It is hard to believe that it has taken the US IRS all this time to figure out a better authentication mechanism for taxpayers. But starting next month, all taxpayers can apply for an identity protection personal identification number (IP PIN) to block identity thieves from falsely claiming any tax refunds. To give you an idea of the magnitude of this problem, the IRS says several billions of dollars of phony refunds have been prevented through its half-hearted efforts to date. This includes phony refunds that are issued to taxpayers who never filed returns.
The IP PIN process used to be for high-risk taxpayers: those who have been victims of refund fraud attempts in the past. Starting next month, we can all join this party (hopefully not the victims group). They explain all of this here, which they call “secure access.”
To participate, you will need a “real” cellular phone number (vs. an IP service like Google Hangouts) and your email address. You will also need a credit card or some other financial instrument (not a debit card) to prove your identity. If you are concerned about giving your phone number to the IRS, you can substitute your postal address and they will send the confirmations that way.
The IP PIN is a six-digit code that changes annually. That is annoying — why not use Google-like authenticator smart phone app — and to make matters more confusing, this differs from the five-digit PIN that is used during the e-filing process for your return. (When I first typed in e-filing, I didn’t use a hyphen and one of the suggestions was effing. That isn’t too far from reality. But I digress.)
Even though the IP PIN effort isn’t happening until next month, you can sign up for your IRS electronic account now. (CORRECTION: The IRS took down the service until January, see the link in my comment.)
This will be a prerequisite for the universal IP PIN process. You’ll notice that particular link isn’t mentioned in the earlier link that explains what secure access is: Dontcha just love our gummint? Anyway, I spent about 20 minutes getting my digital ducks in order for myself and about the same time for my wife’s account. My first credit card for some reason wasn’t accepted, and the site was initially down the time I tried to sign up my wife. I was going to use my Amex card but the IRS doesn’t take that either. Eventually, both of us passed muster and created our accounts It was nice to see that we didn’t owe the IRS any money from past filings.
If this has awakened a desire to be more proactive about protecting your digital identity, Brian Krebs has a bunch of other suggestions that he calls “planting your digital flag.” They are all good ones, although if you are paranoid about your privacy you might want to think about the security tradeoffs you are making.