Post-Hack, IRS Rolls Out Anti-Fraud Changes

Still smarting from an identity-theft gambit and hack of its systems, the US Internal Revenue Service has announced a sweeping new collaborative effort to combat identity theft and refund fraud. The effort includes major system and process changes, which will be made this summer and fall to be ready for the 2016 filing season.

At the heart of this, the IRS said that it has worked with tax preparation and software firms, payroll and tax financial product processors, and state tax administrators to work up an information-sharing agreement that includes identifying new steps to validate taxpayer and tax return information at the time of filing.

The goal is to implement a standardized sharing of suspected identity fraud information and analytics from the tax industry to identify fraud schemes and locate indicators of fraud patterns—with continued collaborative efforts going forward, including the possible establishment of a formalized Refund Fraud Information Sharing and Assessment Center (ISAC).

"This agreement represents a new era of cooperation and collaboration among the IRS, states and the electronic tax industry that will help combat identity theft and protect taxpayers against tax refund fraud," IRS Commissioner John Koskinen said in a statement. "We've made tremendous progress, and we will continue these efforts. Taxpayers filing their tax returns next filing season should have a safer and more secure experience."

Specific initiatives include things like adopting the NIST Cybersecurity Framework, and increased taxpayer education about protecting personal data.

The IRS will also work with industry stakeholders on taxpayer authentication: Numerous elements that can be shared at the time of filing can help authenticate a taxpayer and detect identity theft refund fraud. The IRS will start: reviewing the transmission of the tax return, including the improper and or repetitive use of IP addresses; reviewing computer device identification data tied to the return’s origin; reviewing the time it takes to complete a tax return, so computer mechanized fraud can be detected; and capturing metadata in the computer transaction that will allow review for identity theft related fraud.

The groups also agreed to expand sharing of fraud leads. For the first time, the entire tax industry and other parts of the tax industry will share aggregated analytical information about their filings with the IRS to help identify fraud. This way, everyone approaches fraud from the same perspective, making it more difficult for the perpetration of fraud schemes.

"Industry, states and the IRS all have a role to play in this effort," Koskinen said. "We share a common enemy in those stealing personal information and perpetrating refund fraud and we share a common goal of protecting taxpayers. We want to build these changes into the DNA of the entire tax system to make it safer."

The IRS is still reeling from a high-profile hack that saw cyber-thieves make off with the personal details of 100,000 tax payers, after tricking officials into sending them filings from previous years belonging to the victims.

What’s Hot on Infosecurity Magazine?