IRS RESPONSE TO RECOMMENDATION: ​​​A metric for the False Detection Rate (FDR) is established. This metric is a core component of the annual work plan development of the Taxpayer Protection Program (TPP), which is data driven and includes analysis of the historical and projected individual filter performance. This analysis includes FDR scenarios and associated workload impacts. The FDR goal for the 2017 processing year is 49% for the identity theft (IDT) filters. Due to a change from moving non-IDT filters from the Electronic Fraud Detection System (EFDS) to the Return Review Program (RRP), we are base lining the FDR for non-IDT for 2017. However we continue to monitor the FDR and performance of the non-IDT models in RRP.

During the execution of the TPP work plan, the performance of the filters including both the variation in predicted workflow and FDR is reviewed on a weekly basis. As part of the work plan processes, we plan to meet our targets including the FDR. We officially start reporting the FDR in May of each year because of the timing of the TPP notices, opportunities for the taxpayer to authenticate, and confirmation of IDT.

CORRECTIVE ACTION: N/A

TAS RESPONSE: The National Taxpayer Advocate is pleased that the IRS has set goals for both its IDT and fraud filters. However an ID theft false positive rate (FPR) goal of nearly 50 percent lacks ambition, and is an admission that the IRS is willing to accept that nearly half of the returns selected for potential ID theft are legitimate. As stated in the Most Serious Problem, the IRS’s concession of the high false positive rate is contradictory to the aspirations of other government agencies and the private sector, and violates the taxpayer’s right to quality service.

ADOPTED, PARTIALLY ADOPTED or NOT ADOPTED: Adopted

OPEN or CLOSED: Closed

DUE DATE FOR ACTION (if left open): N/A

IRS RESPONSE TO RECOMMENDATION: ​​​​​The IRS is using a robust private and public partnership to implement techniques to fight identity theft and fraud. The Security Summit was established to bring the tax community closer to adopting strategies focused on preventing and detecting identity theft and refund fraud. We organized a Security Summit Group in March 2015, an unprecedented partnership between the IRS, the electronic tax industry, the software industry, and the states to work on collaborative solutions to combat stolen identity refund fraud. Over the past two years, the Security Summit group has made progress on a number of initiatives. They include, but not limited to, the following:

• Security Summit members share more data from tax returns to improve fraud detection and prevention. The additional data provides enhanced opportunities to identify both questionable returns as well as unique consistencies with prior year filings to allow the return to be excluded from selection. This reduces taxpayer burden.
• Tax software providers strengthened identity requirements and validation procedures for customers to protect against account takeover by criminals. The improvements add verification procedures for taxpayer when logging in to their accounts.
• Security Summit members created a Refund Fraud Information Sharing and Analysis Center (RF-ISAC) to centralize, standardize, and enhance data compilation and analysis, which will facilitate sharing actionable data and information. The RF-ISAC pilot launched on January 23, 2017.
• Recognizing the critical role that tax professionals play within the tax industry in both the federal and state arenas, the Security Summit established a team to examine issues related to tax return preparers, such as how the tax return preparer community can contribute to the prevention of IDT and refund fraud.
• Security Summit initiatives included the establishment of a financial services workgroup comprised of members from the IRS, the states, and industry partners.  The workgroup will identify and analyze possible fraud vulnerabilities associated with tax refunds through the use of financial products, services, and institutions.

IRS will continue this partnership on an ongoing basis.

CORRECTIVE ACTION: N/A

TAS RESPONSE: The National Taxpayer Advocate agrees that the establishment of the Security Summit was a positive step towards identifying best practices for detecting and preventing identity theft and fraud. The IRS should not limit its partners to only those organizations who have direct knowledge of the tax industry, but rather it should broaden the types of partners in this summit to include entities from the financial sector, the banking sector, the commercial sector, and the consumer and privacy advocates sector, ensuring that it is aware of the most advanced tactics being used to detect and prevent identity theft and fraud in all sectors.

ADOPTED, PARTIALLY ADOPTED or NOT ADOPTED: Partially Adopted

OPEN or CLOSED: Closed

DUE DATE FOR ACTION (if left open): N/A

IRS RESPONSE TO RECOMMENDATION: ​​​​The Security Summit was established to bring the tax community closer to adopting strategies focused on preventing and detecting identity theft and refund fraud. IRS and state revenue agencies are collectively working together to protect the taxpayer, revenue, and to strengthen the tax return processing systems. We recognize that there are opportunities to expand the Security Summit or similar activities with other federal agencies in the future.

The IRS is engaging with other government agencies, including the Social Security Administration, the Federal Trade Commission and the Department of Education, in the fight against refund fraud, and these interagency efforts will continue.

Completed.  IRS will continue to expand our government partnership on an ongoing basis.

CORRECTIVE ACTION: N/A

TAS RESPONSE: The National Taxpayer Advocate agrees that the establishment of the Security Summit was a positive step towards identifying best practices for detecting and preventing identity theft and fraud. We encourage the IRS to continue to expand the number and type of government partners that are involved in the Security Summit. As stated in the Most Serious Problem, the IRS should establish partnerships with data mining experts in the Defense Intelligence Agency that use data mining and risk detection. To be as innovative and creative as the individuals who are committing identity theft and fraud, the IRS must expand its interaction to include a diverse group of government agencies that are considering ways to detect problems while mitigating their FPRs.

ADOPTED, PARTIALLY ADOPTED or NOT ADOPTED: Partially Adopted

OPEN or CLOSED: Closed

DUE DATE FOR ACTION (if left open): N/A

IRS RESPONSE TO RECOMMENDATION: ​​​The Return Integrity and Compliance Services (RICS) organization meets with the Return Review Program (RRP) Application Development and Research, Applied Analytics, and Statistics (RAAS) on a well-coordinated meeting to walk through all the identity theft (IDT) or Taxpayer Protection Program (TPP) filters and models. These sessions provide weekly insight into the analytics associated with the IDT and Non-IDT filter performance. The analysis includes any potential changes to thresholds, filter logic, impact of data breaches on inventory, and exclusions from case selection. The Business Rules and Requirement Management (BRRM) is a participant in the meeting to capture in real time the anticipated and expected changes approved. The RICS organization is responsible for the delivery of the False Detection Rate (FDR) metric, and as such, serves as the approving official for all filter and tolerance changes. The review is weekly and all decisions are exclusively operational and made by RICS. There is no board assembled for the filter recommendations or changes. The tolerance and filter logic changes occur swiftly and all programming changes are completed within 48 hours of the approval. The information is documented as part of a change request process. The documentation is to provide an audit trail of the changes made and provide necessary traceability on filter performance. The documentation may follow the actual implementation since the adjustments to the filters are important to prevent revenue loss or taxpayer burden. Completed.  IRS will continue this process on an ongoing basis.

CORRECTIVE ACTION: N/A

TAS RESPONSE: The National Taxpayer Advocate is pleased that the IRS monitors the FPRs for both ID theft and fraud filters on a regular basis, and considers possible filter adjustments. However, rather than giving sole authority to RICS to either grant or deny any proposed adjustments to filters, the group should be designed in a way that allows all stakeholders to have a voice in whether or not a filter should be adjusted and, most importantly, to identify and mitigate potential downstream consequences of a filter change at a servicewide level prior to implementation. RICS should only be carrying out the recommendations of the group. Additionally, as discussed in the Most Serious Problem, the process should be consolidated to consider any change to filters for both the RRP and DDb systems, rather than relying on two separate and distinct approval processes.

ADOPTED, PARTIALLY ADOPTED or NOT ADOPTED: Not Adopted

OPEN or CLOSED: Closed

DUE DATE FOR ACTION (if left open): N/A