As the IRS enters another tax filing season with the prospect of further budget and workforce shortfalls, the agency is looking toward interagency threat sharing solutions to reduce the government’s payout of tax returns to fraudsters.
By sharing fraud prevention best practices, federal agencies can stay one step ahead of cybercriminals who continue to find new ways to use illegally obtained data to file fraudulent tax returns with the IRS.
Doing more with less is also important due to incremental decreases in the IRS’ budget and workforce. Meanwhile, Tom Brandt, the IRS’ chief risk officer, said the agency receives more than a million “pings” each day that warn of attempted cyber intrusions.
“When we’re dealing with reduced resources at the IRS, we’ve had to do a lot in terms of looking at where are there other stakeholders who we can partner with, who we can help leverage the resources and, I think, the information that they have,” Brandt told Federal News Radio Wednesday at the Association of Government Accountants’ annual financial systems summit.
In partnering with state tax authorities, financial institutions and tax preparers, Brandt said the IRS has been able to take that threat sharing information and use it to update filters, some other methods of detecting and preventing fraud activity.
But staying one step ahead of cybercriminals can be challenging, especially when they leverage personal information from other agencies to file fraudulent tax returns. Last March, the Education Department shut down its data retrieval tool on FAFSA.gov after hackers used it to obtain sensitive financial information on as many as 100,000 people who applied for student loans, then used that data to file tax returns.
Since that time, Brandt said the IRS has worked with the Education Department to shore up its cyber defenses.
“We worked very closely with them to shut that down, and to fix the problem, and then to bring that up in a much more secure way,” he said. “But I think it just then adds to us continuing to look at where is tax information shared and used across the full landscape, and then how do we ensure that it’s not being misused by criminals.”
Through its partnerships with federal agencies, the IRS has used data from the Federal Bureau of Prisons to prevent fraudsters from filing tax returns using inmates’ names and financial information.
As the IRS ramps up for the start of the 2018 tax season on Jan. 29, Brandt said the agency will soon hold an internal risk roundtable to discuss new trends in fraud cases.
“Doing something like that is an opportunity to bring together all of those elements within your organization that are actually working to address fraud, and look at where there are some lessons-learned shared opportunities,” Brandt said. “The benefit that we get from the roundtable is we’re able to do some case studies and look at events that either happened at IRS, happened in other agencies, or in some cases, happened in other tax administrations. And then sort of unwind that and figure out, well how did that happen? Does that point to vulnerabilities that could be occurring somewhere else? Or how can we learn from that, and what do we need to change to prevent that from being able to happen at the IRS?”
While the Treasury Department has long played a role in preventing improper payments with its Do Not Pay List, it’s also flexing its data analytics resources to help other agencies detect and prevent fraud.
“Our analytics service is really about trying to develop program-specific solutions for an improper payment challenge that has been a little bit vexing, or maybe an agency has been struggling to figure out, ‘What is that data-centric internal control that I could build into my existing technology infrastructure that would help me to detect a high-risk payment before I detect it,'” Joan Iannotta, the department’s senior adviser for data analytics, said at an AGA panel Wednesday.
While some federal employees have viewed automation as a potential threat to their jobs, Brandt said automation technology can free up IRS workers to fulfill mission-critical work.
“I don’t know that it’s so much a concern about replacing employees with technology, but we’re losing so many employees and don’t have the ability to rehire that the technology can actually give us the ability to do work that otherwise we would, I think, be challenged to complete,” he said. “I think that’s a challenge that we’re clearly faced with at the IRS — the loss of so many employees. And when a system is replaced, we’ve got fewer people, fewer programmers to actually help us put in place those additional checks and controls.”