Digital Gov

Another IRS tax tool bites the dust

IRS Headquarters in Washington, D.C. (Photo credit: Rob Crandall / Shutterstock.com) 

The IRS has nixed its online and telephone-based electronic filing PIN offerings following increased cyberattacks.

In a June 23 statement, the agency cited an increasing frequency of automated attacks through which hackers could generate the e-file PINs needed to file fraudulent refunds.

Tax industry insiders have long sounded the alarm on the tool's reliance on Social Security numbers and other static identifiers. Answers to such "out-of-wallet" questions can sometimes be easier for scammers to obtain than answers to the knowledge-based authentication that failed to protect another IRS web tool, Get Transcript.

IRS officials said they were shutting down the e-file PIN options as a precaution to protect taxpayers, and they had already been working with the tax-preparation industry to eliminate the feature.

The tool has been the target of bot attacks since at least February, but officials said they opted to delay taking the tool off-line because most commercial tax-preparation software relies on it to some degree.

As it yanks down insecure web tools, the IRS has been building a new security model that incorporates two-factor authentication and a harder-to-answer series of security questions.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected