Hoping to build on this year’s progress on reducing tax fraud, the Internal Revenue Service is standing up an Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC).
The ISAC is set to launch in 2017, and while it won’t be fully implemented for the upcoming filing season, IRS Commissioner John Koskinen says once it’s fully operational it will be a “significant step forward” to being able to collect and analyze information for the IRS’ Security Summit partners.
“We’ve come to a general conclusion and agreement across the board that it’s important for us all to use ISAC to the extent we can,” Koskinen told reporters during a Nov. 3 media briefing. “To see how effective we can be in not only collecting data, but analyzing it and sharing the information back out. So a key part of that is everyone’s agreement that participants in the ISAC will provide data in, as well as receive data out, so that it will be a total sharing environment.”
Security Summit partners can use the analysis center’s early warning system to flag anything suspicious early on and share that information with other members so they can put up their own defenses.
“This effort will provide all Summit partners with a threat assessment capability, early warnings about problems and insights about identity theft fraud schemes through nimble and agile information sharing,” the agency said in a prepared statement.
The ISAC is part of the overarching “trusted customer” focus for the agency next year.
“We’ve made remarkable progress this year in our efforts to protect taxpayers following the unprecedented coordination with the states, the tax industry and the financial sector,” Koskinen said. “Working together, this coalition has expanded its activities in many different areas, and we are focused on strengthening our systems and processes even more for the upcoming tax season.”
‘Far from over’
During the briefing, Koskinen shared that the agency had more than halved the number of new reports of identity theft, from 512,278 in 2015, to 237,750 in the first nine months of this year.
The IRS also reported a roughly 50 percent cut in the number of fraudulent tax returns that made it into the agency’s processing system, helping to save more than $4 billion.
“While these numbers highlight the critical difference the Security Summit Group is making, the battle against stolen identity refund fraud is far from over,” Koskinen said.
Koskinen organized and convened the agency’s Security Summit for the first time in March 2015. It’s made up of federal and state tax administrators, as well as industry leaders. It has seven working committees.
Alabama Revenue Commissioner Julie Magee said the summit is voluntary, but those states that don’t participate are inviting criminals to take advantage of themselves.
“You can’t afford not to be involved,” Koskinen said, adding that out of the 44 states with an income tax, 40 had already signed a memorandum of agreement to follow the Security Summit’s standards, while the other four were participating with the summit in some way.
Another tool in the box
The ISAC isn’t the only effort IRS is implementing for the next year and upcoming filing season.
IRS officials say they are expanding the W-2 form verification code initiative from 2 million forms to 50 million forms, and they expect to continue that expansion in future years for all W-2 forms.
Ken Corbin, director for the IRS Return Integrity and Compliance Services, said the taxpayer experience won’t be any different when filling out a return, they just need to input the authentication code when they are prompted to do so by the filing software.
“It’s really another tool in our arsenal to help us validate that the W-2 is authentic and it’s another way to help us raise that level of confidence that it is the taxpayer filing that return,” Corbin said.
New data elements are also being introduced for 2017.
A data element is a piece of digital information from a tax return, IRS officials explained, like reviewing the time it takes to complete a return to detect the presence of computer mechanized fraud.
Corbin said more than 50 data elements are used for individual tax returns, to ensure bad returns are collected while good returns are let through.
“Some of the data elements of course give us more concrete information, meaning that when we look at those we have a high level of confidence that those elements are probably part of a compromised return,” Corbin said.
Protections and limitations
While Koskinen said the agency and Summit Group have made “remarkable progress ” in the past year, he admitted that there was not only more work to be done, but Congress also gets a chance to weigh in on IRS plans.
Funding for IRS has dropped by more than $1 billion over the past six years. Last year, the IRS received an additional $290 million, but the House Financial Services and General Government Appropriations Bill would cut the IRS budget by $236 million next fiscal year.
The IRS requested $12.3 billion for fiscal 2017, which is about $1 billion more than it received last year.
Koskinen acknowledged the benefit of the additional $290 million given to the agency last year, but admitted funding is a constraint that limits “to some extent what we can do.”
“The security of our returns, the upcoming filing season, is our highest priority,” Koskinen said. “So we have done everything we can to make sure our cybersecurity protections don’t suffer, and that we do whatever we can to protect the data of taxpayers and to protect taxpayers. But it causes us significant constraint in terms of our overall operations, and there are some limitations as to what we’re able to do with the funding. We’re still $900 million below where we were six years ago.”
Assistant Attorney General Leslie R. Caldwell of the Criminal Division/AP
Treasury, DOJ, DHS joining forces to fight phone scams