IRS chooses security over accessibility

The IRS formally relaunched the Get Transcript tool on June 7 with new security features meant to lock out fraudsters. But the changes might also bar some legitimate users.

"In the face of [the] threat [of sophisticated criminals], we must provide the strongest possible authentication processes, while trying to enhance the ability of taxpayers to legitimately access their data and use IRS services online," IRS Commissioner John Koskinen said in a statement. "We recognize that enhanced security will increase the challenge for taxpayers accessing our online services."

IRS officials consulted with the U.S. Digital Service on the revamp, which goes beyond the knowledge-based security that allowed criminals to snatch taxpayer data via Get Transcript.

The tool's overhaul has been in the works for some time. FCW reported on the developing security features in May.

At the time, National Taxpayer Advocate Nina Olson expressed concerns that the new features would block honest taxpayers. The IRS has now confirmed that the revamped tool requires an email address, multifactor authentication via text messages and specific financial information such as credit card or loan numbers.

But Olson noted that, given the immense value of IRS data, tighter security might be worth the accessibility trade-off.

The IRS acknowledged in its statement that "some taxpayers may now find it more difficult to authenticate their identities with this strengthened process." For taxpayers who cannot make it through the new security setup, the IRS will deliver tax transcripts via U.S. mail "within five to 10 days."

The IRS will now text or email one-time verification codes to taxpayers but will not ask for personal information or login data. Therefore, taxpayers should, as always, be wary of electronic messages seeking information and purporting to be from the tax agency.