IRS to supply real-time income verification under Senate bill

A bipartisan pair of senators wants the IRS to supply electronic real-time income verification services over the internet, but it might take more than a bill to get the tax agency moving on the tech required to support such a plan.

Under the IRS Data Verification Modernization Act of 2017, taxpayers would be able to give the tax agency permission to share information with companies looking to confirm financial data.

The bill was introduced by Sen. Cory Booker (D-N.J.) on Oct. 16 and is co-sponsored by Idaho Republican Sen. Mike Crapo. While the two lawmakers hail from opposite ends of the political spectrum, both have strong ties to the financial industry, which would likely welcome such a service as a way of reducing risk in lending and other financial services.

Press secretaries for the two lawmakers did not respond to emailed requests for comment from FCW.

The bill comes as the IRS is struggling publicly with identity management. The agency just suspended a contract with data provider Equifax to provide ID services for the GetTranscript service amid the fallout from a breach in which information on more than 140 million consumers was compromised.

The agency has been working on ways to create and validate user accounts to allow for the sharing of validated data, but it has been a struggle, with scammers exploiting security holes in Get Transcript and Where's My Refund to steal identities and collect refunds.

"The concept of an taxpayer electronic account is not new, and the IRS has been testing the processes and technology," said Terry Milholland, formerly the chief technology officer at IRS.

Such an income verification service could be subject to the same risks as these other public facing services, Milholland said. But he pointed out that the IRS IT systems philosophy is to "stage the appropriate data and controls in externally facing systems" in such a way that "the core data is protected."

Adding a new public service would enlarge the attack surface of the IRS, Milholland explained, but it "can be defended against the scammers, along the lines of any financial institution's defense of a financial account."

One big impediment to rolling out new taxpayer services is funding.

"My budget was at 1998 levels when I left in 2016," Milholland said. "That's nuts. It's a miracle I got anything done."

There's also a cultural issue – a reluctance to share tax data in IRS systems even with the approval of the taxpayer. "It's almost in the blood, where we don't do that, we don't give tax information to anybody," Milholland said.

While at IRS, Milholland worked on several projects designed to increase secure electronic access to taxpayer data. In one promising pilot, IRS partnered with payroll firm ADP to code income data in an encrypted one-way hash on W-2 forms, which taxpayers would include on their tax returns. This confirmed to IRS systems that the income being reported by the taxpayer was the same as the income being reported by the payroll provider.

"It worked incredibly well," Milholland said. "It would have gotten rid of the number one source of scamming the IRS if implemented on a wide basis."

It wasn't implemented, he said, because to do so required changing processes and technology investments. "This is the constant dilemma – great ideas or legislation come forward and yet we're stymied in the actual implementation because of these budget restrictions," he said.

While the data verification bill does allow the IRS to charge a fee for its services, such fees aren't a potential back door to fund modernization, Milholland noted. The agency can only charge what it costs to provide the service.