Securing your IRS online account

It is hard to believe that it has taken the US IRS all this time to figure out a better authentication mechanism for taxpayers. But starting next month, all taxpayers can apply for an identity protection personal identification number (IP PIN) to block identity thieves from falsely claiming any tax refunds. To give you an idea of the magnitude of this problem, the IRS says several billions of dollars of phony refunds have been prevented through its half-hearted efforts to date. This includes phony refunds that are issued to taxpayers who never filed returns.

The IP PIN process used to be for high-risk taxpayers: those who have been victims of refund fraud attempts in the past. Starting next month, we can all join this party (hopefully not the victims group). They explain all of this here, which they call “secure access.”

To participate, you will need a “real” cellular phone number (vs. an IP service like Google Hangouts) and your email address. You will also need a credit card or some other financial instrument (not a debit card) to prove your identity. If you are concerned about giving your phone number to the IRS, you can substitute your postal address and they will send the confirmations that way.

The IP PIN is a six-digit code that changes annually. That is annoying — why not use Google-like authenticator smart phone app —  and to make matters more confusing, this differs from the five-digit PIN that is used during the e-filing process for your return. (When I first typed in e-filing, I didn’t use a hyphen and one of the suggestions was effing. That isn’t too far from reality. But I digress.)

Even though the IP PIN effort isn’t happening until next month, you can sign up for your IRS electronic account now.  (CORRECTION: The IRS took down the service until January, see the link in my comment.)

This will be a prerequisite for the universal IP PIN process. You’ll notice that particular link isn’t mentioned in the earlier link that explains what secure access is: Dontcha just love our gummint? Anyway, I spent about 20 minutes getting my digital ducks in order for myself and about the same time for my wife’s account. My first credit card for some reason wasn’t accepted, and the site was initially down the time I tried to sign up my wife. I was going to use my Amex card but the IRS doesn’t take that either. Eventually, both of us passed muster and created our accounts It was nice to see that we didn’t owe the IRS any money from past filings.

If this has awakened a desire to be more proactive about protecting your digital identity, Brian Krebs has a bunch of other suggestions that he calls “planting your digital flag.” They are all good ones, although if you are paranoid about your privacy you might want to think about the security tradeoffs you are making.

6 thoughts on “Securing your IRS online account

  1. I have tried Safari, Chrome, Brave and even Edge on Mac all to no avail
    All have the same behavior
    Step through several info pages
    Enter name and email and click next to send code – nothing happens
    Click next again and it goes to this page
    https://www.irs.gov/help/ita
    Going back to the webpage just fast forwards to the above web URL

  2. “My first credit card for some reason wasn’t accepted”

    I had this happen when I applied for SS. I don’t use my first name, that’s my Dad’s name. The various credit agencies don’t know my full name. I’ve always been “Paul”.

    After a couple of phone calls (and finally a smart and very helpful guy) it was sorted out.

  3. When they catch me at the right moment, I respond to IRS, Social Security, credit card interest reductions, medical devices, all scams with an outpouring of choice profane words aimed directly at the person who comes on the line when I press “1”. I know I’ve hit a nerve when the person responds back to me in kind, and I laugh.

    Almost all of them call from outside the US, and they spoof the caller ID, so adding them to the do-not-call list is useless, especially if you see your own name and number in the caller ID. So is pressing “2” to be removed from their call list.

    Verizon could fix this problem for those of us who still use copper-wire phones, and all the cell carriers could fix it as well. There is not yet loud enough public outcry for either Congress or the FCC to act, but that may change with the return of outgoing FCC Chair Ajit Pai to his old day job as a Verizon lobbyist. Nipping offshore scam calls in the bud would offload traffic from their various phone networks, too.

Leave a Reply to dstrom Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.