IRS, Industry, States Take New Steps Together to Fight Identity Theft, Protect Taxpayers
IR-2015-87, June 11, 2015
WASHINGTON — The Internal Revenue Service joined today with representatives of tax preparation and software firms, payroll and tax financial product processors and state tax administrators to announce a sweeping new collaborative effort to combat identity theft refund fraud and protect the nation's taxpayers.
The agreement — reached after the project was originally announced March 19 — includes identifying new steps to validate taxpayer and tax return information at the time of filing. The effort will increase information sharing between industry and governments. There will be standardized sharing of suspected identity fraud information and analytics from the tax industry to identify fraud schemes and locate indicators of fraud patterns. And there will be continued collaborative efforts going forward.
"This agreement represents a new era of cooperation and collaboration among the IRS, states and the electronic tax industry that will help combat identity theft and protect taxpayers against tax refund fraud," IRS Commissioner John Koskinen said. "We've made tremendous progress, and we will continue these efforts. Taxpayers filing their tax returns next filing season should have a safer and more secure experience."
Koskinen convened a Security Summit on March 19 with the chief executive officers and leaders of private sector firm and federal and state tax administrators to discuss emerging threats on identity theft and expand existing collaborative efforts to stop fraud.
Three specialized working groups were established as part of the Summit, with members from the IRS, states and industry co-chairing and serving on each team. During the past 12 weeks, the teams focused on developing ways to validate the authenticity of taxpayers and information included on tax return submissions, information sharing to improve detection and expand prevention of refund fraud, and threat assessment and strategy development to prevent risks and threats.
The groups agreed to several important new initiatives in this unprecedented effort, including:
Taxpayer authentication. The industry and government groups identified numerous new data elements that can be shared at the time of filing to help authenticate a taxpayer and detect identity theft refund fraud. The data will be submitted to the IRS and states with the tax return transmission for the 2016 filing season. Some of these issues include, but are not limited to:
- Reviewing the transmission of the tax return, including the improper and or repetitive use of Internet Protocol numbers, the Internet ‘address’ from which the return is originating.
- Reviewing computer device identification data tied to the return’s origin.
- Reviewing the time it takes to complete a tax return, so computer mechanized fraud can be detected.
- Capturing metadata in the computer transaction that will allow review for identity theft related fraud.
Fraud identification. The groups agreed to expand sharing of fraud leads. For the first time, the entire tax industry and other parts of the tax industry will share aggregated analytical information about their filings with the IRS to help identify fraud. This post-return filing process has produced valuable fraud information because trends are easier to identify with aggregated data. Currently, the IRS obtains this analytical information from some groups. The expanded effort will ensure a level playing field so everyone approaches fraud from the same perspective, making it more difficult for the perpetration of fraud schemes.
Information assessment. In addition to continuing cooperative efforts, the groups will look at establishing a formalized Refund Fraud Information Sharing and Assessment Center (ISAC) to more aggressively and efficiently share information between the public and private sector to help stop the proliferation of fraud schemes and reduce the risk to taxpayers. This would help in many ways, including providing better data to law enforcement to improve the investigations and prosecution of identity thieves.
Cybersecurity framework. Participants with the tax industry agreed to align with the IRS and states under the National Institute of Standards and Technology (NIST) cybersecurity framework to promote the protection of information technology (IT) infrastructure. The IRS and states currently operate under this standard, as do many in the tax industry.
Taxpayer awareness and communication. The IRS, industry and states agreed that more can be done to inform taxpayers and raise awareness about the protection of sensitive personal, tax and financial data to help prevent refund fraud and identity theft. These efforts have already started, and will increase through the year and expand in conjunction with the 2016 filing season.
"Industry, states and the IRS all have a role to play in this effort," Koskinen said. "We share a common enemy in those stealing personal information and perpetrating refund fraud and we share a common goal of protecting taxpayers. We want to build these changes into the DNA of the entire tax system to make it safer."
Many major system and process changes will be made this summer and fall by the participants in order to be ready for the 2016 filing season. The public-private partnership also will continue this cooperative, collaborative approach to address not just short-term issues but longer-term issues facing the tax community and taxpayers.
The partnership parties recognize the need to continuously improve our tax system defenses for combating this threat to taxpayers and our tax system, Koskinen added. Those defenses include a continually improving multi-level identity proofing and authentication capability that anticipates and stops threats.
"I applaud the industry and the states for stepping forward to take on this challenge and making the needed changes," Koskinen. "This is good for taxpayers, good for tax administrators and good for the tax community."
Koskinen emphasized that a continuing theme throughout this effort focuses on protecting taxpayer information and privacy. “Working together we can achieve results that none of us, working alone, could accomplish,” he said.
In addition to companies from the private sector, the summit team included several groups including the Electronic Tax Administration Advisory Committee (ETAAC), the Federation of Tax Administrators (FTA) representing the states, the Council for Electronic Revenue Communication Advancement (CERCA) and the American Coalition for Taxpayer Rights (ACTR).