Another IRS tax tool bites the dust
- By Zach Noble
- Jun 27, 2016
The IRS has nixed its online and telephone-based electronic filing PIN offerings following increased cyberattacks.
In a June 23 statement, the agency cited an increasing frequency of automated attacks through which hackers could generate the e-file PINs needed to file fraudulent refunds.
Tax industry insiders have long sounded the alarm on the tool's reliance on Social Security numbers and other static identifiers. Answers to such "out-of-wallet" questions can sometimes be easier for scammers to obtain than answers to the knowledge-based authentication that failed to protect another IRS web tool, Get Transcript.
IRS officials said they were shutting down the e-file PIN options as a precaution to protect taxpayers, and they had already been working with the tax-preparation industry to eliminate the feature.
The tool has been the target of bot attacks since at least February, but officials said they opted to delay taking the tool off-line because most commercial tax-preparation software relies on it to some degree.
As it yanks down insecure web tools, the IRS has been building a new security model that incorporates two-factor authentication and a harder-to-answer series of security questions.
Zach Noble is a former FCW staff writer.