In 2015, the Internal Revenue Service brought together state tax officials and the nation’s leading tax return preparers and software developers, including Intuit, to create and agree on new anti-fraud measures to protect taxpayers. Established as the IRS Security Summit, the collaboration produced new agreements and launched new initiatives to drive fraud out of the tax system.
The Security Summit established new protocols to help governments and the tax preparation industry better detect and combat stolen identity tax refund fraud through concerted efforts to authenticate legitimate returns without unnecessarily delaying the timely refunds of deserving taxpayers.
For the past three years, Security Summit participants have continued collaborating on the best uses of technology, protocols and cyber-security frameworks to protect the nation’s tax information technology infrastructure. The centerpiece of the long-term strategy to meet evolving threats has been the creation of a national Tax ISAC – specifically the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center or “IDTTRF-ISAC” within Internal Revenue Service (IRS).
The ISAC’s mission, is to combat tax cyberfraud by securely sharing information via a public/private partnership, harnessing the expertise of Federal and State tax authorities and the private sector tax services industry to work together to protect the American tax system from cyber security threats, leveraging applied data science and analysis to defeat strategic threats.
The Tax ISAC was modeled on the cyber defense strategies of other critical infrastructure sectors of the economy, including Aviation and Financial Services. The creation of an ISAC is a strategic best practice to provide essential capabilities in defense of the nation’s critical infrastructures, systems, and assets. In each case, the initiation of an ISAC took time, planning, resources and applied learnings, as it developed and matured to take on task of defending the nation’s security. The work of the Tax ISAC has just begun, but it is a foundational capability to secure the long-term strategic safety and stability of the nation’s tax system against emerging global threats.
Nevertheless, today there are a number of methods for ISAC participants to effectively collaborate and share suspicious activities. These and other methods and strategies will evolve and grow as the Tax ISAC reaches its mature state alongside the ISACs of other critical economic sectors.
In Tax, there is already an “alerts and rapid response,” channel that enables ISAC members to proactively identify suspicious activity and share detailed information about the cyberfraud schemes they may have uncovered. The alerts often include specific information about new and evolving methods of fraud that are intended to pierce or circumvent the latest security measures.
In addition, today there is a “leads,” channel that allows members to share aggregate data in ways that protect the identity of legitimate, individual taxpayers but enables the deployment of data analytics and data visualization in order to detect suspicious patterns of cyber activity.
Today, in addition to the Internal Revenue Service, the ISAC’s membership includes the State departments of revenue from across the nation, and the private sector tax preparation industry and related organizations. During the last tax season, this collaboration enabled sharing of 1,794,049 suspicious activity leads and created 34 rapid action alerts to combat tax cyberfraud. As a direct result of ISAC’s contributions to the work of the Security Summit, the IRS – and the American taxpayer – saw a dramatic decline in the incidence of identity theft tax fraud.
In 2017, reports of tax identity theft to the IRS declined by 40% from the previous tax season, following a similar decrease in the previous year, and it is estimated that more than $6 billion of taxpayer refunds were protected.
As the IRS has noted, “This particular effort illustrates how government and the private sector can work together toward a shared goal while maintaining clear lines of distinction between the roles they play in the tax ecosystem. Industry is providing essential help by sharing key information. This will allow the government to quickly and accurately make determinations of what is fraudulent and what is not. This doesn’t change the roles we have traditionally played. It simply extends the current relationship to better protect taxpayers and the integrity of our entire tax system.”
Without question, advances in technology and data storage have helped simplify and improve our lives in countless ways. Our challenge today in a world of global cyber challenges is to protect and secure our nation’s information and financial systems – including the tax system and taxpayers – against international criminals, fraudsters and other security threats.
As the makers of TurboTax, the most widely used tax preparation software, we at Intuit believe each of us has a special responsibility to help combat cyber security threats to the tax system. With everyone doing their part, we believe this is a strategic fight that can, must and will be won for the nation.