Taxpayer First Act: Enhancing identification verification and modernizing the IRS

Decreasing prices and effectively serving clients on-line is an goal of most organizations. That is additionally true for many federal businesses, however for the reason that first web site was created, federal businesses have confronted the fixed problem of verifying the identities of their on-line customers. Massive-scale breaches have put residents’ personally identifiable data (PII) up on the market on the darkish internet, rising the challenges of identification verification. How are you going to be sure who’s accessing a web site and transacting enterprise?

Identification verification and the GAO studies

In June 2018, the Authorities Accountability Workplace (GAO) revealed a report entitled, “Identification Theft – IRS Must Strengthen Taxpayer Authentication Efforts”. As famous within the report, “In Might 2015, [the] IRS quickly suspended its Get Transcript service after fraudsters used private data obtained from sources exterior IRS to pose as respectable taxpayers and entry tax return data from as much as 724,000 accounts.” This breach is highlighted by GAO together with the 2015 Workplace of Personnel Administration (OPM) breach that affected over 22 million present and former workers and contractors in addition to the 2018 Equifax breach that affected 145 million Individuals.

GAO additionally highlighted that the IRS estimates there have been makes an attempt to steal not less than $12.2 billion via identification theft (IDT) tax refund fraud in 2016. Nonetheless, it estimates that it prevented the theft of not less than $10.5 billion of that quantity. That signifies that not less than $1.6 billion was paid out to fraudsters. I’ll repeat, $1.6 billion in taxpayer {dollars} paid to criminals.

The sheer quantity of PII accessible to fraudsters warrants different approaches to the frequent practices of verifying identities on-line. Information-based verification (KBV) usually challenges on-line customers with questions from their credit score report that solely they need to know. As we speak, there’s a sturdy probability that fraudsters know that data, too.

Challenges in verifying identities securely usually are not restricted to the IRS. The truth is most federal businesses shouldn’t have excessive confidence within the individuals interfacing with them on-line. This garnered the eye of Congress and tasked GAO to look at on-line identification verification processes deployed at six federal businesses that routinely interface with residents on-line, together with the Facilities for Medicare and Medicaid Providers (CMS), Basic Providers Administration (GSA), IRS, SSA, USPS and the Division of Veterans Affairs (VA).

Some businesses not transferring off knowledge-based verification

In Might 2019, GAO launched “Knowledge Safety – Federal Businesses Have to Strengthen On-line Identification Verification Processes.” The excellent news is that some, together with the IRS, now not completely depend on KBV, whereas surprisingly, others together with CMS haven’t any plans to maneuver on. GAO reported that, “A number of officers cited causes for not adopting different strategies, together with excessive prices and implementation challenges for sure segments of the general public. For instance, cell system verification might not all the time be viable as a result of not all candidates possess cell units that can be utilized to confirm their identities. Nonetheless, till these businesses take steps to remove their use of knowledge-based verification, the people they serve will stay at elevated threat of identification fraud.”