IRS to step up its cyber, fraud detection game after recent successes

The additional layers of security the Internal Revenue Service added to some of its applications last year made a real difference during the 2016 filing season, the agency said, and it plans to install more next year.

The IRS is taking the lessons it learned from state revenue offices and industry tax organizations under the Security Summit to implement a series of new authentication measures and information sharing practices for the 2017 filing season.

“The IRS and the states, with the help of the tax industry, are stopping more suspicious tax returns at the door and we’re preventing more fraudulent returns from being issued,” Commissioner John Koskinen told summit members and reporters during a press conference in Washington June 28. “The Security Summit effort is making a real difference.”

Read the latest on Donald Trump's first 100 days in office.

In the first half of 2016, the IRS is getting 40 percent fewer reports of identity theft compared to the first half of 2015, Koskinen said.

Advertisement

The IRS is sharing and collecting more information and data from state, local and industry partners now, which means it can identify fraud more quickly, the agency said.

It’s also stopped identity thieves from claiming more fraudulent refunds during the first four months of 2016 — $1.1 billion in fake refunds on more than 171,000 returns, compared to $754 million for 141,000 returns during the same time in 2015.

And banks and financial institutions are returning 66 percent fewer suspicious refunds to the IRS so far this year.

Koskinen organized the agency’s Security Summit for the first time in March 2015. Agency leaders, state revenue department officials and industry CEOs met again this month to review the progress they’ve made over the past year and finalize their priorities for the following one.

The IRS will add verification codes to 50 million W-2 forms in 2017 expanding the pilot it began this year with 2 million forms. The agency said it saw some success with the initial program, which equipped taxpayers and preparers with a 16-digit code when prompted by their tax filing software.

The agency serves as facilitator for more than 20 industry tax organizations and 34 states, who collect information on identity theft and share it with the IRS. Collectively, the group shared 20 different data elements with each other during the past filing season. They will add more elements next year, which the IRS said will help it to better detect identity theft and fraud.

The Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC), which will also launch next year, is at the center of the IRS’ information sharing efforts.

Koskinen said his agency has learned from the challenges it recently experienced with Get Transcript, and he acknowledged that whatever system or piece of software it designs today won’t answer all of its problems in the future.

The IRS recently relaunched Get Transcript, the online service that gave the public electronic access to their tax returns from previous years, a year after the agency first disclosed a major breach to IRS systems. IRS added a new multi-factor authentication framework earlier this month.

Now, the agency is trying to more often predict where it thinks the cyber threat will go next, rather than react to the latest development or crisis as it happens, Koskinen said.

With that mindset, the IRS will begin to work with tax preparers more closely to improve their own security measures and practices.

“We think as our experience started last year, that a logical next place for criminals to go is if our databases and the state databases get more secure and difficult to get into, they’ll logically move out to preparers,” Koskinen said. “We’re hoping to get ahead of that game to some extent.”

Neverending budget constraints

The IRS received more funding this year than it did in the past, but it’s unclear whether that will continue as a trend into fiscal 2017.

The House Financial Services and General Government Appropriations Bill would cut the IRS budget by $236 million next fiscal year, which Koskinen said would essentially undo the progress his agency made this year when it received an additional $290 million.

IRS funding under the Senate appropriations bill would essentially remain flat.

“In either case, we will be constrained in what we’re able to do in all of the areas,” he said of the two appropriations proposals. “We … have to balance the needs for enforcement, taxpayer services, development of information technology and cybersecurity, and our general operations. It has been clear that after five years of budget cuts, while the increase last year has been very helpful, we are still a long way away.”

Funding for IRS has dropped by more than $1 billion over the past six years, but the agency’s responsibilities have increased, Koskinen said. For example, IRS spent about $480 million last year to comply with unfunded congressional mandates, he said.

The agency received its first bump in funding for the first time in several years in 2016.

“Our hope is that as we’ve demonstrated to the Congress the great utility of the additional funding we got this year, that that will serve as a basis for an additional increase next year, which would be devoted  to cybersecurity, identity theft and taxpayer service,” Koskinen said.

IRS used part of the $290 million to hire more taxpayer service representatives for the recent tax filing season. But now that the money has dried up, Koskinen said customer service is once again “unacceptable.”