2016 Security Summit Actions and Results Released by IRS
The IRS has posted information from 2016 Security Summit outlining steps the IRS and other parties have taken to attempt to combat income tax refund fraud and identity theft in News Release IR-2016-94 and Fact Sheet FS-2016-21.
The Security Summit project, which began in 2015, involves the IRS, state taxing agencies and interested private sector organizations in developing responses that attempt to deal with the problems of tax related identity theft and refund fraud. Beginning July 1, 2016 the Security Summit will work under the auspices of the Electronic Tax Administration Advisory Council (ETAAC), with ETAAC’s charter expanded to deal with identity theft.
The press release highlighted the following highlights of the 2016 conference:
- New protocols required all individual tax software customers to update their security credentials to a minimum eight-digit password and establish security questions.
- Software providers shared approximately 20 data elements from tax returns with the IRS and states to help identify possible fraud. These elements are confidential but include information to identify returns prepared quickly by automated programs.
- Industry partners performed regular reviews to identify possible identity theft schemes and report them to the IRS and state partners to help stay on top of emerging schemes.
- Summit partners launched a “Taxes. Security. Together” campaign to increase public awareness about the need for computer security and provide people with tips on how to protect their personal information.
The press release highlighted the following accomplishments related to tax refund fraud and tax related identity theft:
- From January through April 2016, the IRS stopped $1.1 billion in fraudulent refunds claimed by identity thieves on more than 171,000 tax returns; compared to $754 million in fraudulent refunds claimed on 141,000 returns for the same period in 2015. Better data from returns and information about schemes meant better internal processing filters to identify identity theft tax returns.
- Thanks to leads reported from industry partners, the IRS suspended for further review 36,000 suspicious returns January through May 8, 2016, and $148 million in claimed refunds. This was twice the amount of the same period in 2015 of 15,000 returns claiming $98 million. Had industry not flagged these returns, these returns would have passed through IRS processing filters.
- Because of Summit efforts, the number of anticipated taxpayer victims fell between 2015 and 2016. Since January, the IRS Identity Theft Victim Assistance function experienced a marked drop of 48 percent in receipts, which includes Identity Theft Affidavits (Form 14039) filed by victims and other identity theft related correspondence.
- The number of refunds that banks and financial institutions returned to the IRS because they appear suspicious dropped by 66 percent. This is another indication that improved data led to better filters, which reduced the number of bad refunds being issued.
- The Rapid Response Team tackled emerging issues. This team, working together, was able to shut down one scheme in which a criminal stole client data from a tax preparer.
- Working together, Summit partners were able to warn the public – including the payroll industry, human resources and tax preparers – of emerging scams in which criminals either posed as company executives to steal employee Form W-2 information or instances where criminals used technology to gain remote control of preparers’ office computers.
The release also highlighted new initiatives for 2017:
- Expanding a W-2 Verification Code test to cover approximately 50 million forms in 2017. The selected forms contain a 16-digit code that taxpayers and tax preparers enter when prompted by software. The code helps validate not only the taxpayer’s identity but also the information on the form. This pilot is among the most visible Summit action for 2017.
- Identifying additional data elements from tax returns that will help improve authentication of the taxpayer and identify possible identity theft scams and sharing data elements from corporate tax returns.
- Launching the Identity Theft Tax Refund Fraud Information Sharing & Analysis Center (IDTTRF-ISAC) in 2017. This will serve as the early warning system for partners, collecting and analyzing tax-related identity theft schemes.
- Expanding the Security Summit’s “Taxes. Security. Together.” awareness campaign to tax return preparers to ensure they have the information they need to protect themselves from cyberattacks and to safeguard taxpayer data.
- Creating a process for financial institutions to identify questionable state tax refunds and return them to states for validation. Twenty-three states have signed on.
The related fact sheet contains a few additional details of the summit’s 2017 activities. Of specific interest is the tax professionals work group which will undertake the following project:
- The work group will collaborate with the Communication and Taxpayer Awareness Work Group on an outreach and education campaign aimed at tax professionals. The news release specifically mentions attempting to inform professional regarding steps they should be taking to protect themselves from cyberattacks and being able to protect taxpayer data.
- This outreach will also include a filing season guide on locating available information regarding returns filed with a preparer EFIN or PTIN, and the importance of using the capability regularly to detect potential identity theft.