Stung by an embarrassing cyberfraud operation this year, the IRS vowed Tuesday to cut down on tax-refund identity theft in 2016 with a series of new checks designed to weed out increasingly sophisticated crimes.
While declining to give too much detail, IRS Commissioner John Koskinen said the agency has worked out new standards and tools with tax preparers, state revenue officials and cybersecurity experts that should flag some of the more common tactics.
For example, multiple returns filed from the same foreign Internet address, or from the same device, will be flagged for review. And the IRS has the ability to see how long it takes to file a return from start to finish online, so ones that are completed too quickly will be flagged, because it could indicate an automated program.
“We’re breaking new ground in the battle against stolen identity refund fraud,” Mr. Koskinen said.
The IRS earlier this year acknowledged hackers managed to steal data on some 330,000 households from agency files, and tried to get at nearly 400,000 others. The hackers used personal information already available online to circumvent checks designed to verify someone’s authenticity in the IRS’s “Get Transcript” application, which gives taxpayers access to their own files.
By successfully impersonating a taxpayer, the thieves were able to gain access to their files, get even more personal information about them, and in thousands of cases to file amended returns claiming bogus refunds — a portion of the billions of dollars of fraudulent refunds the IRS pays each year.
SEE ALSO: Hillary Clinton increases lead over Bernie Sanders in post-debate poll
“We are taking new steps upfront to protect taxpayers at the time they file and beyond,” Mr. Koskinen said. “Thanks to the cooperative efforts taking place between the industry, the states and the IRS, we will have new tools in place this January to protect taxpayers during the 2016 filing season.”
While private sector corporations have largely implemented security measures on their own before now, Mr. Koskinen said software companies, such as TurboTax, the nation’s top third-party processor, are adopting new “identity requirements and validation procedures” across the board.
Brad Smith, Intuit’s CEO, called the new measures “essential and unprecedented.”
“Together, we’re creating new ways to further validate taxpayers’ identities and the information they submit. Sharing what we’ve learned will strengthen the system and give taxpayers greater confidence when they file returns,” Mr. Smith said in a statement.
But while some within the tax-preparation industry applauded the announcement, other said more needs to be done.
“Eliminating fraud from the tax preparation industry cannot be accomplished in a few months — this is a multi-year effort,” said Bill Cobb, president and CEO of H&R Block. “I applaud Commissioner Koskinen for his leadership of the multiple IRS working groups, which have produced actionable plans that will make a difference. But this is not enough. There is much more to do.”
SEE ALSO: Obama vows to veto sanctuary city crackdown
Shane MacDougall worked for Intuit until he resigned as principal security engineer in February. In a filing with the Securities and Exchange Commission that month, Mr. MacDougall said his former employer “systematically prioritized profits over ethics when it came to its processing of fraudulent tax filings,” and had repeatedly rebuffed his efforts to address the issue.
“I absolutely think that the tax industry already has made massive changes as a result of our complaint,” Mr. MacDougall told the Washington Times on Tuesday.
“Now that the industry has been called out and the public is aware of how they’ve been making money off fraud, they’re not going to stand for it,” he said. “I think now that it’s been exposed for all to see, the industry and the IRS had to take steps to solve it.” According to Mr. MacDougall, much of the government’s advice has already been implemented for several years. But by making them mandatory, he told The Times, he expects “it will reduce the amount of fraud that companies are going to allow to fly under the IRS’ radar.”
“The industry in general has the tools it needs to cut down on fraud,” he said. “If they want to stop it, they can stop it.”
In the meantime, the former Intuit security engineer cautioned that Americans should be wary regardless of handing over their personal information to anyone other than the IRS directly. “I’d still recommend people file by paper and not use online filing,” he said.
• Stephen Dinan can be reached at sdinan@washingtontimes.com.
Please read our comment policy before commenting.