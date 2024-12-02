Still, GAO found the IRS has begun analysing gaps between its current authentication procedures and the new National Institute of Standards and Technology (NIST) guidance, and implemented a more secure online authentication option consistent with the new guidance through its mobile application, IRS2Go. After taxpayers link their IRS online account with the mobile app, they can use it to generate a security code to log into their account. This option provides taxpayers with an alternative to receiving the security code via a text message, which NIST considers to be less secure.

Authentication is a critical step in both protecting sensitive taxpayer information and preventing potentially billions of dollars of refunds from being paid to fraudsters each year. According to IRS’s most recent data, it estimates that in 2016, at least USD 12.2 billion in IDT tax refund fraud was attempted; of this amount, at least USD 1.6 billion was paid out to fraudsters.

The IRS has established organizational structures essential to supporting its taxpayer authentication efforts such as its Identity Assurance Office (IAO), which works with stakeholders across IRS to review and assess the agency’s various authentication programs and efforts. IAO also led an effort that identified over 100 interactions between IRS and taxpayers that require authentication and categorized these interactions based on potential risks to the agency and taxpayers.