Taxpayer First Act: Enhancing identification verification and modernizing the IRS

Lowering prices and effectively serving clients on-line is an goal of most organizations. That is additionally true for many federal businesses, however because the first web site was created, federal businesses have confronted the fixed problem of verifying the identities of their on-line customers. Giant-scale breaches have put residents’ personally identifiable data (PII) up on the market on the darkish net, rising the challenges of identification verification. How are you going to be sure who’s accessing a web site and transacting enterprise?

Id verification and the GAO studies

In June 2018, the Authorities Accountability Workplace (GAO) printed a report entitled, “Id Theft – IRS Must Strengthen Taxpayer Authentication Efforts”. As famous within the report, “In Could 2015, [the] IRS briefly suspended its Get Transcript service after fraudsters used private data obtained from sources exterior IRS to pose as respectable taxpayers and entry tax return data from as much as 724,000 accounts.” This breach is highlighted by GAO together with the 2015 Workplace of Personnel Administration (OPM) breach that affected over 22 million present and former staff and contractors in addition to the 2018 Equifax breach that affected 145 million Individuals.

GAO additionally highlighted that the IRS estimates there have been makes an attempt to steal a minimum of $12.2 billion by way of identification theft (IDT) tax refund fraud in 2016. Nonetheless, it estimates that it prevented the theft of a minimum of $10.5 billion of that quantity. That signifies that a minimum of $1.6 billion was paid out to fraudsters. I’ll repeat, $1.6 billion in taxpayer {dollars} paid to criminals.

The sheer quantity of PII out there to fraudsters warrants various approaches to the frequent practices of verifying identities on-line. Data-based verification (KBV) sometimes challenges on-line customers with questions from their credit score report that solely they need to know. Right now, there’s a robust probability that fraudsters know that data, too.

Challenges in verifying identities securely aren’t restricted to the IRS. The truth is most federal businesses don’t have excessive confidence within the individuals interfacing with them on-line. This garnered the eye of Congress and tasked GAO to look at on-line identification verification processes deployed at six federal businesses that routinely interface with residents on-line, together with the Facilities for Medicare and Medicaid Providers (CMS), Common Providers Administration (GSA), IRS, SSA, USPS and the Division of Veterans Affairs (VA).

Some businesses not shifting off knowledge-based verification

In Could 2019, GAO launched “Knowledge Safety – Federal Companies Have to Strengthen On-line Id Verification Processes.” The excellent news is that some, together with the IRS, not solely depend on KBV, whereas surprisingly, others together with CMS don’t have any plans to maneuver on. GAO reported that, “A number of officers cited causes for not adopting various strategies, together with excessive prices and implementation challenges for sure segments of the general public. For instance, cell machine verification could not all the time be viable as a result of not all candidates possess cell units that can be utilized to confirm their identities. Nonetheless, till these businesses take steps to remove their use of knowledge-based verification, the people they serve will stay at elevated threat of identification fraud.”