Earlier this year, some taxpayers sent in their 2014 tax returns and were shocked to learn that their returns had already been filed; cybercriminals were filing returns using stolen identity documents to gain illicit access to tax refunds. So the IRS began working with major tax preparers to prevent this from happening again in 2016. This initiative was launched at the Security Summit in March 2015 and the IRS released an update on the tax return security initiative in October.
Authentication was one of the main topics covered by the Security Summit. While one feature could prove annoying, the other features should be very helpful. Password standards have gotten stricter--but instead of hard to remember special characters, a password consisting of multiple words could be a better approach. A search for the term "correct horse battery staple" will return articles that explain this concept.
Aside from that, the new tax return authentication rules for 2015 include multiple device verification, timed lockout and limited sign-in attempts, and verification questions. Verification questions could be good or bad; some of these questions can be answered with stolen identity documents as well, so selecting good identity verification questions is important. Multiple device verification is a great feature--mobile phones, e-mail accounts, and other devices can easily provide an added layer of security. And timed lockout features and limited sign-in accounts are standard security features in use on many websites.
Data sharing was also covered by the Security Summit. The IRS plans to track 20 data points, but did not detail all of them for security purposes. The main takeaway here is that the IRS can track whether a single preparer is submitting a large number of returns using IP data, determine whether a tax return was filed from a domestic computer, and check how long it takes to fill out a return. These seem like fairly standard security steps as well.
So the tax filing process will change a bit in 2016 because passwords will become more difficult to remember, but in overall terms the IRS is implementing standard security features that are already in place at banks, stock brokerages, money transmitters, and other financial companies. The IRS also had one more suggestion that could limit tax return fraud and give taxpayers more time to prepare as well--sending out 1099 and W-2 forms earlier--but Congress will need to pass new laws to implement that rule change.
Internal Revenue Service https://www.irs.gov