With the 2016 tax season officially open, taxpayers are just beginning to think about getting their finances organized in time for the April 18 filing deadline. But at the same time, identity thieves are likely plotting ways to game the system by filing fraudulent returns.
Phony tax returns have been a problem for the Internal Revenue Service for years. In the 2013 tax year alone, the agency estimates that it issued $5.8 billion in fraudulent tax refunds, according to the Government Accountability Office. One estimate from the Treasury Inspector General for Tax Administration issued in 2012 found that the IRS could issue $21 billion in potentially fraudulent tax returns due to identity theft over the following five years. And recent high-profile cybersecurity incidents, such as those that targeted the IRS and health insurance firm Anthem, have kept taxpayers on edge.
That’s why the IRS, state revenue agencies and tax preparation services have banded together in recent months to figure out new ways to fight off fraudsters. New standards mean that companies like H&R Block and Intuit, which owns TurboTax, will share more and new types of data with the government to fight fraud. Tax filing companies will, for instance, show the IRS how many returns are being filed from a single IP address, which could help catch criminals filing multiple returns from the same location.
“A lot of this information sharing is about trying to identify and rule out returns that are suspicious from the very beginning,” says Mark Ciaramitaro, vice president of products and services at H&R Block.
Tax filing companies are also adding or improving security features this year. Passwords will require more complex combinations of characters. Users will get locked out after exceeding a certain number of failed login attempts. And two-factor authentication should help cut down on security breaches.
Not all of these features are brand new to tax prep software. But some companies are changing how they work. Intuit, for instance, said in November that TurboTax now gives users the option to turn on two-factor authentication every time they log in to the service. Intuit Vice President of Communications Julie Miller adds that TurboTax has improved its verification process concerning users who get locked out of their accounts, but didn’t offer specific details on the changes. Hackers often use knowledge of their victim’s personal life to trick companies into giving them a target’s login information by answering security questions over the phone.
Miller added that TurboTax and other tax software will now be more aggressive about notifying users when changes are made to their accounts and for other reasons. TurboTax, for instance, will tell users when more than one return is linked to the same Social Security Number, a red flag for fraud.
“[There’s] so much more focus on notifying customers,” says Miller.
H&R Block’s Ciaramitaro, meanwhile, says users won’t notice many consumer-facing changes to its software this year. But he says the company will be sending more and new kinds of data to the government than it has in the past. Still, even he admits all tax preparation companies face a daunting challenge in dealing with identity theft. He believes the problem is an outdated system that identity thieves have learned to easily outwit.
“The IRS system was built on the assumption that a social security number was a private piece of information,” he says. “It didn’t anticipate that identity theft criminals would be able to access social security numbers from a host of places.”