Advertisement

SKIP ADVERTISEMENT

I.R.S. Adds New Safeguards to Thwart Identity Theft and Fraud

Reeling from an online attack that allowed criminals to steal personal information and divert tax refunds from tens of thousands of taxpayers, the Internal Revenue Service announced on Thursday a sweeping effort to step up protections against identity theft and fraud. The actions are expected to be completed by early next year, well before the April 15 filing deadline.

Collaborating with tax preparation firms and state officials, the I.R.S. promised to require a more rigorous authentication process before releasing information and refunds and to broaden efforts to pinpoint patterns of fraud.

“For the first time, everyone in the software industry will share aggregated details about their filings to help us all identify fraud,” John Koskinen, the I.R.S. commissioner, said at a news conference in Washington. He added that the “changes are being built into the D.N.A. of the entire tax system.”

The new measures are the result of a security meeting in March involving private industry representatives and government officials.

Added security filters include crosschecking returns filed electronically with Internet addresses and computer devices, and scanning for mechanized fraud by checking the time it takes to complete a return, the agency said. Tax preparers will have to transmit this information on all returns filed with federal and state governments.

At the same time, the agency will provide monthly, anonymous data reports to the tax preparation industry summarizing the latest tactics used by criminals.

Brad Smith, chief executive of the software company Intuit, which makes TurboTax, the most popular tax program in the country, said in a statement that new uniform rules requiring all industry players to report suspicious activity “will be instrumental in helping to protect and serve legitimate taxpayers and safeguard their privacy.”

Both the meeting and the agreement are signs that the agency is coming to grips with the growing threat of data breaches and fraud.

“We have come to realize we are now dealing with a much more sophisticated enemy than in the past,” Mr. Koskinen said. “It’s clear that criminals have been able to gather increasing amounts of personal data as the result of ongoing data breaches at various sources outside the tax system.”

Last month, the commissioner revealed that criminals had used taxpayers’ personal information to gain access through the agency’s website to tax returns while bilking the agency out of at least $39 million in fraudulent refunds.

Mr. Koskinen said that the group was considering creating a more formal center “to more aggressively share information between our organizations.” The commissioner, who has previously complained that years of congressional budget-cutting had hamstrung the agency’s ability to combat fraud, also called on Congress to require employers and others to send out tax information like W-2s earlier to aid the agency in spotting fraud.

Stephen M. Ryan, of the American Coalition for Taxpayer Rights, a trade association representing some of the largest tax preparation firms, emphasized that the data shared would be anonymous and in large batches “that do not include personally identifiable information.”

Several participants in the security meeting said the degree of collaboration between the private sector and tax officials went far beyond previous efforts. Mark Steber, chief tax officer of Jackson Hewitt, a tax preparation company, added that Thursday’s announcement was only the beginning, saying that the organizations planned to form a tactical group to identify “new threats and risks that we hadn’t even thought about.”

Gary Davis, a security analyst at Intel Security who was not involved with the initiative, called the latest measures “great first steps towards creating more awareness for taxpayers to understand how their personal information can easily be stolen online.”

He added: “What people don’t realize is that the information used to steal tax refunds is, for the most part, freely available online. Taxpayers should watch what they share on social media, secure their online accounts and check their credit reports annually to keep them tuned into any suspicious activity before it’s too late. Last year, someone actually filed as my daughter and it was a massive headache to get her identified as herself as she went to file this year.”

Frank AbagnaleJr., a security expert whose life as a conman was detailed in the book and movie “Catch Me if You Can,” said that both the I.R.S. and other government agencies had been “easy targets,” because they had been so slow to adopt sophisticated security protections and that “there’s no reason the federal government shouldn’t have that technology in place.”

Follow Patricia Cohen on Twitter: @PatcohenNYT

A version of this article appears in print on  , Section B, Page 3 of the New York edition with the headline: I.R.S. Adds New Guards to Thwart ID Theft. Order Reprints | Today’s Paper | Subscribe

Advertisement

SKIP ADVERTISEMENT