IRS, States, and Tax Industry Implement New Safeguards

Damon Asper
Published Date:
Jan 1, 2016

Protecting taxpayers against fraud is a top priority for the IRS. But recent years have proved challenging, as criminals gather increasing amounts of personal data. The IRS, however, has made real progress in the past several years.

From 2011 through 2014, the IRS stopped 19 million suspicious returns and more than $63 billion in fraudulent refunds. Thus far in 2015, the IRS has rejected or suspended the processing of 4.5 million suspicious returns--including 1.2 million cases of confirmed identity theft--totaling $7.2 billion. It has also stopped $2.3 billion worth of other types of fraudulent refunds. That’s a total of $9.5 billion.

It is important to point out that preventing refund fraud and identity theft involves a delicate balance. The IRS, after all, has a dual mission: It must balance the need to issue refunds in a timely manner with the need to ensure that claims are proper and taxpayer rights are protected.

Years ago, taxpayers could expect to wait several weeks for a refund. Now, more than 85 percent of taxpayers file their tax returns electronically and receive refunds in 21 days or less if they choose direct deposit. Typically, the IRS receives third-party information--such as Form W-2--only after the tax return is filed. It addresses this lag time by using data modeling, filters, and compliance checks to identify potential identity theft and fraud.

Among the steps taken by the IRS in recent years to protect taxpayers are

-- Passing returns through more than 200 filters, compared to only 11 in 2012

-- Limiting the number of electronically deposited refunds into a single financial account or pre-paid debit card to three

-- Locking accounts of deceased taxpayers (29 million accounts to date)

-- Improving efforts to stop fraudulent returns from prisoners

-- Establishing the External Leads Program, which allows the IRS to receive leads from participating financial institutions (over $3 billion dollars have been recovered in the past 3 years, with over 200,000 leads per year)

-- Convicting 2,000 individuals on federal identity theft charges in recent years and currently investigating 1,700 cases

-- Improving safeguards for Electronic Filing Identification Numbers, which allow tax preparers to transmit returns electronically

Though a much-abbreviated run-down of the IRS’s recent initiatives against fraud, these actions were able to stop the vast majority of fraudulent returns. In the 2015 filing season, however, it became clear that these efforts--while important--weren’t enough. The Criminal Investigation (CI) division of the IRS saw an increase in identity theft being perpetrated by organized crime syndicates.

To improve its efforts against this complex and evolving threat, Commissioner John Koskinen convened an unprecedented meeting in March 2015 with the leaders of the electronic tax industry, the software industry, and the individual states. The IRS took immediate steps for the 2016 filing season, focusing primarily on DIY taxpayers due to the increased risk of those types of returns.

Here’s a brief rundown of the new steps for 2016:

-- The IRS agreed upon new customer standards for using tax software and enhanced security by adding levels of authentication beyond usernames and passwords. These new standards will help mitigate account takeovers. In part, they include

-- Passwords requiring a minimum of 8 characters, including upper case characters, lower case characters, special characters, and numerals
-- Automatic lock features resulting from numerous failed attempts to sign on
-- Multiple security questions
-- Out-of-band verification for email addresses, which means customers will receive an email or text containing a PIN they must enter to continue using the software

-- The IRS identified more than 20 additional data elements that software providers will submit with each return. Although the IRS is keeping them confidential, they include elements such as reviewing the time it takes to complete a tax return in order to better detect computer mechanized fraud.

-- The IRS agreed to improve its information sharing. For the first time, the entire tax industry will share aggregated analytical information about their filings with the IRS to help identify fraud. If the IRS has information on emerging schemes, it can adjust its filters to identify them. Providers who transmit 2,000 or more returns will share any schemes they identify on a weekly basis.

-- The IRS is working to create the Information Sharing and Analysis Center (ISAC) and will have that in place for the 2017 filing season.

-- The IRS, in cooperation with the payroll and software industries, is testing a W-2 Verification Code. This would be a unique 16-digit number on W-2s that taxpayers and tax preparers would enter into software to add another layer of security.

There was also an agreement to create additional working groups, including a Tax Preparer Work Group. This group will determine how the new requirements will impact professional tax preparers that use pro-tax software, how the data capture and reporting requirements will impact taxpayers, and how all taxpayers and tax preparers can better contribute to the prevention of identity theft and refund fraud.

This renewed partnership is not a one-off event; rather, it represents a new era of cooperation among the IRS, the individual states, and the tax industry--one that will help combat identity theft and protect taxpayers against refund fraud. As a result, taxpayers will have a safer and more secure experience in 2016.

On the victim assistance front, one of the significant changes the IRS made in 2015 was to realign and centralize most of such work. Previously, it addressed victim assistance cases across multiple departments, depending on the type of case and type of taxpayer. That changed in 2015. Approximately 1,300 to 1,700 employees that work in victim assistance inventory are now under one leadership team, with policy and operations under another--leading to more consistent treatment of taxpayers.

The IRS is in the midst of reviewing all victim assistance processes to see where further improvements can be made. Its goal is to reduce the time it takes to resolve a taxpayer’s case. An average case is resolved in 120 days or less, but more complex cases can take up to 180 days—due to the sheer volume of work, the difficulty in determining fraudulent returns from authentic ones, and the possibility of the fraud affecting multiple tax years. The current time frame, however, is still a vast improvement from a few years ago, when the average resolution took over 300 days.

It is obvious there is no single solution to curtailing tax-related identity theft. It takes an array of approaches, including turning to the taxpaying public for its help. On Nov. 19, Commissioner Koskinen, along with more than a dozen state tax administrators and tax industry representatives, held a news conference to launch the IRS’s “Taxes. Security. Together” campaign to increase public awareness.

The purpose of this campaign is to educate taxpayers about the need to protect their personal, financial, and tax data--both online and at home. Far too many criminals are successful in stealing sensitive information simply by asking for it. And, of course, the IRS impersonation scams also have proven persistent.

The IRS asks for your help in this campaign: Talk to your clients about security. You can easily print Publication 4524, Security Awareness for Taxpayers, and share a copy with your clients. Review your taxpayer data security plan by reading Publication 4557, which provides a checklist to ensure you are taking all steps possible to protect data. Share the IRS’s social media posts to help spread the word. We all have a role to play—please join us.

More information can be found at

asperDamon Asper is the senior advisor for Identity Theft and Refund Fraud at the IRS, in the office of Return Integrity and Compliance Services, under the Wage and Investment (W&I) Division. He provides operations and policy guidance on all issues relating to the prevention and treatment of identity theft and refund tax fraud, including data modeling and analytics, revenue protection, and victim assistance, as well as acting as a law enforcement liaison. He’s currently leading efforts to develop and implement operational solutions for recommendations set forth in the recent IRS Commissioner’s Security Summit Report, to include the public–private partnership for the prevention of identity theft and refund fraud. His more than 32 years of government service include active duty in the United States Marine Corps, over 20 years with the IRS Criminal Investigation division, and several assignments with IRS civil divisions under W&I and SBSE (Small Business/Self-Employed). He began his IRS career in Los Angeles and has held management positions in New York, Washington, D.C., and now resides in Philadelphia.

Views expressed in articles published in Tax Stringer are the authors' only and are not to be attributed to the publication, its editors, the NYSSCPA or FAE, or their directors, officers, or employees, unless expressly so stated. Articles contain information believed by the authors to be accurate, but the publisher, editors and authors are not engaged in redering legal, accounting or other professional services. If specific professional advice or assistance is required, the services of a competent professional should be sought.