Is the IRS’s E-File Security Ready for Prime Time?

It’s no secret that for years, the IRS has been a favorite target among cyber criminals, hackers and other bad actors that keep InfoSec professionals worried and awake in bed at night. In fact, according to the General Accountability Office’s (GAO) own numbers, the IRS shelled out a whopping (get ready with your best Austin Powers’ “Dr. Evil” impersonation) $5.8 billion dollars in fraudulent refunds in 2013 alone. That’s not stockholder money or market cap. That’s money that the government needs to, well, govern.  Any shortfalls aren’t covered by IRS agents in sunglasses and dark suits. They’re covered by you and me.

Beefing Up Security

In light of this priority one concern — and massive criticism that the its cyber security defenses aren’t up to the job — the IRS has recently beefed up the security of its e-file service, and you may have noticed these if you e-filed your most recent tax return. For example, e-filers must now supply their prior year return’s exact adjusted gross income (AGI). The thinking here is that it’s harder for cyber criminals to get their hands on this data (contrary to popular belief, most digital fraudsters are lazy and will go after low hanging fruit most of the time).

In addition, the e-filers must now successfully pass through two-factor authentication (2FA), and data submitted to and from the IRS’s servers is secured with SSL encryption (note: obviously SSL isn’t a new security element, but it’s worth mentioning since it’s part of the overall security scheme that the IRS likes talking about in bulletins).

So, in light of the above, is the IRS’s e-file security ready for prime time? According to the IRS: absolutely. But According to some experts like tax attorney Jeffrey B. Kahn, the confidence level isn’t as definitive — simply because identity theft cannot be eliminated by the IRS or any other organization, regardless of whether it’s in the private or public sector. Identify theft is like malware. There are ways to mitigate the risk, but not to completely eradicate it.

When e-Filing isn’t the Right Move

Kahn also reminds filers that there’s nothing prehistoric about opting to submit a paper-based return; not just for security reasons, but because it may be preferred or necessary. For example:

• Unless filers qualify for the IRS’s free online filing service (gross income of less than $64,000), e-filing comes with a price tag that, while not prohibitive, is nevertheless a cost. Submitting a paper return costs a stamp.
• While e-filing saves time, filers with complex tax needs — such as those who own various types of investments — may find that the software they use isn’t robust enough to cover their needs.  
• E-filers who procrastinate may find that everything from swamped servers to IT issues prevent them from meeting the deadline.
• After purchasing software, some taxpayers will discover that they’re ineligible to e-file (e.g. filing multiple years’ tax returns, etc.).

The Bottom Line

By adding the prior year AGI rule and implementing 2FA, the IRS is taking steps in the right direction to beef up its security systems. But then again, the IRS recently started outsourcing collections to third party private sector companies, which some experts feel is a step backwards security-wise.

If you indeed decide to e-file, ensure that the software you choose ranks high on the security scale (security is more important than speed or convenience), and as always, talk with a tax attorney if you have specific issues before you file — not after.