IRS, Industry, States Take New Steps Together to Fight Identity Theft, Protect

June 11, 2015

WASHINGTON — The Internal Revenue Service joined today with representatives of tax preparation and
software firms, payroll and tax financial product processors and state tax administrators to announce a
sweeping new collaborative effort to combat identity theft refund fraud and protect the nation's taxpayers.

The agreement — reached after the project was originally announced March 19 — includes identifying new
steps to validate taxpayer and tax return information at the time of filing. The effort will increase information
sharing between industry and governments. There will be standardized sharing of suspected identity fraud
information and analytics from the tax industry to identify fraud schemes and locate indicators of fraud patterns.
And there will be continued collaborative efforts going forward.

"This agreement represents a new era of cooperation and collaboration among the IRS, states and the
electronic tax industry that will help combat identity theft and protect taxpayers against tax refund fraud," IRS
Commissioner John Koskinen said. "We've made tremendous progress, and we will continue these efforts.
Taxpayers filing their tax returns next filing season should have a safer and more secure experience."

Koskinen convened a Security Summit on March 19 with the chief executive officers and leaders of private
sector firm and federal and state tax administrators to discuss emerging threats on identity theft and expand
existing collaborative efforts to stop fraud.

Three specialized working groups were established as part of the Summit, with members from the IRS, states
and industry co-chairing and serving on each team. During the past 12 weeks, the teams focused on
developing ways to validate the authenticity of taxpayers and information included on tax return submissions,
information sharing to improve detection and expand prevention of refund fraud, and threat assessment and
strategy development to prevent risks and threats.

The groups agreed to several important new initiatives in this unprecedented effort, including:

*Taxpayer authentication. The industry and government groups identified numerous new data elements that
can be shared at the time of filing to help authenticate a taxpayer and detect identity theft refund fraud. The
data will be submitted to the IRS and states with the tax return transmission for the 2016 filing season. Some of
these issues include, but are not limited to:

•        Reviewing the transmission of the tax return, including the improper and or repetitive use of Internet
Protocol numbers, the Internet ‘address’ from which the return is originating.

•        Reviewing computer device identification data tied to the return’s origin.

•        Reviewing the time it takes to complete a tax return, so computer mechanized fraud can be detected.

•        Capturing metadata in the computer transaction that will allow review for identity theft related fraud.

*Fraud identification. The groups agreed to expand sharing of fraud leads. For the first time, the entire tax
industry and other parts of the tax industry will share aggregated analytical information about their filings with
the IRS to help identify fraud. This post-return filing process has produced valuable fraud information because
trends are easier to identify with aggregated data. Currently, the IRS obtains this analytical information from
some groups. The expanded effort will ensure a level playing field so everyone approaches fraud from the
same perspective, making it more difficult for the perpetration of fraud schemes.

*Information assessment. In addition to continuing cooperative efforts, the groups will look at establishing a
formalized Refund Fraud Information Sharing and Assessment Center (ISAC) to more aggressively and
efficiently share information between the public and private sector to help stop the proliferation of fraud
schemes and reduce the risk to taxpayers. This would help in many ways, including providing better data to law
enforcement to improve the investigations and prosecution of identity thieves.

*Cybersecurity framework. Participants with the tax industry agreed to align with the IRS and states under the
National Institute of Standards and Technology (NIST) cybersecurity framework to promote the protection of
information technology (IT) infrastructure. The IRS and states currently operate under this standard, as do
many in the tax industry.

*Taxpayer awareness and communication. The IRS, industry and states agreed that more can be done to
inform taxpayers and raise awareness about the protection of sensitive personal, tax and financial data to help
prevent refund fraud and identity theft. These efforts have already started, and will increase through the year
and expand in conjunction with the 2016 filing season.

"Industry, states and the IRS all have a role to play in this effort," Koskinen said. "We share a common enemy in
those stealing personal information and perpetrating refund fraud and we share a common goal of protecting
taxpayers. We want to build these changes into the DNA of the entire tax system to make it safer."

Many major system and process changes will be made this summer and fall by the participants in order to be
ready for the 2016 filing season. The public-private partnership also will continue this cooperative, collaborative
approach to address not just short-term issues but longer-term issues facing the tax community and taxpayers.

The partnership parties recognize the need to continuously improve our tax system defenses for combating this
threat to taxpayers and our tax system, Koskinen added. Those defenses include a continually improving multi-
level identity proofing and authentication capability that anticipates and stops threats.

"I applaud the industry and the states for stepping forward to take on this challenge and making the needed
changes," Koskinen. "This is good for taxpayers, good for tax administrators and good for the tax community."

Koskinen emphasized that a continuing theme throughout this effort focuses on protecting taxpayer information
and privacy. “Working together we can achieve results that none of us, working alone, could accomplish,” he

In addition to companies from the private sector, the summit team included several groups including the
Electronic Tax Administration Advisory Committee (ETAAC), the Federation of Tax Administrators (FTA)
representing the states, the Council for Electronic Revenue Communication Advancement (CERCA) and the
American Coalition for Taxpayer Rights (ACTR).