Breach, Data Security, Incident Response, Network Security, TDR

IRS Security Summit yields recommendations to fight fraud

Less than three months after convening a security summit that included the Internal Revenue Service (IRS), tax preparation companies, software firms and state government administrators, IRS Commissioner John Koskinen unveiled a series of recommendations and solutions proffered by the group to fight identity theft tax refund fraud. 

After its inception, the Summit had divided into three working groups--Authentication, Information Sharing and Strategic Threat Assessment and Response (STAR)--and the recommendations follow along those lines, which Summit participants pledged to support by signing a Memorandum of Understanding (MOU). Proposed steps, some of which the IRS said can be implemented in time for the 2016 filing season, focus on taxpayer authentication, fraud detection, cybersecurity framework, information assessment, taxpayer awareness and communication. ​

Koskinen said the IRS will authenticate taxpayer returns by reviewing the transmission of the returns, using device identification data tied to the returns origin as well as the time taken to complete returns, and capturing meta-data in computer transactions that will scan for fraud.

The IRS has also agreed, for the first time in its history, to allow the sharing of aggregated analytical data concerning fraud leads throughout the tax industry. The agency will also consider establishing a formalized Refund Fraud Information Sharing and Assessment Center (ISAC) to make sharing information between the public and private sector more efficient.

Brad Smith, CEO of Intuit, the parent company of TurboTax, in a release called the ISAC "particularly critical" to facilitating information sharing among federal and state governments and the private sector, noting it could "significantly strengthen" efforts to combat fraud.

The Commissioner urged companies that help taxpayers file returns to provide the agency with information that will help prevent fraud and set up pre-refund identification practices.

The MOU, said American Coalition for Taxpayer Rights (ACTR) Chairman Steven Barnett, general counsel for Jackson Hewitt Tax Service Inc., in a release, represents a “vital step in our efforts to combat income tax refund fraud.”

The memorandum also creates duties and responsibilities for signatories, including setting better standards for identifying fraud, allowing the industry to identify and easily report suspicious behavior while at the same time excluding personal identifiers and letting agencies frequently share updates.

“The critical thing for taxpayers to know is that new protections will be in place by the time they have to file their taxes in 2016, ” Koskinen was quoted by the release as saying at the Summit. “Each of us will be making substantive changes through the summer and fall to be ready for the next tax season."

Koskinen said that even if fraud does occur, the agency will have better post-filing analytics to determine ways to adjust security filters and prevent it from happening again. The changes are expected to be in place by early next year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.