Security Summit: IRS Commissioner John Koskinen
Press Remarks: Security Summit
June 11, 2015
Thank you for joining us today. As recent events have underscored, the need to protect tax return information and our data systems has never been more important. Any organization in the public or private sectors with IT systems and sensitive data faces a battle that seems to grow every day.
The nation’s tax system is no different.
That’s why the work of the group gathered here today is so critical. The tax system faces an unprecedented challenge, but the tax industry, the states and the IRS have responded with a remarkable collaborative effort that holds short term and long term promise to improve the protection of the nation’s taxpayers.
Today, we’re announcing important new initiatives to combat stolen identity refund fraud. These efforts will provide stronger protections for the nation’s taxpayers and for the nation’s tax system. This will help us jointly confront increasingly sophisticated and well-organized attempts to gain taxpayers’ personal information for criminal purposes.
I’ve been in both government and the private sector a long time, and I’ve seen numerous initiatives and efforts take place. Just 12 weeks ago, we convened the Security Summit group to look at new ways to battle stolen identity refund fraud. I am pleased to say that the work this group has accomplished in the last 12 weeks is remarkable for a public-private partnership.
The steps we’ve agreed to take together represent a new era of cooperation and collaboration between the IRS and our partners in the electronic tax industry, the software industry and the states. I’m delighted to have partners from these groups with me today. And you’ll hear from them in a few moments.
Let me get to the bottom line. The critical thing for taxpayers to know is that new protections will be in place by the time they have to file their taxes in 2016. Each of us will be making substantive changes through the summer and fall to be ready for the next tax season. The threat from fraudsters and criminals is complex and evolving, but our combined efforts here will better prepare all of us for the 2016 tax season and beyond.
For example, we’re asking every company that helps taxpayers file returns to provide us information that will add layers of security and step up their pre-refund authentication practices.
We’re also making clear that companies need to let the IRS know if they detect any suspicious activity or refund fraud patterns in their processes.
This means that the federal government, states and industry will stop more fraud related to identity theft up front. We will catch more fraud in the IRS security filters during tax processing.
And for those fraudulent returns that do get through, we will have better post-filing analytics to determine ways to adjust our security filters. And it means better ways to track down the criminals and add to the more than 2,000 people already serving jail time for tax-related identity theft.
I want to applaud the electronic tax industry, the software industry and the states for stepping forward and agreeing to make these and many other changes. These changes aren’t easy and much more work remains. But it’s already clear that these changes will be good for taxpayers, for tax administration, and for the entire tax community.
We started this effort with our partners because we all understood that no single organization can go it alone. None of us has a silver bullet to defeat this enemy. So in March we met to discuss emerging threats of refund fraud and how we could build on what we were already doing on a cooperative basis.
At that time, we set up three specialized working groups to look at different areas where we could improve our efforts on refund fraud. Each group was led jointly by representatives from the IRS, the states and the private sector. They have continued to meet since then, and today we’re outlining the results of their work.
I want to express my deep appreciation to all of the working group members for everything they’ve done to help identify what we need to do collaboratively going forward.
The working groups accomplished several things. The first was finding stronger ways to authenticate taxpayers when they file their returns. We identified numerous new data elements that can be shared at the time a tax return is filed to detect stolen identity refund fraud. This work is of the utmost importance as we seek to establish stronger authentication measures while maintaining taxpayer rights. Some issues we will focus on include:
- Reviewing the transmission of the return, including the improper and or repetitive use of Internet Protocol numbers, the Internet ‘address’ from which the return is originating.
- Reviewing computer device identification data tied to the return’s origin.
- Reviewing the time it takes to complete a return, so computer mechanized fraud can be detected.
- Capturing meta-data in the computer transaction that will allow review for fraud.
This data will give us a stronger line of sight than ever before at the front end of the process – and we believe this will help catch more bad returns immediately.
Next, we will improve information sharing between the public and private sectors on what works and what doesn’t against refund fraud . The expansion of sharing informational leads means that, for the first time, everyone in the software industry will share aggregated details about their filings to help us all identify fraud. This is key to making sure there is a level playing field and that every organization can approach refund fraud from the same perspective. There will no longer be safe locations in the private sector where fraudsters can avoid increased analytical review.
The working groups will continue meeting and working together going forward. We are looking at establishing a formalized Refund Fraud Information Sharing and Assessment Center to more aggressively share information between our organizations – to help identify, stop, deter and pursue identity thieves.
We agreed to have everyone align under the National Institute of Standards and Technology, or NIST, cybersecurity framework.
And we agreed to work on increasing public awareness of what everyone should do to protect their personal information and keep it away from identity thieves.
Everyone needs to understand that our collaborative efforts won’t end with the actions we’re taking to get ready for the upcoming filing season. The IRS and its partners will continue to work together to address longer-term issues facing the tax community and taxpayers in the efforts to combat stolen identity refund fraud. We want to ensure that we make lasting changes. These changes are being built into the DNA of the entire tax system.
That point is very important because we have come to realize we are now dealing with a much more sophisticated enemy than in the past. It’s clear that criminals have been able to gather increasing amounts of personal data as the result of ongoing data breaches at various sources outside the tax system. That means protecting taxpayers is a bigger challenge than ever before.
While we have stopped many individuals from participating in these crimes, we find that the type of criminal we are dealing with has changed. This problem has become something more than just random individuals stealing personal information, with each one filing a few dozen or maybe a few hundred false tax returns at a time. We are dealing more and more with organized crime syndicates here and around the world.
Nothing illustrates this point better than the recent unauthorized attempts to access taxpayer information through our Get Transcript application, which we discovered last month. There, the criminals had already accumulated significant, stolen information about taxpayers from other sources which allowed them, in some cases, to access previous individual tax return information.
In the battle against refund fraud, we observed another thing as the Summit Security groups worked. This partnership can make immediate progress, but the IRS, the industry and the states cannot solve this problem alone. We need help. Congress has an important role to play.
Adequate funding to the IRS is critical.
But just as importantly, Congress can help in the fight against refund fraud and identity theft by passing several legislative proposals. One of the most important of these would accelerate the due dates of third-party information returns, such as W-2s. This would allow us to match these documents against income tax returns earlier in the tax filing process — and help us more quickly spot errors and potential fraud.
During my hearings last week before the Senate Finance Committee and the Homeland Security and Governmental Affairs Committee, we had a good discussion on these issues. And I want to thank Chairman Hatch, Sen. Wyden, Chairman Johnson and Sen. Carper for their help and commitment to look for improvements in these areas.
Before I turn it over to our partners, I want to again thank everyone who has participated in this effort. We face a common enemy, and we share a common goal: to safeguard taxpayers and their personal data. No priority is higher for the IRS than making sure that our systems are secure, and we will continue doing everything we can in this process to protect taxpayers and their information.
With that, I will ask David Sullivan, president of the Federation of Tax Administrators and Tax Administrator of Rhode Island to make a few comments, and then to our other partners.