The Internal Revenue Service and private tax preparers say they are beefing up efforts to limit tax-related identity theft for the 2016 filing season, testing more than 20 new safeguards to protect taxpayers’ sensitive information.
The IRS, state tax authorities and tax preparation companies will begin sharing details about suspicious tax returns as they are filed, enabling tax authorities to adjust their fraud filters and catch suspicious returns more quickly. Tax preparers also agreed to roll out stricter login requirements to better protect taxpayer data.
The new safeguards mark the latest effort in a new information-sharing strategy among the IRS, state tax authorities and the private tax preparation industry to halt a surge in tax refund fraud. So far, 34 states and 20 tax preparation companies have signed on, but more are expected to enroll later.
“We have never had this level of cooperation or sharing,” IRS Commissioner John Koskinen said at a briefing Tuesday. “We will collect [information] in real time, and we will pull it together and share it back out so everyone has access to that information.”
Tax authorities and software providers have come up with a list of 20 data points about tax returns that could be shared to help the IRS and state tax agencies verify tax returns and spot fraud.
While declining to go into specifics, Koskinen said the kind of information that would be shared includes whether a return was submitted from a location or device where multiple tax returns were filed. The groups will also look at how long it takes to file and prepare tax forms to spot returns that may have been mechanically generated, he said.
Tax preparation firms also agreed to stricter login and validation requirements that can cut down on incidents of criminals taking over taxpayers’ accounts to steal personal information. For instance, software companies agreed to add three security questions and to require more secure passwords that are at least eight characters long, including upper case and lower case letters, numbers and special characters.
Software companies agreed to let customers know when a change has been made to their account or if a second tax return has been filed using their Social Security number.
But the new efforts won’t address one issue that came up earlier this year: Tax preparation companies are not required to shut down accounts that appear to be used primarily for filing fraudulent tax returns. It will still fall on the IRS and state tax authorities, however, to accept or reject a return.
Consumer advocates and security experts say software providers could take more steps to verify the identity of the people using their software to file returns.
“The government should never forget they have massive leverage over companies that depend on their unique relationships with the government to make money,” says Ed Mierzwinski, consumer program director at the U.S. Public Interest Research Group.
Identity theft has been a major theme for the agency and tax preparers this year following a spike in suspicious tax filings and an attack from hackers who stole personal information of hundreds of thousands of taxpayers. The IRS is also coping with a surge in phone-related scams from fraudsters pretending to be from the agency to intimidate taxpayers into making payments or giving up personal information.
Koskinen said the new safeguards will be as “non-burdensome as possible” for tax preparers and require “relatively incremental steps” for taxpayers.
“Filing season is going to be much more secure than in the past,” he said.