Though the Internal Revenue Service has made strides in cracking down on tax fraud and identity theft, enacting several extra defenses it said would be “invisible” to the taxpayer, the agency has had a recent security setback. On March 7, the IRS announced the temporary suspension of the Identity Protect PIN tool, citing a need to further review and strengthen its features.
Why the tool became a security risk
Intended to be part of the agency’s ongoing security efforts, the IRS IP PIN gave certain taxpayers the option to sign up for a unique 6-digit number that would help the agency prevent fraudulent federal income tax returns. The eligible participants for the program were former victims of identity theft helped by the IRS, taxpayers in Florida, Georgia and the District of Columbia, or taxpayers who received a letter invitation from the agency.
As another layer of identity verification, the PIN tool was designed to bolster the agency’s security measures. Tax returns using incorrect PINs or missing one altogether would either be rejected by the electronic filing system or, if sent in paper form, delayed by the IRS until it could verify legitimacy.
However useful the idea seems, the tool has faced other obstacles. The IRS reported sending out 2.7 million IP PINs by mail, but some of these letters were mistakenly dated in 2015, not 2016. Five percent (or approximately 130,000) of these PIN recipients had to use the online “lost or forgotten” PIN tool, which prompted them to answer certain personal questions.
While the IRS hasn’t provided a specific reason for putting a hold on IP PINs, writers from the Wall Street Journal and Forbes magazine believe that it’s due to thieves attempting to misuse the lost/forgotten PIN retrieval tool. The only clue backing these speculations is that, in its official statement on the suspension, the IRS noted how it had stopped 800 fraudulent returns using an IP PIN through the end of February. While the IRS has only reported the instances where it was able to thwart these attempts, it remains unclear how many fraudulent returns were able to breach a taxpayer’s IP PIN.
What consumers can do
Moving forward, taxpayers who have lost or forgotten their PIN must directly contact the IRS. Those who haven’t received their number yet are allowed to file without it. Because the terms of the suspension are so vague, other consumers are being advised not to rely solely on these security initiatives. In fact, the IRS itself is working to spread awareness and education through its “Taxes. Security. Together.” campaign that emphasizes the ways consumers can participate in their own protection.
Typically, taxpayers should file their returns as early as possible, but with the deadline approaching, their vigilance is even more important. This means protecting your Social Security Number, checking your credit report each year and practicing safe habits online, like using secure networks and frequently using and updating strong passwords for all accounts. If you think you might be the victim of tax-related identity theft, you should immediately contact the Federal Trade Commission and the three major credit bureaus.
If you still have concerns about your personal security, you can invest in a service like Identity Guard that can monitor your Social Security Number for certain activity that may indicate fraud.