The IRS Might Just Have Your Number…

Posted on November 7th, 2014 by Dan Rampe

IRS

…But Won’t Give It to You. Internal Revenue Service Not Providing PINs to All Taxpayers Who’ve Been ID Theft Victims.

The Treasury Inspector General for Tax Administration (TIGTA) issued a report saying the IRS is not providing personal identity numbers to all eligible taxpayers who have been victims of tax-related identity theft.

First issued in 2011, the Identity Protection Personal Identification Numbers (IP PINs) allowed the IRS to quickly process returns to prevent the misuse of taxpayers’ Social Security Numbers on fraudulent tax returns. While the program has been expanded, the IRS has still not provided enough PINs to meet the demand. In his article on accountingtoday.com, Michael Cohn reports on the TIGTA report and details how and whether the IRS will make changes to ensure all taxpayers are covered. The following has been excerpted from Cohn’s piece and edited to fit our format. You may find his complete article by clicking on this link.

Hundreds of thousands of taxpayers out of luck

[The] IRS did not provide an IP PIN to 532,637 taxpayers who had an identity theft indicator on their tax account indicating that the IRS resolved their case. The IRS also did not provide an IP PIN to 24,628 taxpayers who were potential victims because their personally identifiable information had been lost, breached or stolen by or from the IRS. In addition, IRS programming errors resulted in 32,274 taxpayers not receiving an IP PIN on a timely basis and the issuance of 13,220 IP PIN notices to deceased taxpayers.

How’s this supposed to work?

TIGTA also found that the IP PIN notices issued to 759,446 taxpayers for processing year 2013 did not provide taxpayers adequate instructions on the use of the number and its importance on a tax return.

The program continues to expand

TIGTA found that the IRS issued 1.2 million IP PINs to taxpayers to use in filing tax returns in 2014, up from 770,000 in 2013. In addition, taxpayers who used their IP PIN to file their tax returns claiming a refund in processing year 2013 had their returns processed in a time frame similar to the general population of return filers claiming a refund.

TIGTA recommendations

[TIGTA recommended that the] IRS should…revise its IP PIN issuance criteria to make eligible those taxpayers who have had their Personally Identifiable Information lost, breached, disclosed, or stolen and have authenticated themselves…. The report also recommended that the IRS ensure that the finalized IP PIN criteria are provided to the Applications Development function before each filing season; ensure that IP PIN criteria are accurately programmed; and revise the IP PIN issuance notice to explain the effect on processing a recipient’s tax return and refund when the number is not included on the filed tax return.

Are concerns adequately addressed?

The IRS indicated that individuals whose personally identifiable information was compromised are eligible to receive an IP PIN. However, the IRS’s Web site for its online IP PIN application still has not been updated to inform these individuals of this option….

Less than one percent victimized a second time

“The use of the IP PIN by taxpayers has been a major success, and as is noted in the audit report, protects taxpayers from being victims of identity theft while allowing their tax return to be processed in a time period similar to returns submitted without an IP PIN,” wrote Debra Holland, commissioner of the IRS’s Wage and Investment Division, in response to the report. “Our records indicate that less than one percent of taxpayers issued an IP PIN are a victim of identity theft again.”

Strict parameters for issuing PINs

The pin number is part of a larger strategic effort by the IRS to combat identity theft impacting the tax administration. [The IRS applies] a strict set of parameters to accounts that are determined eligible for a pin number, resulting in an extremely low recurrence of identity theft. For the 2013 filing season, [the IRS] enhanced…programming to increase efficiency and expanded the pin program to more than 770,000 taxpayers. For the 2014 filing season, [it] issued over 1.2 million pin numbers.

Why 530,000 taxpayers were not “PINned”

[The IRS said the] 530,000 taxpayers [who] did not receive IP PINS… were taxpayers identified by the IRS as having potentially suspicious activity on their accounts, rather than taxpayers [who] self-reported to the IRS….The IRS recognized these accounts as possibly being victimized and notified the taxpayers of [its] concerns.

However, [the agency] set very strict parameters to…accounts before an IP PIN [could be] issued in order to protect the integrity of the system. In this coming year, taxpayers identified by the IRS as having possible suspicious activity on their accounts will receive a letter inviting them to take part in [the] IP PIN program through an e-authentication process on [the IRS] website.

Pilot program notifying taxpayers

Beginning in January 2014, the IRS began a pilot program that allowed some taxpayers to voluntarily receive a pin number via an online application. Next year, [the agency plans] on mailing notices to let taxpayers know that they may be eligible for a pin number.

The IRS also pointed to the impact of budget cuts on its ability to help taxpayers with these problems….Since 2010, the IRS budget has been reduced nearly $850 million. At the same time, [the IRS has] 13,000 fewer employees today than [it] did in 2010.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

ThreatMetrix Tax Tips to Avoid Losing Your Identity and Uncle Sam’s Taxes to the Cyberthieves Who Stole Close to $4 Billion Last Year.

Posted on March 10th, 2014 by Dan Rampe

IRS

More than 125 million tax returns were filed online last year, almost double the year before. How would you guess 93 percent of the fraudulent returns were filed? Online. And yes, that was a rhetorical question.

“The technology surrounding tax returns has advanced to provide a quicker and easier filing process for taxpayers, but such technology can offer additional opportunities for cybercriminals to steal identities,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “However, the risks associated with tax e-filing can be mitigated through comprehensive cybersecurity strategies. Specifically, businesses and government agencies must implement anonymized sharing of trusted identity intelligence without compromising personal identities and privacy.”

Cybercriminals have come up with any number of strategies for ripping off the taxpayer and the tax system including:

• Filing Fraudulent Returns – Cybercriminals file fraudulent tax returns for children, adults who don’t earn enough to require returns and even dead people. A 2013 report by the Treasury Inspector General found the Internal Revenue Service (IRS) gave away nearly $4 billion in fraudulent tax refunds the previous year. Many consumers filing tax returns find out that someone else illegally filed a return in their name. Cybercriminals often get returns on pre-paid cards which are then turned into cash. Legitimate taxpayers are left holding the bag. They’re the ones who are forced to deal with IRS, re-file correct returns and make sure their data and identity are being used for other frauds.

• Stealing Identities – After legitimate users file their returns online, cybercriminals can sometimes hack the system and steal the personal information found in a return including names, bank accounts and social security numbers. In the first half of 2013 alone, 1.6 million taxpayers were affected by identity theft.

• Using Social Networks to Steal Personal Information – Now cybercriminals are turning to social networks to identify potential targets and collect the type of information they need to complete returns. What they look for includes the user’s number of children, marital status and employer. That way the crooks can claim the correct number of dependents and estimate a believable annual salary.

The launch of a new IRS mobile app this year poses additional risks for tax return fraud. The app provides information on a user’s refund status and tax records, as well as a portal that allows taxpayers to download their returns since 2009. Despite the convenience factor for consumers, these tools make it easier for cybercriminals to illegally obtain more personally identifiable information than was previously available.

“It’s essential for consumers to use caution when filing returns online and avoid publicly sharing personally identifiable information, but it’s up to governmental agencies and private industries to collaborate on sharing data that can be used to prevent cybercrime,” said Faulkner. “Private industries have begun to adopt more sophisticated screening procedures, and government agencies such as the IRS need to follow suit with a layered approach including advanced fraud prevention and context-based security to effectively prevent cybercrime associated with online tax returns.”

In February 2013, President Obama signed an Executive Order on Improving Critical Infrastructure Cybersecurity, which mandated an update of the current cybersecurity framework. In February 2014, the National Institute of Standards and Technology updated the framework with voluntary guidelines for the government and private sector to address and manage cybersecurity risks, such as the increased risks of tax e-filing. A key takeaway is the need for a collective and orchestrated response to threats facing the nation’s infrastructure and mission-critical applications.

To make electronic filing safer, ThreatMetrix urges the government and private industry share relevant anonymized intelligence in real time via a shared network — without compromising taxpayer privacy. This combined intelligence effort can dramatically reduce the amount of tax revenue lost to fraud and identity theft this tax season.

For more information and an infographic about the above information, visit http://www.threatmetrix.com/resource-center/infographics/tax-season-leads-to-a-4-billion-payday-for-cybercriminals/

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.