IRS Enhances Electronic Security Measures To Combat Evolving Payroll, Identity Threats

The Bloomberg BNA Payroll Library gives you reliable, up-to-date guidance and analysis in every area of payroll administration and compliance, and includes hundreds of interactive forms and links to related federal, state, and local sites.

By Caitlin E. Reilly and Howard Perlman

The Internal Revenue Service over the past five years significantly increased the number of electronic identity filters in its arsenal against those seeking to commit identity theft using fraudulently obtained payroll information, a security director with the agency said March 21.

More than 200 identity filters, up from the 11 available five years ago, can be used to validate electronic information returns received by the IRS and help ensure that those who file the returns are legally entitled to do so, Ken Corbin, director of the Return Integrity and Compliance Services unit in the IRS's Wage and Investment Division, said at the American Payroll Association's Capital Summit in Washington. The augmented identity-filter system helps prevent thieves from receiving improper refunds of Social Security or Medicare tax that could prevent employers from receiving refunds of Social Security and Medicare amounts and also helps prevent thieves from receiving improper refunds of federal income tax.

Expansion of the identity-filer system could help lessen harm to employees whose Forms W-2 data were fraudulently acquired through the increasingly prominent W-2 phishing scheme . More than 750,000 W-2s have been stolen so far this year through the phishing scheme, which involves tricking personnel within a company into sending W-2 files to an unauthorized third party, Corbin said.

“Every month, every week, we see some kind of new threat or attack,” he said. “The threats emerge not only at the federal level with the IRS, but with industry partners, tax professionals and state departments of revenue.”

Expansions of Security Features

The IRS is considering an expansion of its W-2 verification code pilot program in response to state agencies expressing an interest in the verification codes helping authenticate state returns, Corbin said. For 2015, the first year of the pilot program, verification codes appeared on W-2s issued to employees of certain clients of four payroll service providers, and the employees were to include the verification codes when filing their federal individual tax returns for W-2 authentication.

Each verification code consisted of 16 alphanumeric characters. States participating in the verification code pilot program might not require employees to provide the codes on their state individual tax returns but instead receive another indicator from the IRS verifying that there was a match between the verification code characters on employees' W-2s and federal individual tax returns, Corbin said.

The recent establishment of Jan. 31 as the deadline for filing copies of W-2s with the Social Security Administration, starting with 2016 forms due in 2017, did not invalidate the need for the IRS's program of service providers directly sending W-2s to the IRS in addition to the SSA, which is to continue for 2016 returns, Corbin said. Fifteen service providers this year have sent the IRS a total of 22 million W-2s under this program, he said.

One of the most significant periods of attempts to steal W-2 data is from mid-January to the end of February, which causes the program of sending W-2s directly to the IRS to remain desirable because these attacks still are to be frequent in the days before the revised filing deadline, Corbin said. The earlier deadline for filing W-2s with the SSA was established under the Consolidated Appropriations Act signed Dec. 18 by President Barack Obama.

The SSA at maximum processing capacity can process about 20 million W-2s a day, but there can be a delay of a few days between the SSA's receipt of a W-2 and the agency's transmission of that W-2 to the IRS.

Additional Efforts by IRS, SSA

Results of a multiyear study conducted by the IRS to statistically prove which industries have the most prevalent worker status noncompliance are to be released in early 2017, John Tuzynski, the agency's chief of Employment Tax Policy, said at the conference. The national research project, which has involved examinations of about 6,000 information returns that were submitted by employers from 2010 to 2014, also is to identify trends that are contributing to losses in legally acquirable employment tax revenue.

Audits of about 99 percent of the information returns are complete, up from 95 percent in early 2015, Tuzynski said. The final 5 percent of returns that have been audited under the national research project generally have taken more time to audit than the other returns because they have involved the most severe potential compliance violations, he said.

Separately, in response to difficulties employers were experiencing when attempting to access the downloadable AccuWage program that checks electronic W-2 formatting before official filing, the SSA in September is to provide employers with a version of AccuWage that will be accessible from an Internet browser and not be downloaded, Mark Ruley, financial management analyst with the SSA, said at the conference.

The online version of AccuWage is to be accessible from the SSA Business Services Online website. After employers upload W-2 files to the online AccuWage site, the online version would display a page indicating errors that employers would need to correct before submitting the W-2 information to the SSA, Ruley said.

Although the downloadable version of AccuWage also is to be available for filing 2016 W-2 data, the SSA is seeking to eventually fully replace the downloadable version with the online version, Ruley said.

Worker Status Efforts

Limited resources led the Department of Labor’s Wage and Hour Division to focus enforcement efforts on vulnerable, low-wage workers and industries with an above-average frequency of violating wage and hour law, particularly through the misclassification of employees as independent contractors, David Weil, the division’s administrator, said March 21 at the conference.

Across the country, 1,000 division investigators in about 54 field offices have jurisdiction over 7.3 million employers and 135 million workers, Weil said. This dynamic led the division to focus on low-wage workers and industries known for noncompliance, such as the construction sector.

The division also targets industries known for violations, such as what Weil called “fissured workplaces” where the employer-employee relationship is less clear than in the past.

“What we’ve seen in industry after industry in terms of employment relationships is you get, whether it’s outsourcing, subcontracting, third-party management, in some cases franchising, you get a distancing of the relationship between the worker and the employer,” Weil said.

“The problem is very often this fragmentation leads to violation of the law,” Weil said. “Very often the more we fissure a relationship the higher the incentives can become for people to not to be paid what they’re owed.”

About $246 million in back wages was collected for 240,000 workers in fiscal year 2015, 30 percent of which went to employees in low-wage industries, the division said Dec. 22. The $246 million level was a slight increase from the nearly $241 million recovered the year before and down from $280.7 million in 2013.

The misclassification of employees as independent contractors is common in fissured workplaces, Weil said.

When asked about the possibility of a third category of worker tailored for the on-demand economy, Weil said that while there is no official department policy on the issue, he thought existing classification rules provide substantial guidance.

Weil estimated the on-demand economy to be made up of at most about 1 million workers out of a workforce totaling 160 million. “To me, it’s not really the time to change our basic employee definitions to deal with this gray area of what is still a relatively small segment of our economy,” he said.

To contact the editor responsible for this story: Michael Trimarchi at mtrimarchi@bna.com.