IRS Announces New, Fraud-Busting Tax Filing Protocols
Starting in 2016, taxpayers who e-file their returns can expect to spend a little more time filing their taxes. That seems to be the only real fallout from an effort by the Internal Revenue Service, state tax agencies, and members of the tax industry to combat the recent surge in tax refund fraud. The combined effort, which culminated in the formation of a Security Summit, is in direct response to year-long attacks by cyber-thieves on the IRS data base which most recently resulted in the loss of thirty-nine million dollars. The Security Summit recently announced new safeguards designed to protect taxpayer accounts and stem tax identity theft.
On the front-end, filers will notice enhanced taxpayer authentication, meaning stronger password protection procedures. On the back-end, not necessarily noticed by filers, several return acceptance protocols have been added to ensure that returns are filed by legitimate taxpayers.
Enhanced Taxpayer Authentication
The new authentication procedure is nothing terribly drastic as it matches what banks and other companies in the financial sector have been doing for years. The new procedures include the following:
- Enhanced password standards requiring a minimum of eight characters that must include upper and lower case alpha characters as well as numerical and special characters.
- An automatic lockout feature set to a timer and for too many unsuccessful log-in attempts.
- At least three security questions.
While these enhanced authentication procedures will marginally increase the amount of time filers spend to file their taxes, they are no more extensive than those used to access their bank accounts.
More Extensive Return Acceptance Protocols
Most of the damage caused by cyber-thieves occurs on the backend, in the return submission. Tax return fraudsters were able to hack the IRS system to enable the filing of fraudulent returns. Therefore, most of the new security measures introduced by the Security Summit are designed to bolster return verification to ensure they are being submitted by legitimate taxpayers. Among the key measures are the following:
- Close examination of the transmission to check for improper or repetitive use in Internet Protocol (IP) addresses.
- Matching computer device identification data with the return’s origin.
- Tracking the amount of time used to complete the return to spot computer mechanized fraud.
Again, most of this occurs on the backend, so filers will not be affected by the additional protocols.
More Information Sharing
In order to implement these additional verification protocols, members of the Summit, including the IRS, state tax agencies, and members of the tax industry entered into an information sharing agreement. While the thought of information sharing might sound some alarms, the reality is these entities have been sharing our information for a long time. The difference with this agreement is that tax software providers have come up with twenty new data elements, or pieces of information that can be shared, to bolster the efforts of tax officials to detect and prevent fraudulent returns.
A Net Win-Win for Taxpayers
Of course, the final proof will be in the execution. A multitude of new moving parts are being added to the tax filing process, and the government does not have the best track record for implementing new technology. Assuming it goes well, the goal is to protect taxpayer accounts and prevent tax ID theft with minimum disruption to the taxpayer. If accomplished as advertised, then it will be win-win for taxpayers and big loss for cyber-thieves.
Eric Lawrence Frazier, MBA
President and CEO