Civilian

The IRS security measures that taxpayers don’t like

Many people have experienced a moment of dread waiting to interact with Internal Revenue Service agents. But a Dec. 19 report from the Government Accountability Office found that IRS customers also didn’t want to use secure digital communication platforms developed by the agency because the process sign-up process was “too complicated.”

In two separate pilot programs designed to modernize communication with taxpayers, the IRS struggled to attract participation by its users. Even when taxpayers chose to participate in the digital communication, few completed the entire registration process.

In one pilot for the Small Business/Self Employed (SB/SE) business unit, started in 2017, the agency used digital messaging for examinations instead of mailing questions and answers back and forth. In that pilot, users had to pass several security checks to verify their identities. The other pilot, the Taxpayer Advocate Service (TAS) pilot, tested the viability of sending documents between the IRS and taxpayers through electronic documents and included its own security measures.

During the small business/self employed pilot, only 44 percent of those who started the secure enrollment process actually completed it. The story was similar with the TAS pilot.

“Pilot participants told TAS that they found the secure enrollment system for the TAS pilot to be too complicated to use and preferred instead to fax documents to avoid the burdensome sign-up process,” the GAO officials wrote.

Of course, sensitive online communication, particularly regarding taxpayer financial information, requires strict cybersecurity measures — moves that would seem preferable. But for these IRS pilots, those measures actually deterred participation in the pilots, leading the GAO to conclude that the IRS risked building and using services that taxpayers don’t have an interest in using.

“Officials involved in each pilot reported that additional taxpayers expressed interest in participating, but experienced challenges in getting through the identity verification requirements for enrollment,” GAO officials wrote.

The IRS is also looking to expand its use of electronic services, which requires effective user authentication measures. In June 2018, the GAO recommended that the IRS implement new federal guidelines regarding user authentication, but IRS officials in June 2019 told the GAO that they had identified a way to align its authentication with federal guidelines. Still, the GAO said work still remains.

The IRS also has a looming deadline for online authentication. In January, a new law requires that the IRS verify the entity of any individual opening an e-services account with the tax collectors.

Still, as the IRS treks down its modernization path, it has to manage its risk in relation to user experience.

“If IRS makes the authentication process too stringent, it may adversely affect legitimate taxpayers, but too easy of an authentication process presents security risks,” GAO wrote.

Recommended for you
Around The Web
Comments