The security of the Internal Revenue Service’s new online app for requesting tax transcripts is receiving extra scrutiny after the security and vulnerability to identity theft has been questioned, but the IRS contended it is taking steps to safeguard the security of the service.
The IRS introduced the Get Transcript online service this tax season as a way to provide self-service for taxpayers and offer more efficiency during a period of successive budget cuts at the agency that have reduced phone service for taxpayers. The service allows taxpayers to get a record of their past tax returns, known as a transcript. IRS transcripts are often used to validate income and tax filing status for mortgage applications, student and small business loan applications and during tax preparation, the IRS noted on the Web page for the service. With the service users can download and print their transcript immediately, or request the transcript be mailed to their address on record.
However, the technology site InformationWeek reported warnings Monday from a former IRS attorney that the new service could be vulnerable to identity theft and that the IRS’s technology security might not be able to protect the sensitive data.
“The IRS has long directed itself to data security practices," said Kenneth Ryesky, a former IRS attorney who teaches business law and taxation at Queens College in N.Y., told the publication. “It has done an abysmal job of data stewardship—that is, how it processes, handles, verifies and utilizes the data it strives to keep secure.”
The Treasury Inspector General for Tax Administration has also reported frequently on problems with various aspects of the IRS’s security, although it has acknowledged the agency is making improvements (see TIGTA: Weaknesses Remain in IRS IT Security, Controls).
Accounting Today asked an IRS spokesman about the security of the new online transcript service, and the IRS defended its security practices.
“The security of taxpayer information is critically important to the IRS,” said the IRS in an emailed statement. “IRS complies with government-wide National Institute of Standards and Technology (NIST) guidelines for authentication. In addition to standard features historically used by the IRS (e.g. name, social security number, etc.), like many other leading public and private enterprises the IRS’s new Get Transcript tool uses out-of-wallet’ information to authenticate the request, which provides an additional new layer of security.”
The IRS also announced Tuesday that it has added the new Get Transcript service to its IRS2Go mobile app for Apple and Android mobile devices, along with other features including the ability to track the status of a tax refund (see IRS Adds Tax Refund Status Tracker to Smartphone App).