementation of the Cybersecurity Framework. In addition, there will be continued support for the Authentication and Information Sharing work groups as well as a focus on continued outreach and education for the participants. Related Actions Starting July 1, 2016, the Security Summit’s efforts will come under the Electronic Tax Administration Advisory Committee (ETAAC). An amendment to ETAAC’s charter expanded its scope to include identity theft. Actions taken for the 2016 filing season can be found in Fact Sheet 2015-23, IRS, States and Industry Partners Provide Update on Collaborative Fight Against Tax-Related Identity Theft. See news release IR-2016-94 for additional details.