TIGTA Audit Uncovers Security Flaws In The IRS E-File Program

IRS controls over its e-file Program are not sufficient to prevent the unauthorized use of another individual's Electronic Filing Identification Number (EFIN), according to a heavily redacted audit released on April 27 by the Treasury Inspector General for Tax Administration (TIGTA). (Audit Report No. 2011-40-031) All applicants who complete an application to participate in the program are assigned an EFIN. Those who also transmit federal tax returns are assigned an Electronic Transmitter Identification Number (ETIN). “An individual can electronically submit a federal income tax return using another individual's EFIN without that person's knowledge,” TIGTA said. During the period of March 2005 through October 2010, there were 1,192 EFINs reported to IRS ”as compromised,” the audit said. In addition, since fiscal year 2006, there have been at least 14 closed criminal investigations involving ETINs. It remains unknown exactly how many false tax returns were involved with the cases or the amount of the refunds involved. Four of the 14 investigations resulted in prison time and/or payment of restitution, the audit noted. It is available at http://www.treasury.gov/tigta/auditreports/2011reports/201140031fr.pdf.