Thomson Reuters Tax & Accounting News

Featuring content from Checkpoint

Back to Thomson Reuters Tax & Accounting News

Subscribe below to the Checkpoint Daily Newsstand Email Newsletter

IRS, states, and tax industry provide update on collaboration to fight identity theft refund fraud

IR 2015-117; Fact Sheet 2015-23, October 2015

The “Security Summit” (the Summit), a group that includes IRS, state tax authorities, and tax industry firms, has issued an update on the progress made by the Summit’s working groups in their collaborative effort to protect taxpayers from identity theft tax fraud. Included in the update are new procedures, etc. that will take effect during the upcoming 2016 filing season.

Background. On Mar. 19, 2015, IRS Commissioner Koskinen convened the Summit with the chief executive officers and leaders of private sector firms and federal and state tax administrators to discuss emerging threats on identity theft and to expand existing collaborative efforts to stop fraud. Specialized working groups were established as part of the Summit, with members from IRS, states, and industry co-chairing and serving on each team. The working groups focused on developing ways to validate the authenticity of taxpayers and information included on tax return submissions, information sharing to improve detection and expand prevention of refund fraud, and threat assessment and strategy development to prevent risks and threats.

In June, 2015, the Summit summarized its progress to date and announced several initiatives that it had agreed to. See IR 2015-87 and Weekly Alert ¶  23  06/18/2015.

October, 2015 Summit update. IRS has issued IR 2015-117 and Fact Sheet 2015-23 and Commissioner Koskinen’s press remarks providing information about the Summit’s latest accomplishments, which include:

Growth in the number of Summit members. There are now 20 major players in the tax and financial industries that are Summit members. As a result, the Security Summit now covers virtually the entire population of taxpayers who e-file their tax returns. And, 34 states have signed a memorandum of understanding regarding roles, responsibilities and information sharing pathways, with even more planning to sign in the weeks ahead.

Enhanced identity requirements and strengthened validation procedures. Software providers will enhance identity requirements and strengthen validation procedures for new and returning customers to protect against account takeover by criminals. These will include: a) new password standards to access tax software that will require a minimum of eight characters with upper case, lower case, alpha, numerical and special characters; b) new timed lockout feature and limited unsuccessful log-in attempts; c) the addition of three security questions; and d) “out-of-band” verification for email addresses, which is sending an email or text to the customer with a PIN—a common practice used throughout the financial sector. These provisions will be the most visible to taxpayers in 2016.

Detecting and preventing identity theft returns. The Summit identified and successfully tested inclusion of more than 20 new data components from tax return submissions that will be shared with IRS and the states and will assist in detecting and preventing identity theft returns. Koskinen stated that he was “not interested in giving criminals a road map to our system, so I won’t go into a lot of details on which data components we’re looking at.” However, he gave the following examples: a) “If tax returns come from the same foreign internet address, we’ll see that;” b) “If many tax returns are being filed from the same device, we’ll see that;” c) “We can also see how long it takes to prepare a return online, from the time a person logs in, to when the return is filed electronically. So if a tax return appears to be automatically generated by a machine, we’ll find that out.”

Information sharing. The Summit agreed to create an Information Sharing and Analysis Center, which will centralize and standardize data compilation and analysis. It also updated IRS Publications 1345 and 3112 for filing season 2016 to require industry e-file providers who file 2,000 or more returns to perform research and analysis and provide any identity theft data to IRS and the states.

Financial services. A new work group will explore additional ways to prevent and deter criminals from potentially accessing tax-time financial products, deposit accounts, and pre-paid debit cards.

Communication and taxpayer awareness. A new group will increase awareness among individuals, businesses, and tax professionals on the need to protect sensitive tax and financial information.

Tax professionals. Initial Summit efforts focused on tax software and tax issues surrounding the do-it-yourself taxpayer, in order to identify immediate changes for 2016. Now, a new work group will examine how new requirements will affect tax preparers who use professional software, how the preparer community will be affected by the overall data capture and reporting requirements, and how the preparer community can contribute in the prevention of identity theft and refund fraud.

Koskinen also pushes for help from Congress. In his remarks, Commissioner Koskinen asked for two types of help from Congress. First, he asked for adequate funding. “Cutting the IRS budget will do identity thieves a favor and harm more taxpayers. We’ll miss opportunities to prevent fraud, and we’ll have fewer resources to help victims.”

Second, he asked Congress to speed up the due dates of W-2s, 1099s and other third-party information returns. “This change would help us match these documents against income tax returns earlier in the tax filing process and shut out more criminals trying to file ahead of legitimate taxpayers.”

References: For identity theft, see FTC 2d/FIN ¶  T-10164.4; TaxDesk ¶  901,032.