Backlash prompts IRS to back down from biometric requirement
The Internal Revenue Service (IRS) said on Monday that the agency will transition away from requiring taxpayers to use biometric data to login into the agency’s website. The change in course comes after the IRS received criticism from US Congress and organizations about its partnership with a third-party identity verification vendor.
The IRS has been using a third-party private company, ID.me, the authenticate the identities of online account users. The verification process quickly gained notoriety as a cumbersome and invasive process.
The IRS began working with private vendor ID.me last November. Under the new policy, taxpayers were required to create an online account to access services and records. The sign-in process was an arduous task requiring photo identification, utility bills, and even a selfie. The final step required a video call to verify the taxpayer’s identity. Krebs on Security reported waiting over three hours for an agent to start the video call.
Identity thieves use stolen credentials to file fraudulent tax returns and claim benefits. When the legitimate taxpayer files their proper paperwork they may be caught up for months trying to untangle the identity theft mess and dispute the false filings.
In addition to removing the use of ID.me the IRS statement also said, “During this period, the IRS will continue to accept tax filings, and it has no other impact on the current tax season,” the IRS said. “People should continue to file their taxes as they normally would.”
About 30 states and ten federal agencies currently use ID.me to protect against identity theft ID scammers who apply for benefits using someone else’s name. Signing up via vendor ID.me is forced on millions by federal and state agencies to receive financial assistance, such as state unemployment insurance, child tax credit payments, and other assistance funds.
U.S. Senate Finance Committee Chairman Ron Wyden (D-Ore.) challenged the U.S. Treasury Department and IRS to roll back the biometric requirements and encouraged the use Login.gov instead.
Alternatively, 200 hundred websites run by 28 federal agencies have used Login.gov since 2015. The service offers single sign-in with two-factor authentication.
“The IRS will also continue to work with its cross-government partners to develop authentication methods that protect taxpayer data and ensure broad access to online tools,” the IRS said in a statement on Monday.