The U.S. Internal Revenue Service (IRS) met with state tax administrators, representatives of the software industry, tax preparation firms and payroll and tax financial product processors to create ways to combat identity theft refund fraud.
The Security Summit consists of several work groups focused on the following topics:
- Communication and taxpayer awareness
- Financial services
- Information sharing and analysis
- Tax professionals
- Strategic threat assessment and response
Among the new security measures are requests for additional information on electronically filed returns. Some of these measures, such as asking for taxpayers’ driver’s license numbers, were requested by individual states for their own security measures. Others help the IRS identify patterns of identity theft fraud.
The IRS has implemented a requirement for bank account verification on e-filed returns through a new “Taxpayer verified all bank information by” field. This information used to persist from year to year, but was discontinued due to the opportunity for identity thieves to steal the information.
The IRS is also requiring bank account information from the initial e-file creation and the most recent e-file creation. Identity thieves commonly file fraudulent returns by using consistent information on the return, but change the bank account number to that of the identity thieves. By checking both account numbers, the IRS hopes to be able to determine whether account number changes are legitimate and identify patterns of fraud through thieves using the same account on multiple returns.
At the request of state representatives, the IRS is requesting, but not requiring, taxpayers’ email addresses and mobile phone numbers. The IRS also plans to implement a secure two-factor authorization system for e-services.
Various industry groups, including the American Institute of CPAs (AICPA), have provided input to the IRS on aspects of the recommendations. The IRS and other Security Summit participants hope to strike a balance between preventing identity theft and minimizing burdens on taxpayers and tax professionals. The AICPA and the VSCPA will continue to respond to member concerns.