WASHINGTON, D.C. – House Ways and Means Oversight Subcommittee Chairman Lynn Jenkins (R-KS) delivered the following opening statement at a Subcommittee Hearing on the Internal Revenue Service’s Online Taxpayer Authentication Efforts.
CLICK HERE to watch the hearing.
Remarks as prepared for delivery:
“Last year, taxpayers and third parties electronically completed more than 330 million transactions with the IRS. To do so, taxpayers used a number of online tools and applications, which offer convenient ways to interact with the IRS. These tools and applications allow taxpayers to make payments to the IRS, check the status of their refunds, and review prior year return information instead of having to call the IRS or visit an IRS office.
“Sadly, the IRS’s online tools and applications have also become an attractive target for criminals looking to steal taxpayer information and commit identity theft fraud. The IRS uses a process known as ‘authentication’ to separate legitimate taxpayers who want to access the IRS’s online services from criminals looking to commit fraud. Unfortunately, given the large amount of personal information on taxpayers available in the public domain, criminals can easily impersonate legitimate taxpayers and pass through the IRS’s authentication process undetected.
“To combat this problem, the IRS needs to ensure the necessary layers of defense are in place when authenticating taxpayers.
“However, both the Government Accountability Office and the Treasury Inspector General for Tax Administration have raised concerns with how the IRS authenticates users of its online tools and applications. For example, the IRS only required limited authentication of two key online applications even though federal guidelines recommended more robust efforts. Subsequent breaches of these applications in 2015 and 2016 exposed taxpayers to the harm of identity theft.
“For its part, the IRS has tried to improve its online authentication through multiple efforts. Unfortunately, the IRS has not implemented a comprehensive authentication strategy to coordinate these efforts even though it has been working on one for nearly three years. Without a strategy in place, the IRS will not be able to establish an agency-wide response to improve authentication.
“Congress also recognizes the importance of establishing secure channels for taxpayers to interact with the IRS online. Last April, the House of Representatives passed the Taxpayer First Act, which establishes a framework for the IRS to develop effective online tools and applications that protect taxpayer information.
“Today’s hearing will focus on the IRS’s current online authentication efforts, the challenges the IRS faces when authenticating taxpayers online, and the areas where the IRS can improve its authentication efforts. As criminals continue to evolve and become more sophisticated in their attacks, finding the appropriate solutions for authenticating taxpayers becomes all the more important. The IRS should also consider balancing the appropriate level of authentication while ensuring legitimate taxpayers are able to access online services.
“I want to thank our witnesses for being here today and I look forward to their testimony.”