WASHINGTON, D.C. – Today, House Ways and Means Oversight Subcommittee Chairman Lynn Jenkins (R-KS) announced that the Oversight Subcommittee will hold a hearing entitled “IRS Taxpayer Authentication: Strengthening Security While Ensuring Access,” on Wednesday, September 26th, at 10:45 A.M. in 2020 Rayburn House Office Building. This hearing will focus on how the IRS authenticates taxpayers using online tools and applications, as well as how the agency addresses weaknesses in its authentication process.
Upon announcing this hearing, Chairman Jenkins released the following statement:
“IRS online tools and applications have made it more convenient for taxpayers to make direct payments to the IRS and to access their return information. As the IRS offers more and more services online, the protection of taxpayer information remains a top concern.
“Unfortunately, the IRS’s lack of a comprehensive authentication strategy and limited online authentication have contributed to the unnecessary disclosure of taxpayer information and the filing of fraudulent tax returns. Without addressing these concerns, the IRS will not be able to guarantee the protection of high-risk taxpayer information. I look forward to hearing from our witnesses about ways the IRS can improve online authentication and better serve taxpayers.”
BACKGROUND: IRS online tools and applications provide various types of services to taxpayers, such as allowing taxpayers to make electronic payments directly to the IRS, retrieve prior year tax return information, and check on the status of their tax refund.
These online tools and applications that the IRS offers should ask taxpayers to provide the agency with a reasonable assurance that it is interacting with the correct taxpayer through a process known as “authentication.” Authentication includes establishing – before allowing access to an online application – that individuals are actually who they say they are by requiring the use of username and password, a unique code that could be sent to the taxpayer’s cellphone or email address, or another type of unique identifier.
However, IRS online tools and applications have been subject to a number of breaches and cyberattacks, leading to unauthorized access to millions of taxpayer accounts and hundreds of millions of dollars in fraudulent tax refunds.
The Government Accountability Office and the Treasury Inspector General for Tax Administration have identified a number of areas where the IRS can improve authentication of taxpayers attempting to access online tools and applications. The IRS has taken the following steps to improve taxpayer authentication: establishing an office dedicated to authentication; working with state, local, and private sector stakeholders; and reassessing the risk level of its online tools and applications.