IRS Re-Launches "Get Transcript" Service with Improved Security

By:
Chris Gaetano
Published Date:
Jun 9, 2016
irs-small-3The IRS announced that it has re-launched its Get Transcript Online service as part of a wider bolstering of its verification protocols. Last May the IRS was the target of a massive data breach where hackers pilfered the personal information of over 700,000 taxpayers. The perpetrators exploited did so through exploiting a security loophole in its Get Transcript Online service, which lets people access their own tax information such as names, addresses and Social Security numbers, or in the case of these hackers, someone else's. In order to prevent further harm to the victims, the IRS issued "Identity Protection PINs" so that they could verify that they are who they say they are, but this system, itself, became yet one more vector for identity theft, an irony worthy of Sophocles himself. Recognizing that they needed better security protocols, the IRS decided to just shut down the entire Get Transcript system entirely around March. 

The IRS said the new system has a much more rigorous authentication system, though it also acknowledged that this security will come at the cost of convenience for taxpayers.

“The IRS is committed to the protection of taxpayer information and the security of our systems,” said IRS Commissioner John Koskinen. “Criminals are becoming increasingly sophisticated and continue to gather vast amounts of personal information as the result of data breaches at sources outside the IRS. In the face of that threat, we must provide the strongest possible authentication processes, while trying to enhance the ability of taxpayers to legitimately access their data and use IRS services online. We recognize that enhanced security will increase the challenge for taxpayers accessing our on-line services.”

In order to access their tax transcripts now, taxpayers will first need

  • * A readily available email address;
  • * Your Social Security number or Individual Tax Identification Number;
  • * Your filing status and address from your last-filed tax return;
  • * Access to certain account numbers for either:
    • * credit card, or
    • * home mortgage loan, or
    • * home equity (second mortgage) loan, or
    • * home equity line of credit (HELOC), or
    • * car loan
  • * A readily available mobile phone. Only U.S-based mobile phones may be used. Your name must be associated with the mobile phone account. Landlines, Skype, Google Voice or similar virtual phones as well as phones associated with pay-as-you-go plans cannot be used;
  • * If you have a “credit freeze” on your credit records through Equifax, it must be temporarily lifted before you can successfully complete this process.
Then, once registered, they will need to: 

  • * Submit their name and email address to receive a confirmation code;
  • * Enter the emailed confirmation code;
  • * Provide their SSN, date of birth, filing status and address on the last filed tax return;
  • * Provide some financial account information for verification such as the last eight digits of their credit card number or car loan number or home mortgage account number or home equity (second mortgage) loan number;
  • * Enter a mobile phone number to receive a six-digit activation code via text message;
  • * Enter the activation code;
  • * Create username and password, create a site phrase and select a site image.
This is provided you have never used Get Transcript before. If you already have a login, you'll just need to submit financial account information for verification like the last eight digits of a credit card number or car loan number or home mortgage account number or home equity (second mortgage) loan account number, then submit a mobile phone number to get an activation code, and then enter that code. From that point on, users can log in again by just getting an activation code on their phones and entering it. 

The IRS also acknowledged that this is unlikely to be the last time it will need to update its security protocols, given the increasing sophistication and adaptability of cyber attacks, and so will continue to update its systems as needed. 

Click here to see more of the latest news from the NYSSCPA.