back to article US taxmen pull plug on anti-identity-theft system used by identity thieves

The US Internal Revenue Service (IRS) has suspended its Identity Protection PIN tool, designed to safeguard people at risk from identity theft, because scammers are using it for identity theft. American taxpayers can request a six-digit PIN code from the IRS that is supposed to lock down their account with the taxmen: no valid …

  1. Anonymous Coward
    Anonymous Coward

    I P PINs

    That sounds painful.

    Needles too?

    Would you like a cushion for that?

    Do they tinkle when you tinkle?

    Can you hear a pin drop?

    ...Just to make things worse, when I typed the first line, I got "pinful".

  2. Anonymous Coward
    Anonymous Coward

    Can we finnally stop re-inventing the wheel?

    Why can't the .gov wrap it's collective head around the common, off the shelf solutions to these problems? Mabye use OAUTH, Google Authenticator, YubiKeys, etc. etc. etc. instead of their own sham pin system? 6 digits, issued based on easily obtainable information, or information that the .gov itself "lost" (cough, OPM) is not security... it's a liability.

    We should cut a deal with some of the Googlers to offer them another year of tax breaks in return for fixing the IRS tax return portal.

    1. edge_e
      Holmes

      Re: Can we finnally stop re-inventing the wheel?

      Careful what you wish for, Google could probably have a fair go at predicting your tax return thus saving you the need to log in.

      I suspect they'd not be as good at avoiding tax for you as they are for themselves.

      1. joed

        Re: Can we finnally stop re-inventing the wheel?

        the dirty "secret" is that no taxpayer can even file directly with IRS because of a lawsuit by tax preparer businessesscumbags, so most of Americans files with/signs to 3rd party service anyway (exposing themselves to hackers on multiple fronts). Paper and snail mail for me (since I can't avoid IRS system anyway).

    2. Doctor Syntax Silver badge

      Re: Can we finnally stop re-inventing the wheel?

      "Why can't the .gov wrap it's collective head around the common, off the shelf solutions to these problems?"

      Whilst a 6-digit pin might not be ideal - depending on how many guesses you get - it looks as if the real problem here is having something to anchor the trust system to. If the identifier gets handed out to an impersonator it doesn't matter much whether its OAAuth, Yubikey or a single digit pin.

  3. a_yank_lurker

    Modernizing

    If the ferals ever modernized we might get lucky and have technology suitable for 1916.

    1. allthecoolshortnamesweretaken

      Re: Modernizing

      Like punchcards and Hollerith-style sorting machines? Yeah, I bet IBM would love that.

  4. Anonymous Coward
    Anonymous Coward

    Yeah

    Fuck the IRS. They deserve this. I hope it gets so bad they have to make an entirely new system of taxation here in the US.

    Whoever is messing with these thieves (the IRS) would get my vote for president. I mean look at the stool samples currently vying for nomination to their respective organized crime groups!

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah

      Whoever is messing with these thieves (the IRS) would get my vote for president. I mean look at the stool samples currently vying for nomination to their respective organized crime groups!

      Please do not insult the real stool samples of the world.

      1. All names Taken
        Paris Hilton

        Re: Yeah

        Tee-hee.

        Do you mean stool as in stool pigeon or stool as in grunt-grunt-plop-ahh?

    2. Stevie

      Re: Yeah

      Except it isn't the IRS that takes it up the ass, it's the taxpayer who over-withheld because his fucking employer can't calculate the taxes properly who is out the money the fucking IRS gave to Johnny Scammer.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yeah

        Nothing to do with employer. Employees fill out a W4 form which tells employers how much to withhold.

        The US successfully put in place a system that overwithholds from the vast majority of taxpayers so that they are conditioned to see spring as "refund season" not horrible "write a check for taxes" season.

      2. Joe Gurman

        Re: Yeah

        Don't buy it. Everyone has access to their W-4 information and if too much was withheld, they can change the info on it to tune how much is withheld the next year. Been there, done that.

  5. All names Taken
    Alien

    TCO-ish

    I wonder what the cost would be if US guvmint outsourced data collection to Amathong, the Goog, Heebay, ... and if that would represent a saving in tax dollars?

    1. JCitizen
      Coffee/keyboard

      Re: TCO-ish

      Exactly what I thought - they'd do it better, and cheaper too. After all Google already knows all abouit who we all are and what we do - hell they know more about us than the government does!

  6. Mark 85

    So they pulled the security system... or a part of it. Is there now no security or minimal security?

    I'm just assuming I've been compromised somewhere over the last 5 years... and waiting for the crap to hit the rotary air movement device. So far, been lucky...

    I wonder if we can get rid of all security in the next two years. By then the attackers should own everyone and won't bother to re-attack.

  7. Old Handle

    The flaw in this plan was obvious...

    PINs given out online can't be any more secure than the site that's giving them out. They need to do something like send them by snail mail only if you're still at your last known address, otherwise you can go to the post office with an ID and request one.

    1. Aitor 1

      Re: The flaw in this plan was obvious...

      How about using the private signing keys that you have pin protected in your if?

      Oh, no id, I see......

  8. hayzoos

    shoestrings and chewing gum

    What do you expect from an agency operating on a shoestring budget. They are lucky when they find somebody has broken in. Forget keeping skiddies out, and no hope keeping the more sophisticated scammers out.

    Thanks to OPM, I have implemented a security freeze with the major consumer(credit) reporting agencies. Because of this, I cannot use the IRS online PIN system anyway. They are not the only ones using this authentication system, so there are other services I cannot use online or even at all. Most ironic is the OPM breach credit monitoring cannot be used with the credit security freeze.

    It would also help if the US tax code wasn't so complex that refunds became the default. My local income taxes are quite simple to figure. One percent, no ifs, ands, or buts; multiply what you made by .01 and remit to the taxman. The local taxman isn't being scammed for tax refunds, there are none.

    1. Swarthy
      Mushroom

      Re: shoestrings and chewing gum

      Shoestring? The IRS?! this is the agency that is always referred to with the definitive, because everything is "TheIRS". The have no lack of funds; if they are feeling a little tight, they can just "audit" someone. The IRS can claim that Joe Shmoe owes $X,000, and when Mr. Schmoe appeals, with the relevant reams of paper, the fax gets "lost", the resend is "not received", and the delivery-confirmed certified parcel arrives "after" they have raided your accounts for the money they claim you owe.

      The IRS is not law enforcement, and as such are not bound by things like "innocent until proven guilty" or "beyond a reasonable doubt" or even "preponderance of the evidence".

      1. hayzoos

        Re: shoestrings and chewing gum

        You're thinking logically. This is the US government we are talking about. Like most there is no logic. The IRS receives none of the funds found to be due in an audit. Their budget is set by congress (you know the opposite of progress). Staffing levels are so low that help-line on-hold times are at record highs. The IRS solution, transition to online help. Audits though are near record low levels.

        Your assessment of guilt by audit is spot on.

  9. Version 1.0 Silver badge

    Question and response

    The problem is that the questions have to be simple - the solution is to keep your answers simple and irrelevant.

    Q. "What's you mother's maiden name?"

    A. Pacific Ocean

    1. hayzoos

      Re: Question and response

      That would work if they used that type of secondary authentication. Instead they use a service of one of the major consumer reporting agencies.

      The questions and answers are derived from the consumer's credit report. Things like "You have a mortgage, what is the name of the lender?" then you are given three or four to choose from and a "none of these". Others ask you to choose the correct range of the mortgage monthly payment, previous address, previous employer, credit card company, etc.

      Prior to placing a freeze on my record, I had some minor errors in my report. Sometimes this would prevent me from obtaining my free annual credit report online.

  10. JCitizen
    Terminator

    Give the whole job to WATSON

    Let WATSON be the overlord of the IRS - they could fire at least half the staff and still get a better job done, because IBM's genius boy could figure out when he's being scammed from a mile away. Just like the Hollerith engine came to the rescue of the US Census Bureau in 1890, the new kid on the block comes to the rescue of the entire US tax system!!

    In fact - what the heck - he could even DO your taxes for free! There go the bloody tax lawyers! HA!

  11. Phlogistan
    Pirate

    No withholding = ZERO chance for "refund fraud"

    The entire concept of withholding was done in order to lull the cattle into a sense of trust and resignation regarding the Income Tax. 1913 saw the instigation of the MANDATORY withholding of taxes. This was viewed so unfavorably it was repealed in 1917. During the 1930's the Social Security Act was passed and The Powers That Be decided to take another whack at stealing money in smaller tranches so as to be less noticeable. Individuals owing Federal Income Tax would pay quarterly prior to the 1940's. World War Two rolls around and the Federal Government finds it needs more money now, NOW NOA!!! and decides that withholding looks like a *dandy* answer to having to wait for those peons to pony up the cash. Thus the Current Tax Payment Act in 1943 was passed.

    Pretty much downhill from there. The Government at *ALL* levels decided that nickel-and-diming the peons was SOOOOO much easier than actually having to go hat in hand to ask for *SPECIFIC* funds for *SPECIFIC* pork barrel projects.

    After all..... what's a few billion dollars here or there?

    The VAT tax is even more opaque and the continentals truly have not even an inkling of how much "their" government is skimming from them.

    Governments... they are not really into this whole "transparency" thing.

    1. JCitizen
      Trollface

      Re: No withholding = ZERO chance for "refund fraud"

      Then que LBJ's "Great Society", and deficits we will have until it all collapses around us.

    2. patrickstar

      Re: No withholding = ZERO chance for "refund fraud"

      It's somewhat telling to see what one of the people involved in the birth of the withholding tax has to say about it:

      http://reason.com/archives/1995/06/01/best-of-both-worlds

      "I played a significant role, no question about it, in introducing withholding. I think it's a great mistake for peacetime, but in 1941–43, all of us were concentrating on the war.

      I have no apologies for it, but I really wish we hadn't found it necessary and I wish there were some way of abolishing withholding now.

      "

  12. Joe Gurman

    Really?

    All this talk about pwning people's tax returns, and no one's mentioned Trump's MIA tax returns?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like