Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
March 20, 2017
Fraud Reduction at the IRS: Some Happy Returns
On a regular basis, Retail Payments Risk Forum members get asked, "What is the most significant risk facing the industry today?" While we often have lively, wide-ranging discussions on payment matters, we quickly reach consensus when asked the aforementioned question. Generally speaking, we would all answer "cybersecurity" (as would many other experts).
To fully understand the significance of cybersecurity, we have to explore other root risks. For payments, one of the largest issues is cybersecurity attacks that aim to steal identities. Identity theft is a not a new issue, but, more than ever, it's attached to cybersecurity. In the spirit of tax season and identity theft, I‘d like to provide an update on the recent efforts of the IRS Security Summit as it works to protect the industry from identity theft related to tax fraud.
Last year was the first full year for the IRS Security Summit and its seven work groups. Thanks to this industry collaboration, the IRS received 237,750 new identity theft affidavits between January and September 2016—50 percent fewer than what the IRS received during the same period in 2015. In addition, in 2016, the IRS stopped 50 percent more fraudulent returns from processing compared to 2015, preventing $7.2 billion in fraud losses. Even more promising is that fewer fraudulent returns actually made it to the IRS in the first place.
These results show improvements at each point of the tax refund cycle by the combined efforts of tax professionals, state tax agencies, financial services partners, and designated IRS personnel. Several tactical approaches the work groups are developing include:
- Identification of data elements transmitted on both business and individual tax returns that can be used to identify fraud
- A program to allow financial institutions to flag suspicious refunds before they are deposited
- The requirement for tax software products to improve password practices and customer validation procedures
- A new W-2 verification code for taxpayer authentication
- The External Leads Program for suspicious refund returns
- National education and awareness campaigns
- National Institute of Standards and Technology Cybersecurity Framework for the tax industry
- The creation of a cyber-threat assessment tool
This year, the IRS Security Summit is continuing its work with efforts cyber in nature. In January, the summit launched the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (IDTTRF-ISAC). This association will issue early warnings, identify fraud schemes, assess threats, address cybersecurity issues, and provide better data for law enforcement. While the design work for the IDTTRF-ISAC is still in progress, the work group has already reviewed the sharing practices followed by the Department of Health and Human Services and the Federal Aviation Administration. To provide the tax ecosystem a highly secure, web-based information exchange will require dedicated, well-qualified analytic and cybersecurity professionals to join an already effective, mostly volunteer task force.
By Jessica Washington, AAP, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
- Fed Payments Webinar Series Launching
- The Rising Cost of Remittances to Mexico Bucks a Trend
- Identity Theft Part 2: Prevention
- Identity Theft: A Growing Epidemic
- Are Our Wallets About to Get Thinner?
- Extra! Extra! Triennial Payments Data Available in Excel!
- Are Business Payments Directories Coming to the Fore?
- Are Consumers Out of Touch?
- FIDO Tightens Authentication's Leash
- Staging the ATM
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud