The Internal Revenue Service has signed a tax-processing contract with a company that has admitted to having information on 1.5 million payment card holders and 1.1 million Social Security numbers stolen by computer hackers.
The company, RBS Worldpay, a subsidiary of the Royal Bank of Scotland, has been hired by the IRS, despite the fact that Visa has blacklisted the company for not complying with Payment Card Industry security standards, according to the Washington Post. The company announced the hacking incident in December, and in February authorities linked a string of ATM heists to the RBS data. A criminal gang allegedly used debit cards to steal millions of dollars from bank accounts.
Under the IRS contract, RBS will not be paid directly by the agency but will instead earn a 1.95 percent convenience fee on all credit card payments by taxpayers. However, RBS wont be permitted to process any payments until Jan. 20, 2010, to give it time to comply with the PCI standards and pass an IRS security audit.
The IRS has been repeatedly faulted by the Treasury Departments Inspector General for Tax Administration and the Government Accountability Office for lax computer security. The agency has also been under pressure to end its arrangements with private contractors, and recently decided not to renew contracts with two private debt collection agencies.
The National Treasury Employees Union, which has opposed privatization of IRS functions, reacted angrily to the latest contract. NTEU is very concerned about contracting at the IRS, both from a taxpayer security standpoint and efficiency standpoint, said NTEU president Colleen Kelley in a statement quoted by the Post.
