recommended reading

Tax Collectors Want 'Selfies' to Prove You Are Who You Say You Are

kaisorn/Shutterstock.com

Some state revenue agencies and motor vehicle departments are receiving federal funds to verify the smartphone selfies of taxpayers, say government and corporate officials involved. 

Individuals residing in North Carolina and Georgia will be allowed late next year to download a facial recognition app -- for selfie matching -- that should bar others from claiming tax refunds in their name. 

Why enlist the DMV? 

"They do a fantastic job of in-person proofing someone's identity, and that's a necessary step to get into a high-level assurance for any kind of electronic credential that you might want to issue," Mark DiFraia, a senior director at biometric technology provider MorphoTrust, said in an interview. 

Now that so much of our personal information is readily available online, confidential biographical data alone is not enough protection against ID theft, experts say.

In August, the federal government disclosed that crooks gamed an Internal Revenue Service online tool, by entering stolen private information on about 334,000 individuals, and filed for $39 million in fraudulent refunds.    

Earlier this year, TurboTax temporarily unplugged state return e-filing after several states reported criminals using false identities to attempt to collect refunds. 

But come late 2016, thousands of state residents will be able to block anyone from filing for their refund who does not have the same facial features, personal information and driver's license, according to officials. The new service will be offered as a preemptive measure for the tax season that begins Jan. 5, 2017. 

Here's how the anti-spoofing mechanism will work: 

  1. An individual downloads a MorphoTrust app that will be available on many types of smartphones.
  2. The user scans the barcode on the driver's license with the phone.
  3. The person uses the phone to take a picture of the front of the license so the DMV can verify it is a valid card. 
  4. And, then "they actually take a selfie," by bringing the camera up and taking a self-portrait, DiFraia said.
  5. The taxpayer consents to having the barcode scan and pictures cross-matched with data in the DMV's records. 

The images transmitted are not stored by MorphoTrust, the DMV or the state tax collector, DiFraia said. The DMV is not sharing any personal information in its records with the tax collector. The revenue agency only receives a confirmation or denial of a match. The selfie stays on the user's phone.

"This whole service is built from the core with privacy and consent as their key tenets," DiFraia said. "We're not giving DMV any data they don't already have."

The trial aims to sign up at least 75,000 individuals across both North Carolina and Georgia. 

A federally funded, industry-led initiative to secure online transactions with credentials other than passwords has granted the project $1.8 million, officials announced this week. H&R Block also is a partner in the selfie-authentication effort.

Mike Garcia, acting director of the National Strategy for Trusted Identities in Cyberspace National Program Office, tells Nextgov the service "creates this sort of componentized separation, so the interaction that is occurring with the DMV is completely distinct from the interaction that's occurring with the department of taxation of revenue. That's intentional. That's, from our view, a privacy feature."

As of now, federal-level tax returns are not part of the project. 

"We do not have any plans with the IRS as of yet for this solution," DiFraia said. "But we're optimistic that what we're demonstrating and the ideas contained within the grants would be interesting to them and something that they might consider as a way of providing users with another option where they can proactively do something to try to mitigate the risk of this kind of fraud."

The IRS paid out $5.8 billion to criminals in 2013, according to the Government Accountability Office.

When ID bandits struck TurboTax earlier, H&R Block reportedly said there was no indication of a similar problem with its tax returns. H&R Block's security safeguards included requiring a federal e-filed return to be accepted by the IRS before transmitting a state e-filed return. With TurboTax, it was possible to file a state return online without sending a federal return. 

This is not H&R Block's first foray into biometrics. On Aug. 31, the tax software provider announced a partnership with the Transportation Security Administration to house fingerprinting kiosks in H&R Block offices where customers can enroll in TSA's PreCheck expedited screening program. 

Garcia said of the taxpayer verification service, "if done right, it's actually about putting less information out there." The data already captured at the DMV, eliminates the need for "going through another proofing event with the office of taxation and revenue," he added. 

Some privacy advocates questioned an anti-fraud program that relies on biometric databases, especially as the Office of Personnel Management just announced the compromise of fingerprints of millions of national security workers.

“No amount of authentication can compensate for insecure hardware and software,” Electronic Frontier Foundation senior staff attorney Lee Tien said. “Plus, we just saw that OPM admitted something like 5.6 million fingerprints were compromised—isn’t biometric authentication wonderful?”

In the taxpayer security situation, “here, I guess the issue is face recognition—but if I can make my phone send a picture of you, is that enough?” he wondered.

(Image via kaisorn/ Shutterstock.com)

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.