IRS plans further steps to curb identity theft
The Internal Revenue Service, working in partnership with state tax authorities and the tax preparation industry as part of their Security Summit initiative, reported significant progress Tuesday in the battle against tax-related identity theft, with new steps planned for next tax season.
"The underlying numbers show we are making progress on multiple fronts, with significant improvements taken in 2016 and we’ve continued the dramatic trend in 2017," said IRS Commissioner John Koskinen during a conference call with reporters Tuesday. "For example, in calendar year 2016 the IRS stopped 883,000 confirmed identity theft returns. That was a 37 percent drop from 2015. This year through August, the IRS has stopped 443,000 confirmed identity theft returns, a 30 percent decline from the same period last year. This reflects the fact that we’ve made it harder for criminals to file false returns in volume, so they have to work more on an individual return-by-return basis. Another important sign involves the number of people reporting to us that they were victims of identity theft. In 2016, the number of victim reports was 376,000, a drop of 46 percent from the prior year. This year through August, 189,000 taxpayers filed victim reports, an additional drop of about 40 percent from the same period last year. Taken together over the two years, the number of taxpayers who filed victim reports has dropped by about two-thirds. "
Financial institutions stopped 124,000 suspect refunds in 2016, a 50 percent plunge from 2015. So far this year, financial institutions have stopped 127,000 suspect refunds, in part reflecting a handful of cases involving several thousand accounts.
“The states and the IRS have improved their ability to stop fraudulent refunds by working with financial institutions to help identify refunds that are questionable,” said Koskinen. “And since 2015 the IRS has been running a pilot program to test the idea of adding a verification code to W-2 forms. This helps the IRS confirm the accuracy and integrity of tens of millions of electronically filed tax returns. These and other initiatives made a significant difference for taxpayers. The underlying numbers show we are making progress on multiple fronts with significant improvements taken in 2016 and we are continuing the dramatic trends in 2017.”
New Protections for 2018
The IRS and its Security Summit partners plan to add more protections for the 2018 filing season, as well as share more data points from tax returns than in the past.
In 2018, a new Verification Code box will appear on all official W-2 forms for the first time. Many taxpayers will see a 16-character code on approximately 66 million Forms W-2 to help authenticate the W-2. Taxpayers preparing their own returns and tax professionals will be urged to enter the code if the box contains the 16-digit number.
The Summit partners are putting greater emphasis on identity theft protections for business returns in the Form 1120 and 1041 series. The IRS will be asking tax professionals to get more information on their business clients to help the IRS authenticate that the tax return being submitted is actually a legitimate return filing and not an identity theft return. Some of the new questions people may be asked to provide when filing their business, trust or estate client returns include:
• The name and Social Security number of the company individual authorized to sign the business return. Is the person signing the return authorized to do so?
• Payment history – Were estimated tax payments made? If yes, when were they made, how were they made, and how much was paid?
• Parent company information – Is there a parent company? If yes, who?
• Additional information based on deductions claimed.
• Filing history – Has the business filed Form(s) 940, 941 or other business-related tax forms?
Intuit chairman and CEO Brad Smith hailed the progress that has been made, but said more needs to be done. “American taxpayers are still under siege from cybercriminals, so we remain steadfast in our commitment to fight tax cyberfraud. We’re proud of the progress being made," he said. "This year also marked the launch of the Tax Information Sharing and Analysis Center (ISAC), which has dramatically improved real-time security information sharing to strengthen our collective ability to safeguard taxpayers. Efforts to educate taxpayers and tax professionals have also resulted in greater awareness and accountability to protect online identities and increase the safety and security of the nation’s tax system. But there’s still much work to do. We have the opportunity to build on existing trusted customer requirements to continuously improve taxpayer authentication. As technology advances, we must continue to innovate to protect taxpayer information. And for those taxpayers who become a victim of tax fraud, it is imperative that we collectively provide faster, better relief and assistance to those who depend on us."
H&R Block’s new president and CEO Jeff Jones pointed to the progress made by the Security Summit, and like Smith he also praised Koskinen’s leadership. “As recent events show—the ongoing tax reform discussion, a new IRS commissioner to be named, and three new CEOs to the Security Summit—this forum is at the cusp of change,” he said. “But one thing that likely will never change is the adaptiveness of criminals. As someone who has experienced dealing with a data breach, I know we can never let up in our fight against cybercrimes and identity theft. We should expect criminals to continue employing a variety of approaches and tactics to find vulnerabilities in the system, and so I am fully committed to the Security Summit efforts to protect the tax ecosystem and to protect the legitimate taxpayer. Security of our clients’ information remains a top priority in the battle against this persistent and evolving threat.”
John Ams, executive director of the National Society of Accountants, noted that tax professionals are an important part of the solution. “The IRS and the various stakeholders have been heavily involved in the effort to safeguard the integrity of our tax administration process,” said Ams. “The tax professional community needs to play an integral part in that safeguarding process as well because the information needed by criminals to file fraudulent returns—name, address, income, where they work, how long they have lived or worked in a particular place, if they have a mortgage or a car loan, the names of family members—that is all kept in a tax professional’s file. Taxpayer data is the key to the kingdom in this digital age, and the files kept by tax professionals are increasingly a target for cybertheft. Tax professionals take seriously our obligations to safeguard the data, but we also recognize that we are tax professionals, not IT professionals. That is why we appreciate the work of the Security Summit, the ISAC and the IRS. We need to get the message out to taxpayers and tax professionals to make sure they are aware of the threat and how to secure their data and personal information.”
Accounting Today asked Koskinen about the increasing number of phishing scams being reported by the IRS against tax professionals, and whether that was a way for them to get around some of the identity theft filters and protections the IRS and its partners have put in place.
“It’s a challenge that we’ve been worried about with the Security Summit from the start,” he responded. “That is, as the states and the IRS get more secure and more able to in fact stop direct filings, the criminals are going to get more sophisticated and try to figure out how to get more data and the place to get more data, as John [Ams] was saying, is through the preparers, or companies. So we began to see in effect the early warnings came from members of the Security Summit, both in terms of attacks on preparers as well as the phishing schemes on companies. What they’re doing, and it’s difficult for people to be careful when they’re getting emails, is they send an email that looks real, and it says either you’ve got a problem with your account, and click here to access your account. They pretend to be a way to connect with your tax preparer, or for the tax preparer to connect with their client. Or the most insidious in some ways are the emails within a company to the CFO or the human capital departments, saying from the president, 'I need a list of the employees and their W-2’s and other information.' And the information is sent, but it doesn’t go to the CEO. It goes to an organized crime syndicate. So we have spent a significant amount of time through the Summit and all of our partners with campaigns to tax preparers urging them to put in security software and other firewalls in their systems. We’ve spent a lot of time and had great cooperation with the preparer community and the professional community trying to give them not only warnings, but increasingly advice on what steps to take.”
Courtney Kay-Decker, director of Iowa’s Department of Revenue, emphasized the importance of the partnership. “From my perspective as the state tax administrator, the work of the Security Summit is truly a paradigm shift,” she said. “I would be remiss if I didn’t thank Commissioner Koskinen for all of your efforts and the efforts of your team in spearheading this effort. As we look to the work that we do at the state level, collaboration and communication among industry, states and the IRS to identify fraudulent schemes and problematic returns earlier is the critical component of the Summit. We’re better able to protect our taxpayers from tax refund fraud and from the effects of identity theft by working together.”
“Now entering its third year, the Summit’s work has already translated into tremendous success, which has decreased identity theft related tax refund fraud by two-thirds since 2015, " said Brian Tate, president and CEO of the Network Branded Prepaid Card Association, which participated in the Security Summit. "In today’s ever-changing environment, collaboration among all stakeholders is vital to protect taxpayers from identity theft and tax refund fraud. For this reason, we remain committed to participating in the Summit in order to address—and combat—fraudulent activity plaguing taxpayers.”
To help businesses and their tax preparers with these efforts, the IRS has created a new Identity Theft Guide for Business, Partnerships and Estate and Trusts.
IRS Commissioner Transition
Green Dot CEO Steve Streit congratulated Koskinen on his term as head of the IRS, where his term will expire next month, and his leadership of the Security Summit. “Because of you, Commissioner Koskinen, because of you personally supporting the initiative, it worked. Today we celebrate a great deal of success because of the efforts of so many, and because of the outstanding leadership of the entire IRS workforce and management team, led by Commissioner John Koskinen. As the commissioner’s years of service come to a close at the IRS, I wish to thank and congratulate him on a great run, not just here at the IRS, but more importantly on behalf of all Americans, we thank you for your many years of public service for our country and making America a better place. You Commissioner are the definition of an outstanding and honorable public servant and we thank you, John Koskinen.”
Koskinen survived despite efforts to oust him by Republicans in Congress. He was asked by a reporter on the call if he had any light he could shed on a successor, but couldn't provide any specifics.
“While there were some issues about how long I was going to survive I always maintained starting last December the real question was finding in enough time to get them through the review process and the confirmation process,” said Koskinen. “I’ve talked on numerous occasions with [Treasury] Secretary [Steven] Mnuchin, who I know cares greatly about this and has been working on this, there is a real focus by the administration on finding a successor. It takes about six weeks of background checks and security checks for you to get a Top Secret security clearance and have your taxes audited, so it is very possible that someone is already in that process. You can’t announce them until they’ve finished all of that.”
“I have gotten no indication about any particular name or where they are, but it would not surprise me because I know they’re focused on it that sometime in the very near future we will have a name provided,” he added.