Watchdog pushes IRS to improve taxpayer authentication
The IRS needs to improve its processes and procedures for authenticating taxpayers’ identities, the Treasury Inspector General for Tax Administration (TIGTA) said in a report published Tuesday.
“It is critical that the methods the IRS uses to authenticate individuals’ identities ensure that tax information and services are provided only to individuals who are entitled to receive them,” Treasury Inspector General J. Russell George said in a news release.
{mosads}“The unauthorized disclosure of tax information can enable identity thieves to prepare identity theft tax returns that more accurately reflect a valid return, increasing the risk that fraudulent returns will not be detected by the IRS.”
Taxpayers want online services that allow them to interact with the IRS, and the agency has a goal of providing taxpayers with access to online accounts that allow them to see recent payments, make minor changes to their accounts in real-time and communicate digitally with the IRS, according to the report.
But there have been a growing number of data breaches in the public and private sectors, and the information obtained in those hacks is often detailed enough to allow authentication processes to be circumvented.
The level of authentication the IRS uses is inconsistent across services. While the IRS has established two groups focused on taxpayer authentication, “neither of these groups provides for cross-functional management, oversight, and continued evaluation of the IRS’s existing authentication processes to ensure that they address current and future needs,” TIGTA said in the report.
Also, the authentication methods used for current online services don’t comply with government information security standards, TIGTA said.
TIGTA recommended that the IRS Deputy Commissioner for Services and Enforcement develop an agency-wide strategy that “establishes consistent oversight of all authentication needs across IRS functions and programs, ensure that the level of authentication risk for all current and future online applications accurately reflects the risk, and ensure that the authentication processes meet Government Information Security Standards.”
The IRS has agreed to implement the recommendations, according to the report.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Log Reg
