IRS Beefs up Authentication, Relaunches ‘Get Transcript’
June 9, 2016
Nearly a year after hackers exploited a vulnerability in IRS systems to mine information used to file phony tax returns and perpetrate other account takeover and creation scams, the Internal Revenue Service on Tuesday relaunched its Get Transcript service with tighter authentication. In May 2015, cyber criminals were able to access prior years’ tax returns for more than 100,000 taxpayers through the service. But, after imposing a new multi-factor authentication regime including one-time verification codes sent via text or email, the agency feels ready to give taxpayers online access to their old returns once more.
“The IRS is committed to the protection of taxpayer information and the security of our systems,” said IRS Commissioner John Koskinen. “Criminals are becoming increasingly sophisticated and continue to gather vast amounts of personal information as the result of data breaches at sources outside the IRS. In the face of that threat, we must provide the strongest possible authentication processes, while trying to enhance the ability of taxpayers to legitimately access their data and use IRS services online. We recognize that enhanced security will increase the challenge for taxpayers accessing our online services.”
In addition to asking for a mobile number or email address to register for Get Transcript, the IRS said it also will require certain financial information like a credit card number or loan number. Taxpayers who registered using the older process will need to re-register and strengthen their authentication in order to access the tool.