[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]


                        TAX RETURN FILING SEASON
=======================================================================

                                HEARING

                               BEFORE THE

                       SUBCOMMITTEE ON OVERSIGHT
                       
                                  OF THE

                      COMMITTEE ON WAYS AND MEANS
                     U.S. HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 19, 2016

                               __________

                          Serial No. 114-OS11

                               __________

         Printed for the use of the Committee on Ways and Means
         
         
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]  




                        U.S. GOVERNMENT PUBLISHING OFFICE                    
22-230                          WASHINGTON : 2017                     
          
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, 
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). 
E-mail, [email protected]. 



                      COMMITTEE ON WAYS AND MEANS

                      KEVIN BRADY, Texas, Chairman

SAM JOHNSON, Texas                   SANDER M. LEVIN, Michigan,
DEVIN NUNES, California              CHARLES B. RANGEL, New York
PATRICK J. TIBERI, Ohio              JIM MCDERMOTT, Washington
DAVID G. REICHERT, Washington        JOHN LEWIS, Georgia
CHARLES W. BOUSTANY, JR., Louisiana  RICHARD E. NEAL, Massachusetts
PETER J. ROSKAM, Illinois            XAVIER BECERRA, California
TOM PRICE, Georgia                   LLOYD DOGGETT, Texas
VERN BUCHANAN, Florida               MIKE THOMPSON, California
ADRIAN SMITH, Nebraska               JOHN B. LARSON, Connecticut
LYNN JENKINS, Kansas                 EARL BLUMENAUER, Oregon
ERIK PAULSEN, Minnesota              RON KIND, Wisconsin
KENNY MARCHANT, Texas                BILL PASCRELL, JR., New Jersey
DIANE BLACK, Tennessee               JOSEPH CROWLEY, New York
TOM REED, New York                   DANNY DAVIS, Illinois
TODD YOUNG, Indiana                  LINDA SANCHEZ, California
MIKE KELLY, Pennsylvania
JIM RENACCI, Ohio
PAT MEEHAN, Pennsylvania
KRISTI NOEM, South Dakota
GEORGE HOLDING, North Carolina
JASON SMITH, Missouri
ROBERT J. DOLD, Illinois
TOM RICE, South Carolina

                     David Stewart, Staff Director

                   Nick Gwyn, Minority Chief of Staff

                                 ______

                       SUBCOMMITTEE ON OVERSIGHT

                  PETER J. ROSKAM, Illinois, Chairman

PAT MEEHAN, Pennsylvania             JOHN LEWIS, Georgia
GEORGE HOLDING, North Carolina       JOSEPH CROWLEY, New York
JASON SMITH, Missouri                CHARLES B. RANGEL, New York
TOM REED, New York                   DANNY DAVIS, Illinois
TOM RICE, South Carolina
KENNY MARCHANT, Texas


                            C O N T E N T S

                               __________
                                                                   Page

Advisory of April 19, 2016 announcing the hearing................     2

                               WITNESSES

Timothy Camus, Deputy Inspector General for Investigations and 
  Treasury Inspector General for Tax Administration, U.S. 
  Department of Treasury.........................................    37
The Honorable John Koskinen, Commissioner, Internal Revenue 
  Service........................................................    17
Jessica Lucas-Judy, Acting Director, Strategic Issues, U.S. 
  Government Accountability Office...............................    57
The Honorable James B. Renacci, Member of Congress, Washington 
  D.C............................................................    10

                       SUBMISSION FOR THE RECORD

National Treasury Employees Union................................   112

                        QUESTIONS FOR THE RECORD

The Honorable Peter Roskam.......................................   109

 
                        TAX RETURN FILING SEASON

                              ----------                              


                        TUESDAY, APRIL 19, 2016

             U.S. House of Representatives,
                       Committee on Ways and Means,
                                 Subcommittee on Oversight,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:00 a.m., in 
Room 1100, Longworth House Office Building, the Honorable Peter 
Roskam, [Chairman of the Subcommittee] presiding.
    [The advisory announcing the hearing follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    


                                 ------
                                 
    Chairman ROSKAM. The subcommittee will come to order.
    Welcome to the Ways and Means Subcommittee on the Internal 
Revenue Service's 2016 tax filing return season.
    I think I speak for many Americans when I say that I am 
glad Tax Day is over. Today's hearing will review the results 
of the 2016 tax filing season. Additionally, we will focus on 
the growing threats of identity theft and cybersecurity.
    Over 150 million Americans already have or soon will file 
tax returns for 2015. They expect and deserve an efficient IRS 
that works for them. Two key aspects of that are ensuring a 
smooth filing season and protecting taxpayer data.
    Unfortunately, the IRS does not have the best track record 
with regard to either. Last year the Ways and Means Committee 
found that the IRS deliberately diverted user fees away from 
customer service, resulting in service that even the IRS 
Commissioner called ``abysmal.''
    Through Congressional oversight and appropriations, the IRS 
was forced to prioritize customer service. The agency needs to 
act quickly to address identity theft, tax-related fraud 
issues, and cybersecurity issues.
    Fraud related to identity theft is growing at an alarming 
rate. It is a serious crime that hurts millions of Americans 
and costs the government billions of dollars. In 2012, the 
Treasury Inspector General for Tax Administration, or TIGTA, 
reported the IRS could pay out $21 billion in fraudulent 
refunds over five years.
    If you have your identity stolen, it can take months to get 
your life back together. TIGTA estimated it took an average of 
278 days to resolve identity theft cases at the IRS. Nearly 20 
percent of them were not even resolved correctly.
    While the IRS has taken some steps to prevent and detect 
identity theft, the agency is not keeping up with the 
criminals. Law enforcement officers say tax fraud is so easy it 
has become an addiction for some criminals. Former drug dealers 
hold tax filing parties where they file hundreds of returns 
using stolen identities. As one suspect told police, ``Why 
would I take the risk to sell drugs and get busted when I can 
put $10,000 on a card and do it from home all day long while 
the cartoons are on?''
    In 2010, police in Miami, Florida uncovered an entire tax 
preparation company set up to file fraudulent returns. It stole 
over $2 million from taxpayers.
    While law enforcement has had some success in this area, 
there are many sophisticated operations that continue unabated. 
As one police officer in Florida remarked, ``You know, there 
are guys out there doing it better. We are catching the 
idiots.''
    Crime syndicates in Eastern Europe, for example, are 
ripping millions of dollars off the U.S. Government without 
ever setting foot in the country.
    Last May the IRS announced criminals had broken into the 
Get Transcript function on the agency's Web site and accessed 
data on more than 100,000 Americans. The IRS suspended that 
specific program, but the problem continues. Over 700,000 
people are now estimated to have had their sensitive 
information stolen.
    Earlier this year, the agency also had to suspend its 
Identity Protection Personal Identification Numbers, or IP PIN 
online program. IP PINs are given to previous victims of 
identity theft in order to protect their tax returns. But the 
IRS discovered at least 800 tax returns filed by fraudsters who 
had stolen IP PINs.
    It is ironic and unsettling to see criminals access the 
very tool the IRS relies on to protect identity theft victims.
    Identity thieves are increasingly relying on cybersecurity 
breaches and other attacks to obtain taxpayer data. And as the 
criminals evolve, we need to do the same.
    A few years ago, criminals would use stolen names and 
Social Security numbers to fill out fraudulent returns just by 
guessing information. It is simpler to catch this type of fraud 
because some information is often incorrect and it can be 
flagged through data matching.
    Nowadays with identity thieves obtaining their information 
through cybersecurity hacks, the criminals often have all of 
the information they need.
    The IRS needs to focus on advanced fraud detection methods 
to keep up with increasingly sophistication of identity 
thieves. Does the IP address match the address on the return, 
for example? For electronically filed returns, were the forms 
filled out more quickly than a human preparer could fill them 
out?
    The IRS needs to improve its information security. Both 
TIGTA and the GAO have raised concerns with the IRS's inability 
to protect taxpayer data. TIGTA found the IRS was fully meeting 
Federal information security standards only in three of ten 
areas, and there were three areas with significant weaknesses 
that put taxpayers at risk.
    Last month, the GAO reported additional problems with IRS 
security, including outdated software.
    Authentication is one of the biggest challenges. The IRS 
needs the ability to verify the people who are interacting with 
the agency are who they claim to be.
    TIGTA and GAO have reported the IRS's current 
authentication standards are not enough to protect taxpayer 
data. We have seen those weaknesses play out in the IP PIN and 
Get Transcript hacks. These criminals were able to get in 
through the front door bypassing the IRS's authentication 
protocols.
    The IRS has always had problems with its information 
technology, and now criminals are getting better at exploiting 
it.
    Last year, the IRS convened a Security Summit of 
stakeholders and industry experts to try and address identity 
theft and cybersecurity. The agency has already announced that 
it is working with software providers to enhance identity and 
validation procedures.
    Unfortunately, the IRS still has not made the common sense 
switch to multi-factor authentication. This is a common 
practice in the private sector. Most people have experienced it 
when they want to access their bank account online. The bank 
will not grant the user access until a code is sent to his or 
her phone or email account.
    The IRS needs to move in this direction, and quickly. And 
let me be clear. This is not necessarily the gold standard that 
I am talking about. It is the bare minimum the IRS needs to do 
to ensure people accessing accounts and filing returns are who 
they claim to be.
    And finally, I want to note that identity theft related tax 
fraud is not just committed by people outside of the IRS. As 
TIGTA will testify today, there have also been instances where 
the IRS's own employees used their positions to improperly 
access taxpayer data and claim fraudulent refunds.
    This is obviously unacceptable and should be addressed 
immediately. How can the IRS expect taxpayers to trust its 
agents with sensitive information when it cannot prevent 
criminal activity among its own employees?
    It is clear the IRS's existing efforts to address identity 
theft and cybersecurity attacks are not enough. Criminals are 
already exploiting these weaknesses, exposing taxpayers' 
identity and costing the government billions every year.
    The troubled agency's failure to improve its information 
security puts us at risk, and we need to hold the IRS 
accountable for protecting taxpayer information and 
strengthening security.
    I will now yield to the ranking member, Mr. Lewis, for the 
purpose of an opening statement.
    Mr. LEWIS. Good morning. Mr. Chairman, I want to thank you 
for calling today's hearing. I also would like to thank the 
Commissioner and other witnesses for being here today.
    Many of you know that this has been a difficult year for 
the IRS. Identity theft is on the rise, and millions of 
taxpayers are being harmed.
    At the same time, Republicans continue to ask the agency to 
do more with less. I have said it before, and I think our 
colleague and my good friend, Mr. Davis, has said it, and I 
will say it again. You cannot squeeze blood from a turnip.
    As one who has served on this Committee for a long time, I 
am particularly concerned about the new Republican mandate that 
directs the agencies to use private debt collectors. We have 
been down this road before. It is a waste, a distraction, and a 
disservice to the American taxpayers.
    The previous private debt collection pilot program cost 
more than they collected. Taxpayers were harassed, not helped. 
I said they were harassed and not helped.
    Across the country there is an increase in identity theft. 
Many of you read the news and have family and friends who have 
been victims. There are already many criminals impersonating 
the IRS. They seek to cheat taxpayers out of their hard earned 
money.
    Confusion about whether the private debt collector was 
acting for the IRS was a problem ten years ago. With more 
criminals, the program is bound to do more harm than good. 
Bringing back private debt collection is a mistake, and it 
should be repealed. Congress should focus on giving the IRS the 
tools it needs to serve taxpayers.
    Since 2010, funding for the IRS has been cut by around $1 
billion. Last week the Republicans on this Committee passed a 
bill to cut the IRS by $400 million more each year. These 
budget cuts have resulted in the loss of 12,000 jobs, reducing 
employee training, delaying computer system upgrades. That is 
not good. It does not help.
    Last week I was joined by Ways and Means Oversight 
Subcommittee Democrats in introducing the Taxpayers Protection 
Act of 2016. This legislation responds to the recent 
recommendation from the National Taxpayer Advocate. My bill 
also includes good policy ideas offered by other committee 
members, by Mr. Pascrell and Mr. Becerra.
    This legislation is a good, common sense policy. In 
addition to fighting identify theft and strengthening taxpayer 
protection, our bill will fully fund the President's fiscal 
year 2017 request for taxpayer service, increasing funding for 
low income taxpayer clinics, and repeal the terrible private 
tax debt collection program.
    This bill is ripe and it is timely. I hope that it will 
receive the consideration of the full committee and the full 
Congress as soon as possible.
    Mr. Chairman, again, I thank you for calling today's 
hearing. I hope that we will see more subcommittee activity on 
how to better serve and support American taxpayers. I look 
forward to hearing from today's witnesses, and again, I want to 
thank all of the witnesses for being here.
    Thank you, Mr. Chairman, and I yield back.
    Chairman ROSKAM. Thank you, Mr. Lewis.
    We will have two panels today. Our first panel is our 
colleague, Congressman Jim Renacci from Ohio, who has had a 
personal experience in this arena that he is going to give us 
his perspective on. Not only does he have the background of 
serving on the Ways and Means Committee, but he also has a vast 
private sector background in terms of tax preparation and so 
forth with his insight as a CPA.
    Mr. Renacci.

  STATEMENT OF THE HONORABLE JIM RENACCI, A REPRESENTATIVE IN 
                CONGRESS FROM THE STATE OF OHIO

    Mr. RENACCI. Chairman Roskam, Ranking Member Lewis, and 
Members of the Subcommittee, thank you for holding this 
important hearing. I am grateful for the opportunity to testify 
on the impact of tax-related identity theft on taxpayers in 
Northeast Ohio and across the country.
    Let me start with my personal story. Last May I received a 
notice from the IRS stating they had some questions for me 
about my 2014 tax return. I found this troubling because I had 
yet not filed my return.
    Because of the Tax Code's complexity, my return requires 
many forms that rarely arrive before the April 15th filing 
deadline. So like every year, I filed an extension for my 2014 
return until October.
    After receiving that IRS notice in May, I immediately 
called the IRS hoping to swiftly confirm that this was just an 
IRS error. Unfortunately, there was nothing quick about the 
call. It took almost two hours, and I did not get an answer.
    My level of concern intensified, and I realized that 
something was very wrong. When I returned to Washington the 
next week for votes, I reached out to the IRS office here. I 
finally got some answers.
    I learned that sometime in 2015, my personal information 
had been stolen. Someone then used the information to 
electronically file a fraudulent tax return for my wife and I. 
That fraudulent return, which included a fake W-2 from the U.S. 
House of Representatives, claimed a significant refund, and the 
return instructed that those proceeds go to a bank account 
outside the United States.
    Thankfully, there were various red flags associated with 
this fraudulent return which the IRS caught before sending 
payment.
    As a taxpayer and tax preparer for almost 30 years, it is 
apparent to me that identity theft is real. The ability to file 
for a refund electronically and receive a refund quickly via 
bank transfer can also cause significant issues related to 
identity theft.
    Let me be clear. I do not want to return to paper returns 
and checks, but the ease of electronic filing and payments has 
exacerbated the problem. I know now more than ever we need 
additional safeguards to protect taxpayers.
    I personally have heard from many Northeast Ohio taxpayers 
about their experiences dealing with tax related identity 
theft. My district office regularly assists constituents who 
are ID theft victims. I just never thought it would happen to 
me.
    Of course, this is not just a Northeast Ohio problem. Tax-
related identity theft is an evolving criminal activity that 
targets innocent taxpayers nationwide and robs the Treasury of 
billions of dollars each year.
    I am committed to finding a way to crack down on the 
growing threat that has devastated millions of taxpayers. So 
last fall with Ranking Member Lewis, I introduced bipartisan 
legislation entitled ``The Stolen Identity Refund Fraud 
Prevention Act of 2015.''
    This legislation is an important first step towards 
shielding taxpayer dollars from fees and reducing the hardship 
caused by this criminal activity. I was pleased that two core 
components from this legislation were included in the PATH Act 
that passed last December. One closes the large gap between 
when employers provide W-2s to their employees and when they 
are required to provide them to the government. While W-2 and 
non-employee compensation statements are due to employees by 
the end of January, before the PATH Act the deadline for filing 
them electronically with the government was not until the end 
of March.
    In the last filing season, the IRS received over 90 million 
returns during that two-month window where the IRS was unable 
to verify key information before issuing refunds. Starting next 
filing season, the due date for filing W-2 information returns 
and non-employee compensation forms to the government will also 
be the end of January.
    Closing this window was a key step in enabling the IRS to 
prevent the continued issuance of billions of dollars in 
fraudulent tax returns. Even though that provision does not go 
into effect until next filing season, I am pleased that some 
employees with large volumes of W-2s were proactive on this 
issue and agreed this filing season to voluntarily file their 
W-2s with the government early in this year. According to Tax 
Commissioner Koskinen's testimony last week before the Finance 
Committee, the IRS received over 25 million early submissions, 
most of which came by the end of January.
    The second provision of my bill included in the PATH Act 
allows the IRS to require permitted truncated Social Security 
numbers on W-2s. Previously, while the IRS by regulation could 
require truncated Social Security numbers on Forms 1099, they 
were prohibited by statute from doing the same on W-2s. This 
common sense provision will better protect sensitive taxpayer 
personal information that was previously at risk.
    Mr. Chairman, tax-related identity theft is one of the most 
pressing challenges that we face in the world of tax 
administration. This complex and evolving threat requires 
cooperation from Congress, the IRS, state revenue agencies and 
industry stakeholders.
    I would also like to applaud the IRS for creating the 
Security Summit initiative to collaborate in fighting tax-
related identity theft, and I am pleased to hear that the 
public-private partnership has resulted in a greater sharing of 
resources to improve identity theft detection and prevention.
    I look forward to continuing to work with all stakeholders 
to curb the growing threat.
    Thank you for the opportunity to testify. I look forward to 
working with my colleagues on this Committee to mark up the 
remaining provisions of the Stolen Identity Refund Fraud 
Prevention Act of 2015.
    [The prepared statement of Mr. Renacci follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    

                                 --------
    Chairman ROSKAM. Mr. Renacci, thank you for your testimony.
    I am just thinking about how aggressive it would be for 
somebody to actually file a fake W-2 with the U.S. House of 
Representatives on it. I mean, that is a demonstration of 
hubris, and as you pointed out, you know, the IRS caught it 
before the money went out. So let us give credit where credit 
is due.
    So thank you for your attention and for your willingness to 
roll up your sleeves and to work on a bipartisan basis on these 
issues that affect all of us.
    We will now hear from our second panel. It consists of 
three witnesses:
    The Honorable John Koskinen, the Commissioner of the 
Internal Revenue Service;
    Mr. Timothy Camus, who is the Deputy Inspector General for 
Investigations at the Treasury Inspector General for Tax 
Administration, or TIGTA;
    And Ms. Jessica Lucas-Judy, who is the Acting Director for 
Tax Issues at the Government Accountability Office.
    Commissioner Koskinen, welcome, and if we could begin with 
your testimony. You are recognized.

  STATEMENT OF JOHN KOSKINEN, COMMISSIONER, INTERNAL REVENUE 
                            SERVICE

    Mr. KOSKINEN. Thank you, Mr. Chairman and Ranking Member 
Lewis and Members of the Subcommittee. I appreciate the 
opportunity to appear before you today.
    Let me start with an update on the 2016 filing season which 
ended yesterday for everyone but those living in Maine and 
Massachusetts, who must file by midnight tonight. For the rest 
of the country, I am pleased to report that the last day of 
filing individual tax returns, yesterday, went very smoothly 
with our systems receiving more than four million returns on 
that day alone.
    We have received already and processed slightly over 130 
million returns. Ninety percent of the refunds were processed 
within our 21-day goal and approximately 90 million refunds 
have already been issued.
    In regard to taxpayer service, I am also pleased to be able 
to report that the IRS saw significant improvements during this 
filing season over last year largely due to the additional 
resources provided by Congress. A total of $290 million in 
additional funding was approved for the IRS for this fiscal 
year to improve service to taxpayers, strengthen cybersecurity 
and expand our ability to address identity theft, all of which 
we appreciate.
    To illustrate how helpful this extra funding was, we 
designated $178 million to be used for taxpayer service, which 
among other things allowed us to add about 1,000 extra 
temporary employees to help improve our service on the phones 
during the filing season.
    During the season, the average level of service on our toll 
free help lines this year has exceeded 70 percent, a vast 
improvement over last year's 37 percent. Unfortunately, once 
the seasonal employees are gone and the funding runs out, that 
number will drop significantly, but still the average for the 
phone service for the full year will probably be between 47 and 
50 percent, still a significant improvement over last year.
    The President's budget for 2017 provides for a level of 
phone service of about 70 percent for the entire year with an 
investment of approximately $150 million above current levels. 
This year has demonstrated that with additional funding, 
taxpayer service will improve significantly.
    Let me now turn briefly to the IRS' ongoing efforts with 
regard to cybersecurity and identity theft. Securing our 
systems and taxpayer data continues to be a top priority for 
the IRS. Even within our constrained resources, we continue to 
devote significant time and attention to the challenge. We work 
continuously to protect our main computer systems from 
cyberattacks and to safeguard taxpayer information stored in 
our databases. These systems withstand more than one million 
malicious attempts to access them every day.
    We are also continuing to battle a growing problem of 
stolen identity refund fraud. Over the past few years, we have 
made steady progress in protecting against fraudulent refund 
claims and criminally prosecuting those who engaged in this 
crime.
    We have found the type of criminal we are dealing with has 
changed. The problem, as the chairman noted, used to be random 
individuals filing a few dozen or a few hundred false returns 
at a time. Now we are dealing more and more with organized 
crime syndicates here and around the world. They are gathering 
unimaginable amounts of personal data from sources outside the 
IRS so they can do a better job of impersonating taxpayers, 
evading our return processing filters and obtaining fraudulent 
refunds.
    To improve our efforts against this complex, as noted, and 
against the evolving threat, as noted in March last year, we 
joined with the leaders of the electronic tax industry, the 
software industry and the states to create the Security Summit 
Group. This is an unprecedented partnership that is focused on 
making the tax filing experience safer and more secure for 
taxpayers in 2016 and beyond.
    Our collaborative efforts have already shown concrete 
results this filing season. For example, Security Summit 
partners have helped us improve our ability to spot potentially 
false returns before they are processed, and they have 
increased the level of authentication for taxpayers when they 
use software or provide information for their preparers.
    Over the past year, we have detected and stopped three 
instances of criminals masquerading as legitimate taxpayers on 
the basis of information stolen from places other than the IRS. 
One of the service's targets, as noted, was our Get Transcript 
online application used by taxpayers to quickly obtain a copy 
of their prior year return.
    Another was the IP PIN, as the chairman noted. In all three 
cases we detected that criminals were trying to use our online 
tools to help them pretend to be legitimate taxpayers and sneak 
false returns past our filters.
    The incidents have shown us that improving our reaction 
time to suspicious activity is not enough. We need to be able 
to anticipate the criminals' next moves in an attempt to stay 
ahead of them. The ongoing work of the Security Summit Group 
will be critical to our success here.
    Congress can provide critical support by approving adequate 
resources for these efforts. Sustaining and increasing funding 
in this area will be critical as we move forward.
    Another way Congress can help us is by passing legislative 
proposals to improve tax administration and cyber security. One 
of the most important requests we have made is for the 
reauthorization of streamlined critical pay authority, the loss 
of which has made it very difficult, if not impossible, to 
recruit and retain employees with expertise in highly technical 
areas such as information technology.
    Mr. Chairman, Ranking Member Lewis, and Members of the 
Subcommittee, this concludes my statement, and after other 
presentations, I would be happy to take your questions.
    [The prepared statement of Mr. Koskinen follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    

                                 --------
    Chairman ROSKAM. Thank you, Commissioner.
    Mr. Camus.

   STATEMENT OF TIMOTHY CAMUS, DEPUTY INSPECTOR GENERAL FOR 
     INVESTIGATIONS AND TREASURY INSPECTOR GENERAL FOR TAX 
        ADMINISTRATION, U.S. DEPARTMENT OF THE TREASURY

    Mr. CAMUS. Chairman Roskam, Ranking Member Lewis, and 
Members of the Subcommittee, thank you for the opportunity to 
discuss the Internal Revenue Service's 2016 tax filing season.
    TIGTA continues to identify security of taxpayer data as 
fraudulent claims as major management challenges facing the 
IRS. Both challenges continue to play a significant role in 
this year's tax filing season.
    Since 2012, TIGTA has issued a series of reports assessing 
the IRS' efforts to detect and prevent fraudulent tax refunds 
resulting from identity theft. The IRS has implemented many of 
TIGTA's recommendations and has continued its efforts to 
improve its detection processes.
    However, tax related identity theft remains a major 
challenge for the IRS. At the same time, cybersecurity threats 
against the Federal Government continue to grow. The IRS is a 
prime target for attacks because of the extensive amounts of 
taxpayer data it stores and refund amounts it issues each year.
    Because of this, the risk of unauthorized access to tax 
accounts, the potential theft of taxpayer information from the 
IRS and refund fraud will continue to grow. For example, in 
August 2015, the IRS reported that unauthorized users had been 
successful in obtaining information from the Get Transcript 
application for an estimated 334,000 taxpayer accounts.
    To prevent further unauthorized accesses, the IRS disabled 
the application on its Web site. TIGTA's current review of the 
Get Transcript breach identified additional suspicious accesses 
to taxpayers' accounts that the IRS had not initially 
identified. We believe that more than 724,000 taxpayer 
transcripts may have been stolen.
    TIGTA is participating in a multi-agency criminal 
investigation into this matter. We have also provided the IRS 
with some of our investigative observations to date in order to 
help them secure their e-authentication environment going 
forward.
    We also reported in November 2015 that the IRS did not 
complete the required authentication risk assessment for its 
online identity protection personal identification number, or 
IP PIN application. We recommended that the IRS not reactivate 
this application for the 2016 filing season.
    However, the IRS reactivated the application on January 
19th, 2016.
    We issued a second recommendation to the IRS on February 
24th to remove the IP PIN application from its public Web site. 
On March 7th, the IRIS reported that it was temporarily 
suspending the use of the IP PIN application. The IRS also 
reported that 800 stolen IP PINs had been used to file 
fraudulent tax returns.
    Tax refund fraud and identity theft issues are not limited 
to unscrupulous individuals operating from outside of the IRS. 
We have conducted a number of significant investigations 
involving identity theft by IRS employees.
    In one recent prosecution case, we identified an IRS 
employee who, through her access to IRS data systems, stole the 
information of hundreds of taxpayers. She subsequently used 
this information in an attempt to obtain between $550,000 and 
$1.5 million in fraudulent refunds.
    We believe the IRS must prioritize its focus on insider 
threat posed by IRS employees by increasing and improving its 
application audit trails.
    Other challenges to the IRS' ability to efficiently 
administer the Nation's tax laws include a telephone 
impersonation scam. Since October 2013, we have received over 
one million complaints from taxpayers who reported that 
individuals called them, claimed to be IRS employees, and then 
demanded money.
    This scam is the largest, most pervasive impersonation scam 
in the history of our agency. It has claimed over 5,700 victims 
with reported losses totaling more than $31 million to date.
    We also continue to receive reports of individuals who have 
become victims of lottery winning scams, and we are also seeing 
an increase in the number of reported IRS fishing attempts.
    TIGTA and our law enforcement partners have made several 
arrests in connection with many of these scams, and we have 
over 100 investigations currently underway. As the number and 
sophistication of threats to taxpayer information will likely 
increase, they will be a continued focus of our audit and 
investigative coverage, and we will continue to provide the IRS 
with information necessary to protect taxpayers.
    Chairman Roskam, Ranking Member Lewis, and Members of the 
Subcommittee, thank you for the opportunity to share my views.
    [The prepared statement of Mr. Camus follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 ---------
    Chairman ROSKAM. Thank you.
    Ms. Lucas-Judy.

  STATEMENT OF JESSICA LUCAS-JUDY, ACTING DIRECTOR, STRATEGIC 
         ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. LUCAS-JUDY. Chairman Roskam, Ranking Member Lewis, 
Members of the Subcommittee, thank you for inviting me to 
testify on three opportunities that GAO identified for IRS:
    First, improving customer service;
    Second, combating identity theft refund fraud; and
    Third, enhancing information security.
    During the filing season IRS deals with millions of 
transactions. The scale of these operations presents challenges 
for customer service and for protecting taxpayers' personal and 
financial information. Congress provided IRS with an additional 
$290 million this year to improve these areas.
    Regarding the first area of opportunity, customer service, 
the 2016 filing season was generally smooth. IRS provided a 
higher level of telephone service than it did in 2015. More 
people who wanted to speak to a live assister were able to get 
through, and the wait times were much shorter.
    However, as you heard, IRS expects telephone service to 
decline now that the filing season is over. GAO has recommended 
that IRS benchmark its telephone service with other call 
centers to identify potential improvements.
    Of course, IRS provides much more than just phone service. 
It handles correspondence, and it also provides services 
online, among other things. We have made recommendations to 
help IRS strategically manage these duties.
    For example, in 2013, GAO recommended IRS develop a long-
term strategy for new online services. IRS recently told us 
that its new Future State Initiative will provide better 
service to taxpayers, but this initiative is in its early 
stages.
    We have also suggested Congress require Treasury and IRS to 
develop a comprehensive customer service strategy that 
incorporates elements of our prior recommendations.
    The second area of opportunity is identity theft refund 
fraud. IRS estimates it paid more than $3 billion dollars in 
identity theft refunds in 2014, and that is just from schemes 
already known. IRS has made it easier for people to report 
suspected fraud, and it is working with state and industry 
partners to share potential leads and strengthen fraud filters.
    Stronger pre-refund and post-refund strategies would help 
IRS combat this persistent and evolving threat. For example, 
IRS is considering a number of tools to enhance authentication, 
making sure the person filing the return is who they say they 
are.
    However, some of these could impose significant burdens on 
taxpayers and the IRS, and it is unclear how well they work. 
GAO recommended IRS assess the costs and benefits of its 
authentication tools.
    It is also important that IRS identify fraudulent returns 
before the money goes out the door. IRS currently issues 
refunds after matching names and Social Security numbers and 
filtering for certain indicators of fraud but does not match 
wage information reported by employers on W-2s.
    Historically W-2s had been available to IRS after it issued 
most refunds. Matching W-2s with information on tax returns to 
detect fraud before paying refunds could save some of the 
billions of dollars currently lost to fraud.
    The 2016 Consolidated Appropriations Act makes some of that 
information available earlier, which should help address this 
issue.
    The third area of opportunity is cybersecurity. While IRS 
has implemented some controls, taxpayer data continues to be 
exposed to unnecessary risk due in part to inconsistent 
implementation of IRS' security programs.
    To illustrate, we found that IRS used easily guessable 
passwords on servers that were supporting key systems. IRS also 
allowed access to certain systems beyond what users needed to 
do their jobs and did not encrypt sensitive data on some of the 
key systems that we reviewed.
    Importantly IRS did not fully address deficiencies we had 
identified in prior reviews or ensure that its actions 
corrected the problem. For instance, in our most recent review, 
IRS told us it had addressed 28 of our prior recommendations, 
but we found that nine of those had not been implemented 
effectively.
    Last month GAO made 43 recommendations to address newly 
identified weaknesses. Implementing these and our 49 
outstanding recommendations would better protect sensitive 
information.
    In summary, as more IRS services are conducted online, it 
would be important for IRS to ensure it has proper safeguards 
in place and is using the full range of information to combat 
identity theft refund fraud and protect taxpayer data.
    We urge Congress, Treasury, and IRS to implement GAO's 
recommendations in the three areas we identified: benchmarking 
IRS' phone service and developing comprehensive customer 
service and online strategies; assessing authentication tools 
and conducting pre-refund matching; and addressing 
vulnerabilities in IRS' information security systems to better 
protect taxpayer data.
    Chairman Roskam, Ranking Member Lewis, Members of the 
Subcommittee, this concludes my prepared remarks, and I will be 
happy to answer any questions you may have.
    [The prepared statement of Ms. Lucas-Judy follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 --------
    Chairman ROSKAM. Thank each one of you for your 
perspectives. They are very valuable.
    Now we will go to inquiries from the members. Let us go to 
Mr. Reed from New York.
    Mr. REED. Well, thank you, Mr. Chairman, and thank you to 
the panelists for being here today.
    Commissioner, I wanted to go to some of the information you 
shared in your testimony, in your written testimony, in regards 
to the Security Summit and the Information Sharing and 
Assessment Center that was discussed in coming out of there.
    So in the spirit of true oversight, not a ``got you'' 
question, but what is the status of the Information Sharing 
Center and when can we expect it to be up and running?
    Mr. KOSKINEN. The status is we are working both internally 
and also with our summit partners to design it. It will be 
somewhat unique. There are a couple of other ISACs, as they are 
called, in the government that we have looked at. None of them 
quite apply to this.
    We jointly with them all have security concerns obviously. 
Our hope would be to have it totally operational by the next 
tax season, but the technology features are such that we think 
we may or may not make that deadline, but we are all committed, 
the private sector partners with us, as quickly as we can to 
have it up.
    What it will do is basically allow the private sector and 
the states to more easily have access to the information that 
is being shared. Right now everybody gives it to us and then we 
process it and give it back out. So it is not that people are 
not sharing the information. It will just be much more 
efficient if we can get the ISAC up and running.
    Mr. REED. Okay. So one of the barriers you said was the 
technological barrier. What are the technological barriers that 
you are uncovering with establishing that center?
    Mr. KOSKINEN. The technology there is just setting up. We 
have the governance structure already underway. So it is 
primarily just the technology. Can we set up the database in a 
secure way and the accesses for it to go forward?
    Mr. REED. Is that hardware technology, software technology?
    Mr. KOSKINEN. It is a combination. You know, we have this 
somewhat antiquated system with many moving parts to be able to 
collect the data, make sure it gets into our filters 
appropriately and gets back out in a secure way. It is 
primarily a programming and software challenge.
    Mr. REED. Okay. That is helpful.
    And you know you and I have talked numerous times before, 
and one of the things that I drive in my private life as well 
as public life is metrics. What are the expectations? What are 
we going to hold you accountable to?
    So in the spirit of hoping to meet that deadline of having 
the ISAC center up and running by next tax season, what are you 
going to gauge yourself as the IRS to make sure that the ISAC 
operation is functioning and delivering on the security 
measures that you want to see happen in that arena?
    Mr. KOSKINEN. I think our measure is that by this time next 
year it will be up and running. Our goal, aspirational, is to 
try to see if we can get it up early enough to be at the front 
end of the filing season, but we would be delighted to report 
back to you.
    The measure underneath it all, that is a system. It is the 
amount of data being shared, and then it is really the impact 
on how many of these returns can we catch. So we are monitoring 
carefully the number of returns we stop, and to the extent we 
can, as a result the increase in those as a result of the 
partnership.
    Mr. REED. All right. So I am not going to let you off that 
easy. So the goal is to get it up and running by this time next 
year.
    Mr. KOSKINEN. Right.
    Mr. REED. And then you are going to monitor the data and 
you are going to gauge the data. How are you going to measure 
that? What does that mean? What is the metric?
    I mean I hope the goal is not just we are going to get it 
up and running, and we hope it is going to do a great job, and 
we will come next year and say it is doing a great job, 
Congressman.
    Mr. KOSKINEN. Right.
    Mr. REED. You are getting millions of dollars potentially 
invested here. What are we going to hold you accountable for?
    Mr. KOSKINEN. The ultimate goal is to catch and stop 
fraudulent refunds before they go out.
    Mr. REED. So how much of an improvement in that arena can 
we expect from you as a result of this ISAC?
    Mr. KOSKINEN. We do not have a number that we can work 
against yet. We know last year we stopped slightly over four 
million.
    Mr. REED. Will you have that number when the ISAC is up and 
running?
    Mr. KOSKINEN. Yes. We know last year we stopped four 
million suspicious returns, a million and a half of which were 
proven identity theft which were $8 billion of refunds 
prevented from going out. That is a baseline.
    The goal would be to not only stop refunds, but to trap 
identify theft refunds.
    Mr. REED. And how much?
    Mr. KOSKINEN. And if we are successful, to some extent 
those numbers should go down. In other words, if we are 
successful at closing off systems and having better 
authentication on the front end, the goal would be to have the 
number of fraudulent returns filed not only stopped, but to go 
down. If we can get fraudulent returns under a million, that 
would be terrific.
    Mr. REED. So get the fraudulent returns down to a million 
as a metric that we could hold you to?
    Mr. KOSKINEN. I think the metric would be we had a million 
and a half we stopped in 2014. Can we lower that metric 
noticeably and significantly?
    Mr. REED. And that would be about a million, down to about 
a million if I heard you correctly?
    Mr. KOSKINEN. Well, my partners and I have to figure out 
what is a reasonable goal.
    Mr. REED. That is what I am really looking for, are those 
actual hard metrics that we can hold you accountable to because 
what other metric are you going to deploy to make sure to see 
if this ISAC is a success?
    Mr. KOSKINEN. The two metrics that I think are most 
important to everyone are: can we get the number of fraudulent 
returns filed down? And can we get the amount of fraudulent 
payments made down?
    Mr. REED. To what?
    Mr. KOSKINEN. Well, the goal would be obviously illusory to 
get them down to zero.
    Mr. REED. Okay.
    Mr. KOSKINEN. I mean we could fight it there, but we are 
not going to get them to zero.
    Mr. REED. We all agree we cannot get to zero, but what is 
the goal you are going to be at from today to a year from now 
or a year after the ISAC center is up and running?
    Mr. KOSKINEN. Well, as I said, our numbers for 2014 were 
3.8 billion. We would like to get that number under three 
billion. We would like to get it under two billion at some day, 
but we are dealing with increasingly well-funded, sophisticated 
criminals, organized criminals around the world.
    Mr. REED. I appreciate the work, and I appreciate the 
threat that you have. I just want to make sure we have a clear 
metric as we move forward, and we have discussed that before.
    Mr. KOSKINEN. Yes.
    Mr. REED. It is meant in good faith just to hold everyone 
honestly accountable.
    With that I yield back.
    Chairman ROSKAM. Mr. Lewis.
    Mr. LEWIS. Thank you very much, Mr. Chairman.
    Mr. Commissioner, thank you for your testimony this 
morning.
    What concern do you have, and if you have some concern, 
could you share with us about restarting this program of 
private debt collectors?
    Mr. KOSKINEN. Well, our concern goes to the issues that Mr. 
Camus talked about, and that is we jointly with them have been 
for the last couple of years battling phone scams, people 
impersonating IRS employees trying to shake down nervous or 
frightened taxpayers.
    Historically we have run private debt collection systems 
twice before and they have never generated significant funding 
for the government. We are committed because the Congress gave 
it to us as a requirement; we are committed to do everything we 
can to make the program work.
    But one of the complications this year as we put the 
program in place will be how to deal with the phone scams that 
are going on. So we have already had a bidder's conference with 
potential participants, trying to work with them as to how we 
jointly, and I am a big believer in partnerships as you know; 
how we jointly can figure out how to make this work.
    One thing we are looking at it is, as I have told people 
publicly for two years, if you are surprised to be hearing from 
us, you are not hearing from us. People should have gotten 
letters from us long before they ever hear from us on the 
phone.
    So one of the ideas we have is that we would send a letter 
to a taxpayer saying, ``Your account has now been assigned to a 
given debt collector.''
    The debt collector then would write the same taxpayer 
saying, ``We are Company X and your account has been assigned 
to us. We will be calling you.''
    So, again, a taxpayer would be in the situation of not 
being surprised when they got a call from the IRS. So we could 
continue to advise taxpayers if you are surprised, it is a 
scam.
    The other thing we are trying to tell everybody is if you 
are going to pay your taxes in response to any inquiry, the 
check goes to the United States Treasury. The money does not go 
into a debit card account. It does not go into a bank account. 
It goes to the United States Treasury.
    Mr. LEWIS. Mr. Commissioner, not too long ago, just maybe 
about three months ago I received a call at my home here on 
Capitol Hill. The person said, ``I am from the IRS. We are 
going to sue you.''
    And I said, ``Sue me for what?''
    The person hung up. I tried to trace the number. I could 
not trace it.
    How do we warn the American people that there are people 
out there that are not representing the IRS?
    Mr. KOSKINEN. As I said, we have been working on this for 
over two years. I get clippings services every day, and there 
are good news articles at the local level, television stories 
either warning about the scam every year, and regularly we put 
out warnings about a range of scams.
    I have been dismayed at the persistence of the calls. The 
IG has done a very good job with us of collecting the data. 
They have been working with the Department of Justice 
prosecuting as we go on, and as they have noted, the number of 
people falling prey to the calls is dropping as a percentage, 
but the calls continue.
    The IG does a report that they share with us every week. 
There are 15 to 18,000 reported calls every week, and that is 
just the tip of the iceberg.
    So all we can do and what we are trying to do is flood the 
zone as it were, regularly and consistently, again, trying to 
get people to understand in simple terms. As I say, if you are 
surprised to be hearing from us, you are not hearing from us.
    The second thing is we never threaten you. We never say 
something is going to happen in 24 hours if you do not act, and 
the third thing is we will never tell you to put money anywhere 
but in the accounts of the U.S. Treasury in a check to the 
United States Treasury.
    And if we can continue to get that message out, my hope is 
the percentage, now small, of people who fall prey to this will 
decline. People being subject to it are elderly, low income 
people, and recent immigrants who tend to be more nervous and 
frightened or easily scared. And they are the people whose 
heart you go out to most when you read about they have sent 
$1,000, $3,000 in effect into criminals' hands.
    Mr. LEWIS. Mr. Inspector, do you share these concerns?
    Mr. CAMUS. Yes, sir, we are very concerned about this scam. 
As I said in my testimony, it is the most persistent scam. We 
continue to try to do a public awareness. I personally, 
although I have a face for radio, I recorded a public service 
announcement that we continue to try to market and get out on 
the YouTube channels.
    People every week fall victim to this, and as the 
Commissioner noted, between 15 and 20,000 calls are made each 
week and reported to us. We are very concerned about this as a 
continuing crime, but we do have some prosecutions coming up in 
the future that we hope will help us warn taxpayers not to fall 
prey to this criminal activity.
    Mr. LEWIS. Thank you very much.
    I yield back, Mr. Chairman.
    Chairman ROSKAM. Mr. Meehan.
    Mr. MEEHAN. I thank you, Mr. Chairman.
    I thank the ranking member for bringing up that issue. I 
suspect everybody on this dais got one of those phone calls. I 
did. My wife did.
    Mr. KOSKINEN. I have gotten one. When I got it I thought 
there must be somebody at the IRS I could talk to about this.
    [Laughter.]
    Mr. MEEHAN. We did the same press conference and got 
tremendous coverage and alert, but people are still once they 
get that call very, very scared, and there is one discrepancy 
that is not my questioning, but we say that we never go after 
people and ask for, you know, demand, but there are some 
collection services that are out there potentially speaking on 
behalf of the IRS with some level of legitimacy, and I think 
that is an issue that we need to be able to confirm, that you 
will never get a phone call from anybody representing the IRS, 
but a lot of work for us to do.
    Listen. As technology changes, we are utilizing it more, 
and I have seen a tremendous shift in utilization of e-filing 
and other kinds of things, which I assume makes it a little 
easier for you to be able to handle the returns that you get, 
Commissioner, but we are struggling on the front end with the 
authentication issue. Are you who you say you are?
    And obviously in the beginning, we began with just name, 
Social Security number, and some of the other things, all of 
which are readily available for somebody not even hacking into 
your system oftentimes by getting information from taxpayers.
    Now, I know that there have been some efforts in the IRS to 
strengthen its authentication system, but there has also been 
criticism that notwithstanding those efforts, things have not 
even reached the standards of what is expected of a 
governmental agency.
    So can you give me a sense on where this is going? I am 
aware that even within the agency you are looking at 2016, 
setting a standard, trying to get there, but because 
authentication is so important not just on the back end, but on 
the front end as well, to assure that the initial inquiry is 
accurate.
    Can you talk to me about authentication?
    Mr. KOSKINEN. Yes.
    Mr. MEEHAN. Where we are going and how we can fix this and 
get it better?
    Mr. KOSKINEN. Yes. It is obviously critical for all the 
reasons you state. It goes to the heart of our ability to 
expand our online services because if we are going to expand 
those, we have to expand them for legitimate taxpayers.
    So as noted, when we first designed Get Transcript four or 
five years ago, so-called out-of-wallet questions were a 
standard means of authentication on the theory that you ask 
questions only the taxpayer should know.
    It turns out with all of the data breaches, all of the 
information available on social media, it is increasingly easy, 
not totally simple, for criminals with enough personal data to, 
in fact, be able to masquerade as you. As I used to say, they 
can answer sometimes your questions better than you because 
they remember the year you bought the Volvo. They know that. 
You may not remember it.
    So what has happened with the evolution of the 
sophistication of criminals is simply relying on out-of-wallet 
questions no longer is the sort of standard you should use. We 
have gone to multi-factor authentication.
    In simple terms, multi-factor authentication, and you have 
done it with your online services, you will change a password 
or do something, and you will get sent to another account, to 
an iPhone, to your iPad, someplace else, a code that you enter 
back in, and that is a two-factor authentication. They know you 
are online. They also know that you have got possession of a 
device that the criminals do not have.
    Our problem is we do not right now have email addresses or 
telephone numbers regularly for taxpayers. We correspond with 
people by paper.
    Mr. MEEHAN. Well, that is what your Identity Assurance 
Office is looking at some of these things. Where are they going 
to be going with this in 2016? Because the assessment by the 
Inspector General was that you are going to assess costs and 
risks and other kinds of things.
    Mr. KOSKINEN. Yes. So what we are testing right now, before 
getting Get Transcript back up or IP PINs, is a multi-factor 
authentication where through a credit service, and which now 
would be the first to do that, who, when you go onto the credit 
service they have your phone number and other information, 
where we would correspond with the taxpayer online. We would 
then send to their iPhone or iPad a code. They would pick that 
code up and come back in, and we would be satisfied that even 
the criminal knew your out-of-wallet questions, which you still 
have to answer, they probably do not have possession of your 
cell phone.
    The difficulty is that is a good system, and it will make 
it much more difficult for criminals. The problem is it will 
make it a little harder for taxpayers as well.
    Mr. MEEHAN. Right, finding the right balance.
    Mr. KOSKINEN. Yes. Our estimate is, judging that we have 
talked to the British and we have talked to everybody we can 
talk to, that at the front end if we can get 50 percent of 
taxpayers through, that will be helpful.
    I would remind everybody on the out-of-wallet questions, 
our experience was 22 percent of taxpayers could not answer 
their out-of-wallet question, and half the criminals could not 
answer them.
    Mr. MEEHAN. Well, that is the problem. Everybody nowadays 
has a million different pins and other kinds of things. You 
forget what you gave them in terms of the identifying 
information. You cannot answer your own questions.
    Mr. KOSKINEN. Yes.
    Mr. MEEHAN. How do we get to a system in which we can 
effectively address that?
    Mr. KOSKINEN. Well, again, the multi-factor does not 
require you to remember the number you get. Every time you need 
it a new number will be sent to your iPhone, your iPad or 
texted to you, and you will use that new six-digit number just 
to authenticate, again, that you are who you are, and it will 
be harder for a criminal to duplicate that because they will 
not have possession of the alternate or the multi-factor part 
of the authentication.
    The problem will be and our goal will be over time to make 
that work smoothly enough with data enough that we could get 
back to the 80 percent level. We will probably never have an 
authentication system that everybody can get through. So the 
balance is how do we keep criminals out without keeping all of 
the taxpayers out at the same time.
    Chairman ROSKAM. Mr. Rangel.
    Mr. RANGEL. Thank you so much for calling this hearing, Mr. 
Chairman.
    It seems as though the criminals have been bipartisan in 
their attempt to defraud innocent congressional people. So that 
is one way to bring us together, through the criminal element.
    Years ago we had hearings, and the IRS indicated it sent 
out 30,000 letters to taxpayers telling them that their tax 
debt was being sent to private debt collectors, and then the 
debt collectors were required to send a letter to the 
taxpayers, but it turned out that some 30,000 letters were 
returned to the IRS. In other words, it did not appear at that 
time that the IRS was effective in notifying the taxpayers.
    Do you have any problems in your office as to whether or 
not you are effectively reaching the taxpayers?
    Mr. KOSKINEN. Our information and our experience is that we 
were able to reach, give or take a little, 75 to 80 percent of 
the taxpayers. The problem is people move every year, and give 
or take a little, 15 to 20, 25 percent of people are moving 
every year.
    Mr. RANGEL. Okay. The second question I have has to deal 
with the effectiveness of the investigation and the prosecution 
of these people. We hear about the victims, but as a former 
Federal prosecutor, I do not ever remember reading about a 
criminal that is conducting these fraudulent calls ever being 
arrested and sent to jail.
    Do you have any details as to what are you doing in the 
prosecution department to let the people know that you are 
being effective?
    Mr. KOSKINEN. Right. I will distinguish that Mr. Camus is 
the expert on that.
    Mr. RANGEL. I know. I was particularly talking to Mr. 
Camus.
    Mr. KOSKINEN. Yes, we have prosecuted over 2,000 people for 
identity theft.
    Mr. RANGEL. I know. I am asking you how do you get that out 
there?
    Mr. KOSKINEN. But for phone scams, I give you Mr. Camus.
    Mr. RANGEL. That is who I want.
    Mr. CAMUS. Yes, sir. We have had a couple of high level 
cases. The challenge that we have had is we find ourselves 
chasing a lot of the runners who are just converting the money 
into various forms.
    But last July we had a conviction of an individual who was 
responsible for over a million dollars in damage to his 
victims. He got sentenced to 14 years in Federal prison. So we 
have had cases on occasion.
    We are currently working with the Department of Justice on 
a cluster of cases that we hope, to answer your question, that 
when we get those prosecutions we will use those as a 
springboard to warn people on a grand scale that this is going 
on. If you get contacted out of the blue by somebody claiming 
to be from the IRS or the Treasury Department and you have not 
heard from them before, as the Commissioner said, you are 
probably getting scammed.
    Mr. RANGEL. I hate to say we are from the Congress and we 
are here to help you, but quite frankly, are these fly-by-night 
individuals? Is this an organized national scheme?
    These people seem to be pretty well organized. As a matter 
of fact, they are outsmarting the IRS and, therefore, the 
Congress and the Nation. But who are these people? How are they 
classified?
    What is going on?
    Mr. CAMUS. One of the biggest challenges, sir, is that 
initially the scam started out as being a centralized group of 
people. Then once the criminals started to realize through 
warning taxpayers not to fall for it, other criminals saw, boy, 
if I just pick up the telephone and call somebody and threaten 
them, I can collect money.
    Mr. RANGEL. So you do not really think this is organized?
    Mr. CAMUS. I think this is centered now, sir, to a point 
where there are all kinds of different folks making these types 
of phone calls because when you think about it, from a criminal 
point of view, they have very little invested in this crime. 
They are just picking up the phone and calling people, and if 
they get two or three victims a day, that is good money.
    Mr. RANGEL. I think we ought to take this up with the 
Justice Department.
    Getting back to the debt collectors, forgetting the outside 
criminals, do you really think the debt collectors are doing a 
better job than the IRS trained collectors in the past?
    Mr. KOSKINEN. I think what we are committed to doing is to 
run this program as well as we can and----
    Mr. RANGEL. That was not my question.
    Mr. KOSKINEN. No, and see what the answer is.
    Mr. RANGEL. My question is that the Congress directed you 
use the private sector debt collectors.
    Mr. KOSKINEN. Right.
    Mr. RANGEL. And I am asking, based on your experience, do 
you find that to be more effective than when the IRS trained 
the collectors?
    Mr. KOSKINEN. Well, the last two times it has been tried by 
the IRS it did not turn out to be more effective. It turned out 
IRS employees were more effective.
    There were questions raised about how those programs are 
run and the costs of them. We now do have a statutory mandate.
    Mr. RANGEL. Who trains these private debt collectors? 
Because debt collectors can be very, very mean, rude. Do you 
train them now?
    Mr. KOSKINEN. We will, in fact, work with the companies to 
provide appropriate training as to they need to know something 
about their authority and they need to know something about 
debt collection.
    We will try to and select and monitor, with the Inspector 
General, the performance of these organizations to make sure 
that they are legitimate companies, but there is always that 
risk. But as I say, we are committed, and I think it is 
important for the Congress to understand to run this program as 
well as we can, as best as we can, we will have a fair test of 
how effective it is.
    I do not want anybody thinking that we are dragging our 
feet.
    Mr. RANGEL. Mr. Chairman, I want to thank you for this 
hearing. I think there is a wide range of areas that we can 
work with the IRS and be cooperative in a bipartisan way. This 
is one heck of a good beginning, and I did not like the 
Commissioner saying what they are trying to do. I think we 
ought to have other hearings to find out what can we help them 
to do it.
    We are not challenging their good intent, but there are a 
lot of things that have to be done, and it looks as though we 
are throwing up our hands saying we are doing the best we can.
    We are not blaming you, but we have to work more closely 
together.
    Thank you for having these hearings.
    Chairman ROSKAM. Thank you.
    Mr. Rice.
    Mr. RICE. Mr. Koskinen, I would like to start with you, 
sir.
    You know, I was a tax payer and CPA for 25 years, and I 
dealt with the IRS hundreds of times, and most of those times 
in my time I found them to be professional, and they are doing 
a difficult job in a difficult circumstance.
    But we have a voluntary compliance system. It does not work 
if the taxpayers do not work with us, and in order for the 
taxpayers to do that, they have to have a level of confidence 
in the IRS. They have to know that the IRS is competent and 
that they are honest, and that they are not going to target 
them for anything other than their tax liability, and that they 
are going to act in an ethical way.
    And in looking at what has happened in these last five 
years with scandal after scandal after scandal, from Lois 
Lerner targeting people who do not believe the way the 
Administration believes, purely for their political beliefs, 
and then the lies and the obfuscation and the cover-up in the 
investigation of that, and then redirecting taxpayer funds from 
taxpayer assistance to other things and allowing taxpayers to 
call in and not be responded to at a rate of two-thirds of the 
people calling in not being responded to, and then apparent, 
you know, disregard or incompetence in protecting taxpayer 
info, in taking basic measures to avoid sending out fraudulent 
refunds.
    It just looks to me like and nobody being held accountable 
in any of this, you know, nobody getting fired, nobody being 
held accountable in any way. It looks to me like the IRS has so 
undermined its credibility, and a lot of this happened before 
you got there, but it so undermined its own credibility in the 
last five years, it is almost beyond my comprehension.
    It is almost like if they had set out to do it 
intentionally, I do not know what else they could have done to 
further undermine their credibility than what they have done in 
the last five years.
    So I am just really worried. You know, this is not just 
something that is a one-time thing or it only happens every 
once in a great while. It is just every year it seems like 
there is another scandal, one after another after another, a 
cascade.
    And, my friend, there is an old saying. If you find 
yourself in a hole, the first thing you need to do is quit 
digging, right?
    So my question to you, I have got some questions here that 
the group here wants me to ask you, but my question to you 
first is: how do we stop this cascade of scandals? How do we 
start working on rebuilding the credibility of this institution 
that is so fundamental to this country?
    Because I do not see it happening right now. Is there some 
method, quality control? Is there some process that you're 
undertaking to foresee instead of us being totally reactionary 
to scandal after scandal after scandal and eroding the taxpayer 
confidence?
    Is there something you are doing to try to head this off 
and stop this endless cascade?
    Mr. KOSKINEN. One of the things we are doing that is 
important, and there are two basic things. One is to get people 
to understand our responses to the challenges and the work we 
are doing to fix them, and to the extent that I am a big 
believer in transparency, we have hearings. I think the 
hearings should point out the problems. There has been less 
focus on the solutions.
    We have taken every recommendation and implemented that 
have been made by the Inspector General in response to the 
(C)(4) issue of social welfare organizations not being handled 
promptly. We have taken every recommendation of the Senate 
Finance Committee, both its bipartisan recommendations, the 
majority report and the minority report.
    We have tried to make it clear that if anyone has any 
indication, our goal is to make sure people, as you say, are 
treated fairly no matter who they voted for, what party they 
belong to, where they go to church. I think that is 
fundamental.
    The second thing that we have done is we have set up a risk 
management program for the entire agency and are working to 
have every employee of the IRS from the front line on up view 
themselves as a risk manager so that they understand my view, 
and I mean it, as bad news is good news. The only problem we 
cannot solve is the problem we do not know about.
    As I said at my confirmation hearing two and a half years 
ago, it would be fun to say we will never make a mistake. There 
will never be a problem. We run the world's most complicated 
Tax Code. We deal with 150 million Americans. We have 85,000 
employees. The better goal, it seems to me, is to say that if 
there is a problem, we will find it quickly, we will fix it 
quickly, and we will be transparent about it.
    And I think if the public understands not that there will 
never be a problem, but if there is a problem our goal is to 
find it quickly, to fix it quickly, and to be transparent about 
it, then we will be on the road toward restoring confidence in 
the agency.
    Mr. RICE. Friend, that is reactive and not proactive.
    Mr. KOSKINEN. No, if I get employees on the front line to 
raise their hand when they see a problem, that is proactive. 
That is not reactive. General Motors' ignition switch is my 
favorite example. A lot of people knew about the ignition 
switch problem. It is just nobody at the top knew. My goal is 
to make sure that any time any employee knows anything is going 
on, they will raise their hand and let us know.
    We are proactive in terms of implementing all of the 
recommendations that the IG made and the Senate Finance 
Committee and others have made about how to make sure we never 
have a management failure such as we had with the (C)(4).
    We also have a valuable partnership with the IG and GAO. We 
take their recommendations seriously and implement them, but I 
think it is important for people to understand the culture of 
this organization. We have wonderful employees, dedicated to 
the mission. The culture is that if there is a problem, we 
reward messengers, do not shoot them; that we really mean it, 
that we want to find out whenever we have a problem and a 
situation occurs, as quickly as we can we can fix it.
    I think if the public understood that inevitably there will 
be issues, but we have a system designed to find them as 
quickly as we can, where employees are empowered, feel 
responsible to let us know, they will then feel that problems 
will not get hidden. They are not going to go on forever; that 
we are, in fact, going to fix them as quickly as we can, and we 
will let you know about it.
    Chairman ROSKAM. The time has expired.
    Mr. RICE. People need to be held accountable.
    Chairman ROSKAM. Mr. Davis.
    Mr. DAVIS.
    Mr. KOSKINEN. Yes.
    Mr. DAVIS. Thank you very much, Mr. Chairman, and I, too, 
want to thank you for calling this hearing.
    And I want to thank our witnesses for being here with us 
today.
    Mr. Chairman, I am troubled a bit by the policy of using 
private tax collectors who could earn up to 25 percent of what 
they collect, and I know that we often have the discussion 
relative to what is most effective, public or private, but it 
seems to me that this policy sets up a perverse incentive for 
private industry to harass and confuse taxpayers while costing 
the Federal Government money.
    My office often receives calls from constituents who have 
received fraudulent calls purportedly from Treasury or the IRS, 
as well as I get calls from constituents who have been targeted 
by mean-spirited debt collectors who threaten and frighten 
them.
    A recent call involved a constituent whose daughter with 
learning issues had given her credit card number to the person 
who called from the Treasury.
    Of course, I continue to be concerned and am troubled by 
whether or not we are trying to get from an agency without 
having all of the resources that they really need.
    Commissioner, I guess I am trying to get at, you know, 
based on the discussion that we are having right now and that 
we have had this morning, it seems as though in some ways we 
are between the rock and a hard place, that, on one hand, we 
are trying to prevent fraudulent activity from occurring and, 
on the other hand, it seems as though we do not have what we 
need even in the way of investigatory personnel or people to 
really deal with the pervasiveness of the issue. And I guess 
the agency is trying to do what it can.
    Are there any other approaches that you can think of that 
might help us to deal more effectively with these problems?
    Mr. KOSKINEN. Well, clearly, resources are an important 
part of it. Ninety-five million of the money we got this year 
in additional funding have gone to cybersecurity to allow us to 
buy better monitoring systems, to begin to retire antiquated 
equipment that is at greater risk. The budget for 2017 requests 
additional funding for that.
    It also is a procedural issue. One of the reasons I called 
the CEOs, tax preparers, software developers, payroll providers 
and state commissioners together a year ago was because we 
needed to change the paradigm. As I told them, the goal was not 
to tell them what to do. The goal was to create a partnership 
because no one of us by ourselves can deal with the complexity 
and sophistication of the criminals we are facing.
    So by bringing the entire tax, what we call the ecosystem 
together, dealing with taxpayers at the front end when they use 
the software or deal with their preparers, dealing with the 
returns when they come through the states and the IRS, and then 
dealing with financial institutions when the refunds are 
deposited, we can, in fact, begin to have a more coordinated 
strategy to fight back against the criminals.
    And I think it is an important step forward as we go. We do 
not have a line of sight into the taxpayers directly. They deal 
with software companies. They deal with preparers, but the 
preparers and software companies can give us identification of 
what are the ideas from the computers which they are using to 
file the returns. Are they filing quickly or not so quickly?
    We have plenty of data elements that we now have we did not 
have before. So part of it is resources, making sure we are 
doing the best we can and we have been constrained for some 
time. Part of it is, as I say, changing the paradigm, trying to 
figure out, as I say, if we can, can we get beyond reactive and 
start to be able to anticipate where it is going to happen?
    We have been warning preparers for a year that as we get 
better at stopping false returns, the next place that the 
criminals are going to go is attacking preparers and hacking 
into their system because then they have all the information 
they need in that way, and we see some of that happening.
    But, again, the preparers have been very good. They are 
very sensitive about that, setting security standards across 
the industry that they are setting. We can require them, but we 
require them after they have said this is what they need.
    Mr. DAVIS. Thank you very much.
    Mr. Chairman, I think we might want to take a look at our 
policy perspective in terms of trying to get further insight 
into solving the problems.
    Mr. KOSKINEN. Thank you.
    Chairman ROSKAM. Mr. Holding.
    Mr. HOLDING. Thank you, Mr. Chairman.
    You know, in order to properly protect taxpayer data, we 
need to authenticate as we have discussed on the front end so 
that only valid users can access the systems, but the reality 
is we have to also minimize the damage that bad actors can do 
if they access the system.
    Both GAO and TIGTA have reported the IRS is not making sure 
that the only people who are accessing the information are the 
folks that have authorization to do so. So my first question to 
Ms. Lucas-Judy and to Mr. Camus is: identify for me succinctly 
what do you think are the most serious problems with the IRS' 
information security.
    So, Mr. Camus, if you could kick it off. Give it to me in a 
sentence.
    Mr. CAMUS. The insider threat in addition to some of the 
things we talked about with Get Transcript and IP PIN. We are 
concerned that the 55,000 IRS employees who have access to the 
most sensitive data of every taxpayer do not do horrible things 
with that data and commit identity theft themselves.
    Mr. HOLDING. Ms. Lucas-Judy.
    Ms. LUCAS-JUDY. The GAO has found that IRS could do more to 
authenticate the users and make sure that systems are 
protected. They could do more to ensure that the level of 
access that is provided is just what people need to do their 
jobs.
    And then also another place was installing security patches 
for software as soon as it is available. IRS' own guidelines 
call for a risk-based approach to installing patches to 
software, and what we found was that they were not adhering to 
their own guidelines there.
    Mr. HOLDING. Interesting. I want to quickly move over, Mr. 
Commissioner, to the law enforcement side of the IRS. As a 
former U.S. Attorney I firmly understand and appreciate the 
great value of the work done by the Criminal Investigative 
Division. You always want to have an IRS CID agent on your 
case.
    So it is curious to listen to the testimony this morning 
about the continuing prevalence in tax related crimes, such as 
identity theft and fraud, and you mentioned the additional 
funding provided to the IRS during fiscal year 2016. I believe 
you said $290 million.
    So how much of that was directed toward the CID, the 
Criminal Investigative Division?
    Mr. KOSKINEN. The bulk of the money went first at 178 
million to taxpayer services; 95 million to cybersecurity and 
improving the systems. There was no additional funding. Some of 
the systems are used by CID and we have been supporting the 
systems, but there are no additional personnel that were added 
to CID.
    We are down about 5,000 revenue agents, officers, and 
criminal investigators over the last five years.
    Mr. HOLDING. So, I mean, it occurs to me you are talking 
about these crimes being committed. So who is going to 
investigate these crimes and put the cases together and bring 
them to the prosecutor, bring them to the U.S. Attorney's 
Office and ask them to prosecute?
    So I do not understand why you are not placing more of a 
premium on the criminal investigation.
    Mr. KOSKINEN. We are. Five or six years ago before the 
explosion of identity theft CID spent about three percent of 
their time on this. They are now up to 20 percent of their 
time. So they have, in fact, assigned a high priority to 
identity theft and refund fraud.
    Mr. HOLDING. Mr. Commissioner, interestingly, you know, I 
have taken a look at CID's business report from fiscal year 
2015, and I see a notable decrease in the number of 
investigations initiated and a troubling trend overall with the 
number of Special Agents and professional staff since 2010.
    You cannot deter crime unless you are prosecuting crime.
    Mr. KOSKINEN. That is right, and we need more people, and 
the only way to get the people is to fund them, and over the 
last five years, six years, our budget is down a billion 
dollars. We are down 15,000 employees. We are going to shrink 
another two to 3,000 this year, and that is going to include 
shrinkage in CID agents, revenue agents and revenue officers.
    It is a point I have been making for two and a half years.
    Mr. HOLDING. Commissioner, when you are faced with a 
budget, I mean, you have to look at what you need to do with 
the money that you are given, and by shrinking the Criminal 
Investigative Division and really limiting the number of 
prosecutions, I mean, it is defeating in and of itself.
    You know prosecution and the penalties that come with 
successful prosecution are the ways to deter crime. Holding 
them up as an example, you know, we have heard over and over 
again that, you know, criminal organizations are getting more 
interested in committing tax fraud because they know they are 
not going to get prosecuted.
    My time has expired, Mr. Chairman. So I yield back.
    Mr. KOSKINEN. If I could, Mr. Chairman, just note our 
funding goes to enforcement, taxpayer service, and information 
technology. As the budget gets cut, everything has been cut. 
They are all a priority. Now, we would put more money into 
enforcement. We would put more money into taxpayer service. We 
would put more money into information technology if we had it.
    One of the things I hope we will do with the $290 million 
is demonstrate to the Congress if you give us the funding, we 
will demonstrate to you exactly the improvements you bought 
with that additional funding. The converse is true as well. If 
you do not give us the money, we will not be able to increase 
enforcement, improve taxpayer service or improve protection.
    Chairman ROSKAM. We have a first-time caller, a long-time 
listener. Mr. Pascrell.
    Mr. PASCRELL. Thank you, Mr. Chairman, Mr. Roskam, and 
Ranking Member Lewis for holding this hearing.
    Yesterday was tax day, a very important day in the 
calendar, and millions of Americans have been busy filing their 
taxes this season and trust that private information is secure.
    You have heard from the Commissioner about the drastic 
under-funding and undercutting. Those are facts or they are 
fables. I happen to believe they are facts. And I want to 
commend you for weathering storm that we have been experiencing 
over the last couple of years.
    I think the storm is from men and women of good faith, but 
I think their priorities are misdirected. Identity theft and 
tax fraud are a growing problem, growing problems being carried 
out by very, very sophisticated criminals who we usually 
assist.
    As technology changes and criminal syndicates hone in on 
American tax returns, we need to help, be able to keep up. Just 
this year a man was changed in Federal court in Newark, New 
Jersey for being sent nearly $343,000 in fraudulent tax refund 
checks, cashing them in New Jersey bank accounts.
    Too often the victims are not alerted and not able to get 
the help they need to correct the problem, and I think Mr. 
Holding is on target. If we do not prosecute, what good does it 
all mean?
    Organized crime last year, syndicates accessed past tax 
returns in more than 100,000 people to file fraudulent returns, 
and the IRS sent nearly 50 million in refunds before detecting 
the crime. Using Social Security numbers--and that is a whole 
other issue which we have struggled with since the Homeland 
Security Department was put together and the committee was put 
together--birth dates, street addresses, other personal 
information, hackers completed a multi-step authentication 
process and requested tax returns and other filings, then used 
that information to file fraudulent returns.
    I introduced a piece of legislation, H.R. 3981, the 
Identity Theft and Tax Fraud Prevention Act, that would take a 
number of steps to address the issue. It would create a single 
point of contact for identity theft victims. I think that is a 
big issue as I read the materials.
    Provide a taxpayer notification of suspected identity 
theft; create criminal penalties for tax fraud through identity 
theft; increase taxpayer repair penalties for improper use of 
personal information; and reduce the display in the use of 
Social Security numbers all over the place.
    Retailers demanded it because we demanded it in many of the 
Homeland Security pieces of legislation that we passed.
    I am proud to sponsor that legislation, this legislation, 
with Congressman Lewis, the Taxpayer Protection Act of 2016. It 
builds on these provisions and adds hopefully some meaningful 
reforms like the elimination of private debt collectors, and we 
will debate that, and increase funding for taxpayer services.
    Mr. Commissioner, I know that both the GAO and TIGTA found 
in a 2014 report on cybersecurity that identify theft victims 
are no longer provided with a single point of contact in the 
IRS. The IRS has indicated that budgetary constraints do not 
allow for a single employee.
    Could you please comment on that and how that if we did 
have enough it would benefit the taxpayers?
    Mr. KOSKINEN. What we have done, which we think is a 
significant step forward, is bring all of the identity theft 
assistance programs into one area. It used to be in our various 
divisions.
    Mr. PASCRELL. Right.
    Mr. KOSKINEN. So there is now a single point of contact. In 
other words, the taxpayer is not going to get referred to 
different divisions of the IRS with their problem, and we think 
that that has been effective this year. We think the time it 
takes to resolve a taxpayer account problem is down to our goal 
of 120 days and we would like to shrink it. It was at one point 
almost a year.
    The problem an individual point of contact is then when you 
call, they may be on vacation. They may be out of town. If you 
call any other call center, you never get them. The key is to 
have it centralized so that people know what the status of the 
case is so when the taxpayer calls back in, that single point 
of contact can continue the discussion rather than start all 
over again. And we think that that is important.
    Mr. PASCRELL. Good. Thank you, Mr. Chairman.
    Chairman ROSKAM. Chairman Johnson.
    Mr. JOHNSON. Thank you, Mr. Chairman.
    Commissioner, it is always good to see you. I have two 
issues I would like to talk to you about. First, as you know, 
last year's tax deal included the Johnson, Larson Wrongful 
Conviction Tax Relief Act.
    Now, back in January we wrote you about the importance of 
quick implementation, and as you know, our bill would allow 
those who previously paid taxes on their restitution to be able 
to file for a refund when they ordinarily could not do so 
because too many years have gone by, and as you know, they only 
have this year to file for such a refund.
    Mr. Commissioner, it is April already, and I want to know 
what you and the IRS are doing to get the word out about this 
important relief.
    Mr. KOSKINEN. We every year--because you are exactly right; 
the statute runs out--early in the filing season try to make, 
again, a full national release of the amount of money that is 
out there, the states in which it is available, trying to 
encourage people.
    Usually what has happened, they had a job; they got 
withholding; and then they forgot about it. They did not have 
to file. They forgot about the act that they should have filed 
to get the refund or the money back.
    Every year we do our best to remind taxpayers of that 
situation, and we issue a kind of national public campaign to 
get people aware of that.
    Mr. JOHNSON. Are you doing that right now?
    Mr. KOSKINEN. We have done that right now probably six 
weeks or so ago. We actually went state by state, and we had a 
lot of good coverage in Oregon and Massachusetts, Mississippi 
people saying, ``This is the amount of money that in this state 
taxpayers have if they would just file.''
    Mr. JOHNSON. Okay. My second issue involves illegal 
immigrants and their use of Social Security numbers. I know 
this has been brought up before, but it is too important of an 
issue for me to stay silent.
    As you know, as Chairman of the Social Security 
Subcommittee, one of my longstanding priorities has been to 
protect Americans' identities, and as we have heard today, the 
IRS struggles to respond to identity theft.
    At last week's Senate Finance Committee hearing you were 
asked about troubling practice of illegal immigrants stealing 
Americans' Social Security numbers to get a job and then filing 
tax returns using their own names and their own individual tax 
identification numbers. What I find absolutely outrageous is 
your suggesting that when it comes to illegal immigrants, the 
IRS could not really be bothered when it comes to these folks 
stealing Americans' Social Security numbers, and I think that 
is wrong, and it ought to stop now.
    What is the status of the pilot program you began in 2014 
that sends notices to suspected victims of identity theft?
    Mr. KOSKINEN. I do not have the update to that. I will get 
that for you, but again, as I said, the point is anyone with a 
job earning money is required to pay taxes whether they are 
undocumented for one reason or another or whether they simply 
cannot get a Social Security number. They apply to us and 
authenticate themselves and are given what is called an ITIN.
    Our role is to make sure that those tax payments are made 
and credited appropriately. Oftentimes to get a job, you need a 
Social Security number. They may have borrowed one. They may 
get one from a relative. You can buy them for ten or $15 on the 
Web.
    The problem is if people think we are in the immigration 
business of tracking through and finding out what is going on 
with those Social Security numbers, we are not going to get 
people paying the taxes they owed because of their nervousness.
    We are though looking at can we advise because the Social 
Security number just comes as an adjunct either on a W-2. 
Sometimes we do not even know what the Social Security number 
is. The return is filed without a W-2, but the taxes are paid.
    So we are doing, as you note, a review to see what would 
the implications be of notifying people that somebody has used 
their Social Security number for a job, not to file a return. 
The return does not come with a Social Security number as the 
identifier, but so that it is out there.
    We already, as noted earlier when we talked, even when on 
some of the accesses to our applications the criminals were not 
able to get through, if they tried and we track that, we 
notified all of those taxpayers that their Social Security 
number was in the hands of criminals, and while it was not 
successfully used to get any information from the IRS, we think 
it is important for taxpayers to know if criminals have access 
to their Social Security numbers.
    So we are trying with a pilot program to figure out exactly 
what can we do without discouraging people from paying their 
taxes to let people know whether their Social Security number 
is being used.
    Mr. JOHNSON. Well, the status of the pilot program you 
began in 2014, it sends notices to suspected victims of 
identity theft is important.
    And, Mr. Camus, I understand that the IG has a report 
coming out on the pilot program. What are your thoughts?
    And has the IRS made any progress in stopping the improper 
use of Social Security numbers?
    Mr. CAMUS. Sir, we will be issuing our report hopefully in 
June, and we will be able to address your issues and concerns 
in that report.
    Mr. JOHNSON. Okay. Mr. Commissioner, that the IRS can track 
when illegal activity has occurred but fails to notify the 
victims of these crimes is plain wrong. Mr. Commissioner, the 
IRS must do better. Americans rightly expect the IRS to stand 
up for them and protect their Social Security numbers.
    Thank you, Mr. Chairman. I yield back.
    Chairman ROSKAM. Mr. Marchant.
    Mr. MARCHANT. Thank you, Mr. Chairman.
    Like Representative Johnson, I felt like the hearing that 
took place earlier this week or last week was very alarming. I 
got a lot of input from my constituents about the responses 
that were made at that time. So I would like to just discuss 
that a little bit further and get your thoughts.
    Your responses basically said they are undocumented aliens. 
They are paying taxes. That is in everybody's interest to have 
them pay the taxes they owe.
    So is it your position that a person that is in the country 
illegally and is breaking the law because they are in the 
country illegally and undocumented, it is the law that they pay 
income tax on their earnings?
    Mr. KOSKINEN. Yes. And in fact, whenever there have been 
over the last 30 or 40 years, any amnesty programs or programs 
to allow people here in undocumented status to become green 
card holders or citizens, the first thing they have to 
establish is that they paid taxes on any earnings while they 
were in the United States.
    So the reason a number of people file with ITINs who are 
here legally but just cannot get a Social Security number, they 
are not American citizens. But the reason undocumented 
residents are filing and paying their taxes is just for that 
reason, that in fact some day they are going to have to 
establish that they paid them.
    And our job is, in fact, to collect those taxes.
    Mr. MARCHANT. Is it a crime or is it illegal for a person 
to obtain a job by giving another person's Social Security 
number?
    Mr. KOSKINEN. I am not sure what the legal implications are 
because we are not in the immigration business, but I am sure 
it is not allowed. I do not know what the nature of----
    Mr. MARCHANT. If my son gave his cousin's Social Security 
number on his tax return, if somebody in the United States is 
here legally and they give a false Social Security number or 
another person's Social Security number, are they creating some 
kind of fraud with the IRS?
    Mr. KOSKINEN. Again, I would stress the Social Security 
number is not used to file with the IRS. So in your case your 
son would be giving the Social Security number to someone to 
allow him to get a job and they would be using that Social 
Security number with their employer.
    With us, they would be filing with an ITIN. So the Social 
Security number is not used to file with us. The Social 
Security number, whether it is bought, borrowed or stolen, is 
used to get a job.
    Mr. MARCHANT. To get to a logical conclusion of this, but a 
Social Security number triggers the deduction of Social 
Security tax. It triggers all kinds of deductions, and it 
triggers all kinds of forms that get sent to the Social 
Security Administration and then gets filed when they file 
their tax return, right?
    Mr. KOSKINEN. No. Actually what they are filing with us is 
simply whatever information they have of their revenues and 
expenses or taxes. The Social Security Administration and the 
Immigration----
    Mr. MARCHANT. But it will ultimately either be a W-2 or a 
1099, correct?
    Mr. KOSKINEN. Yes, but as noted, we have been collecting 
and paying out taxes without those W-2s being identified. Our 
problem is to make sure that the people who owe the taxes are 
paying them.
    Mr. MARCHANT. So many of these people obtaining the earned 
income tax credit and the child tax credit have not even 
presented a 1099 or a W-2 on their tax return?
    Mr. KOSKINEN. You are only eligible for the earned income 
tax credit if you actually file with a Social Security number 
and have a legitimate Social Security number. ITIN holders are 
not eligible.
    Mr. MARCHANT. Okay. So but if you file with the Social 
Security number that you used to get the job, that the employer 
uses to issue you a W-2, is the Social Security number on the 
W-2 the one that the employee gave them that is not correct or 
is it the ITIN number that you obtain from the IRS?
    Mr. KOSKINEN. The W-2 will not have the ITIN number. The W-
2 will have a Social Security number that the employer accepted 
when the employee got the job.
    Mr. MARCHANT. But it is an inaccurate document. The IRS, I 
assume, is using a W-2 that is an inaccurate document.
    Mr. KOSKINEN. Well, it is an inaccurate document if it has 
a Social Security number not there. The numbers on the document 
will be accurate. It will reflect accurately the income and 
withholding.
    Mr. MARCHANT. So the IRS just disregards the inaccuracy, 
the parts of the document that are inaccurate, but they will 
take the income part.
    Mr. KOSKINEN. Again, the Immigration Service works with 
employers to make sure that people are legitimately getting 
jobs. Social Security enforces whether the payments are being 
made appropriately. Our job is are people paying taxes on the 
earnings they have. If the W-2 comes in and says I earned 
$14,000 and here is my tax payment, that is what our job is.
    If we start going into the immigration business, we are 
going to have a lot of people decide, ``Well, I cannot file 
with the IRS because that is going to trigger a set of 
government inquiries''.
    Mr. MARCHANT. Well, I would not say that you are 
necessarily in the immigration business if you were just saying 
to the taxpayer, ``You are giving me inaccurate information on 
your tax return,'' and that in itself should raise some red 
flag as when it begins to be paying credits out, whether they 
be earned income tax credits----
    Mr. KOSKINEN. The information they are giving us is 
accurate. That is the Social Security number they have been 
using, the revenues and the withholding and that are accurate 
numbers, and again, the statute provides we are supposed to be 
collecting that tax, not going behind it and figuring out 
whether they legitimately had that job.
    If they had the job and got paid, if they are paying their 
taxes, they have an obligation to pay them. If they are filing, 
the W-2 has accurate information about revenue and expenses. 
That is what we are supposed to be doing.
    Now, as I said, whether the use of that Social Security 
number, again it is taxpayer information whether we can provide 
that and in what forms we can notify taxpayers, somebody has 
gotten a job with their Social Security number.
    Chairman ROSKAM. Mr. Smith.
    Mr. SMITH. Thank you, Mr. Chairman.
    Commissioner earlier we were discussing the funds going 
towards taxpayer services for wait times and various items. The 
IRS has discretion over roughly $500 million in funds that they 
collect from fees that they can appropriate any way that they 
want.
    Could you tell me why you all have decided from 2014 to 
2015 to cut almost $130 million that was used in 2014 for 
taxpayer assistance?
    Mr. KOSKINEN. Because for that year, as you will recall, we 
had a budget cut of $350 million, and inflationary and payroll 
costs of $250 million. So we had $600 million that we had to 
make up, and the way we made that up was allocating those user 
fees.
    Some portion of them, about 50 million, went to taxpayer 
service. A big chunk of them went to information technology, 
and ID theft. In other words, again, we end up having to do 
enforcement, taxpayer service, and information technology.
    As our budget gets cut, everything has to get cut to some 
extent. There are priorities. Last year, as I testified before 
this Committee, if we had put the 100 million there, we would 
not have had the money to spend both in implementing. We have 
got a whole set of unfunded statutory mandates. Private debt 
collection is an unfunded mandate. The health coverage tax care 
program is an unfunded mandate. The ABLE Act is an unfunded 
mandate. Going after people who owe more than $50,000 and 
having their passports taken away is an unfunded mandate. The 
Point of Contacts Compliance Act is an unfunded mandate.
    Mr. SMITH. Okay. Let me ask you a question. In regards to 
taxpayer assistance, did Congress leave your funding level for 
taxpayer assistance to help taxpayers?
    Mr. KOSKINEN. Yes. What the----
    Mr. SMITH. We did leave it at level funding?
    Mr. KOSKINEN. You left it, and we did not change that level 
of funding. What the Congress has not done----
    Mr. SMITH. You changed the level----
    Mr. KOSKINEN. What Congress has not done for the past four 
or five years is fully fund the cost of taxpayer service.
    Mr. SMITH. Okay. What I am talking about is taxpayer 
assistance. So when Congress in the line item budget, we 
appropriated level funding for taxpayer assistance; is that 
correct?
    Mr. KOSKINEN. Yes, and we spent that money.
    Mr. SMITH. Okay. That was my question.
    The other question is the fund that you all have complete 
discretion of, which is the user fees, you have complete 
discretion of user fees, correct?
    Mr. KOSKINEN. Yes. We file a spending plan with the 
appropriators.
    Mr. SMITH. Okay. That was my question. You answered that.
    My other question is that in 2014 you appropriated $183 
million for taxpayer assistance; is that correct?
    Mr. KOSKINEN. In 2014, yes.
    Mr. SMITH. Yes. In 2015, you appropriated 49 million for 
taxpayer assistance; is that correct?
    Mr. KOSKINEN. That is correct.
    Mr. SMITH. So it was your decision to cut taxpayer 
assistance by $130 million; is that correct?
    Mr. KOSKINEN. Yes.
    Mr. SMITH. Thank you.
    Mr. Chairman, that is all I have.
    Mr. KOSKINEN. If I could just expand, we also cut tax 
enforcement.
    Chairman ROSKAM. The time has expired.
    Mr. KOSKINEN. We also cut information technology.
    Chairman ROSKAM. Mr. Koskinen, you will have an 
opportunity.
    Mr. Renacci.
    Mr. RENACCI. Thank you, Mr. Chairman.
    And I do want to thank you for the opportunity to testify 
and also being part of the hearing from this side of the dais, 
and I do hope to work with my colleagues on the committee to 
really mark up the remaining provisions of the Stolen Identity 
Refund Fraud Prevention Act of 2015, which does address some of 
these issues.
    Mr. Commissioner, you said something pretty interesting. 
You said, ``We run the world's most complicated Tax Code,'' you 
as the IRS. That is kind of interesting because I think the 
real answer is we have to simplify the Tax Code, and that 
probably would be the best way of reducing the overhead that 
you have, if we could get to that part.
    And I do want to applaud you for creating the Security 
Summit Initiative. I think that is an important part of moving 
forward.
    But I want to ask you about the IP PIN program, and I know 
Mr. Camus talked about this. I understand the current IP 
program is available to all taxpayers previously identified by 
the IRS as victim's identity theft. Actually I have one of 
those ID numbers right now as well, and participants from the 
pilot program, which are people living in Florida, Georgia, 
Washington, D.C., which are areas of high risk of ID theft.
    Do you think expanding the program to the taxpayers who 
request one regardless of states would further crack down on 
the tax related ID theft, and does the security breach 
connected to the IP PIN retrieval tool give you pause in doing 
so?
    Mr. KOSKINEN. No, the breach was for people who were trying 
to retrieve their PIN. Last year we mailed 2.7 million IP PINs 
out to the taxpayers, but they lose them. They forget about 
them, and then they need to get one.
    So we had about 135,000 on it. About five percent of people 
try to access it online. So continuing to mail them out to the 
address of record we think is a secure method of providing 
them. The problem we have is when they forget them because they 
cannot file without them. How do we get them access to those?
    What we are going to do is we will bring that back up with 
the multi-factor authentication, but taxpayers also will be 
able to go online and have the IP PIN mailed to them. It will 
just take them five to seven days longer to get it.
    But in terms of the PIN itself, one of the reasons is in 
some ways you kind of move it here and it moves there. One of 
the reasons that criminals were trying to access the IP PIN was 
they discovered that the IP PINs were stopping them when they 
had stolen or bought Social Security numbers from filing 
successfully.
    So their next move was, okay, if I need an IP PIN, I will 
go get the IP PIN. There is no taxpayer identification involved 
in that access. It is just a way of being able to file. They 
already had the necessary fraudulent information to file.
    So our goal is to continue providing IP PINs to victims of 
identity theft and those in the pilot program areas, but we 
will continue to provide them by mail. For next year the re-
authentication will be by mail unless you can work your way 
through the multi-factor authentication.
    Mr. RENACCI. So do you think expanding it to other states 
would be helpful?
    Mr. KOSKINEN. Yes, we have explored that as to what if we 
just got rid of Social Security numbers as an identifier and 
gave everybody an IP PIN. There is a substantial cost in that 
and a burden to taxpayers to try to then keep track of those 
PINs. We think that ultimately we are better off if we can 
improve authentication and deal with authorities like the 
Congress has given us. Get W-2s earlier to be able to match and 
make sure that we have the right people because IP PINs 
themselves can get lost, stolen or used, and so they are not by 
themselves, you know, totally a magical percentage, but we are 
expanding them, as I say. We sent out 2.7 million this year and 
continue to expand them.
    The pilot program was attest to see how many people would 
like to have them. A relatively small percentage of people have 
opted in that direction, but that means that we may be able to 
offer it to more people because we will not get overwhelmed by 
it, and it will give some people who want that additional 
security a better feeling.
    Mr. RENACCI. Thank you.
    Ms. Lucas-Judy, can you talk a bit about the process of 
what happens to W-2s once they get to the government, 
specifically timing between being received by the Social 
Security Administration and where they are transmitted to the 
IRS? Because I understand there is a delay there.
    And then do you know the difference in timing between when 
the IRS receives an electronically filed W-2s from the Social 
Security Administration as compared to paper filed W-2s with 
the Social Security at the same time?
    Mr. KOSKINEN. You are given an additional--I am sorry.
    Ms. LUCAS-JUDY. So there is a delay and there has been a 
delay historically in IRS receiving the W-2 information and 
being able to use that to match wage data against what is on 
the tax return before providing a refund, and so that is why we 
advocated for the deadline to be earlier, and we also had 
recommended that IRS assess the cost and benefits and figure 
out how it was going to implement pre-refund matching once it 
did start receiving the W-2s earlier.
    So, you know, we are happy that IRS has implemented that 
recommendation, and will be able to hopefully take the 
information that it is getting in the next filing season with 
earlier W-2s and be able to use that as part of its----
    Mr. RENACCI. How significant a delay is the paper W-2? That 
is the big question.
    Ms. LUCAS-JUDY. The paper W-2s come in several weeks later. 
It can take weeks longer to process those, to receive those and 
process those as opposed to the electronic filing.
    Mr. RENACCI. Is that a month, three weeks, six weeks?
    Ms. LUCAS-JUDY. I would have to get back to you on the 
exact amount.
    Mr. RENACCI. Thank you.
    I yield back.
    Chairman ROSKAM. Mr. Kelly.
    Mr. KELLY. Thank you, Chairman.
    I thank you all for being here.
    Mr. Rangel said something that really made a lot of sense 
to me, and really everybody that is here today either up here 
in the dais, we all work for the same people, hard-working 
American taxpayers, and I think sometimes the exchanges go back 
and forth like we are actually at odds with each other, and I 
do not think we are.
    But I will say this, and Mr. Koskinen, you are right. A 
78,000 page Tax Code is the problem. It is so complicated, and 
it creates an awful lot of problems for people.
    I have also gone through this process like Mr. Lewis where 
I got phone calls from people saying, ``This is the IRS. You 
have got a problem.''
    I came home one time after being in session. My wife said, 
``Please, something is wrong with the IRS.''
    I said, ``Why do you say this?''
    She said, ``Because they called us.''
    I said, ``That is not the IRS.''
    She said, ``How do you know?''
    I said, ``They never call. You would have gotten a 
letter.''
    But think about this. The culture of fear that comes with 
the IRS as an agency, I am not saying that is your intention. I 
am saying that is what people feel.
    Why do they respond to these people who call them? Because 
they are scared to death that they have done something wrong 
and they are scared to death that the outcomes are going to be 
poor for them, that somehow they are going to be put through 
some type of a process that they just do not want to go 
through.
    So we talk to each other about these things all the time, 
but we never fix them. The problem is the code. When President 
Clinton first ran for office he said very simply it is the 
economy, stupid. Right now it is the Tax Code, stupid.
    How long are we going to go on? And every one of you are 
doing the same thing for the same purposes. We have to have an 
IRS. We have to have a way to collect revenue, but by the same 
token, are we going to be at this level of fear that every day 
hard-working American taxpayers fear a letter or a call from 
the IRS?
    There is nothing that strikes fear in the hearts of the 
American people more than the IRS getting involved with them. I 
am not saying it is your fault. I am saying it is a result of 
where we are.
    I look at these things, and, Commissioner, an $11 billion a 
year budget, that is not a little bit. Eighty-two thousand 
people.
    I come from the private sector, and unfortunately in 
government the answer to every single problem is to throw more 
money at it. In the private sector is to get it fixed or you 
will not be in business anymore, and I think this is where we 
have this real disconnect. We think that in the government the 
answer is always to grow it bigger. It has got to expand the 
number of dollars.
    For me in the private sector it is how would I prioritize 
those dollars to fit the needs that I need, not just putting 
them where I want to from time to time, but on a priority from 
the most needed to the least needed to the best service I could 
provide to make sure my customer base stays intact.
    And so when I look at all of you, I mean, you are all doing 
the same thing.
    And, Mr. Camus, thank you. You have given up a quarter of a 
century to serve this country. That is phenomenal. Ms. Lucas-
Judy, thank you for what you are doing, but you are all working 
for the same process and that is to help hard-working American 
taxpayers.
    Commissioner, I know you are working within a very 
difficult situation, but the reality of all this is we can have 
hearing after hearing after hearing. If we do not fix our Tax 
Code, all this is going to lead to is hearing after hearing 
after hearing and more suggestions of what we could do to fix 
it.
    So do you all have any suggestion other than--I know what 
you are dealing with right now is a disease, but what is the 
cure?
    So, Ms. Lucas-Judy, the one thing that could happen today 
in Congress that would make it easier for the American 
taxpayers, not easier for their representatives, but for the 
American taxpayers?
    Ms. LUCAS-JUDY. Well, we have recommended that Congress 
give Treasury the authority to lower the threshold for e-filing 
of information returns from the current 250 down to five to ten 
because that would provide information electronically earlier 
for IRS to do its W-2 matching.
    We have also recommended that it require Treasury and IRS 
to work together on a comprehensive customer service strategy 
to figure out what kind of services that IRS wants to be able 
to provide, what is it going to cost, you know, what is the 
right balance between online and----
    Mr. KELLY. I just want to interrupt for a minute because 
what you are responding to is under the current code with 
78,000 pages. That still is the underlying problem, is it not?
    This thing is so big and so unmanageable that the average 
person cannot do it on herself or himself. They just cannot. 
They are scared to death they are going to make a mistake.
    So that is what I keep going back to. Mr. Camus, outside of 
major tax reform, how could we ever get this system into 
something that is actually manageable and understandable by the 
hard-working American taxpayer?
    That is who we are leaving out of the equation.
    Mr. CAMUS. Mr. Kelly, you are absolutely right, you know, 
and we all serve America and we are very proud. The 400 men and 
women and the 836 men and women in my agency are proud to come 
to work every day to make America better and serve America. 
That is why we take these issues so seriously.
    In our view one of the things that can help would be as we 
make recommendations to the IRS, that sometimes there could be 
support or some oversight into making sure that they are 
implemented. Sometimes that does mean resources or their 
decisions that are being made. That is maybe a discussion we 
could have, to make sure that the recommendations that we make 
when we view something at the IRS and have discussions with the 
Commissioner and his staff, that we could actually bring those 
to life.
    The GAO recommendations are a good point. We talk about 
recommendations over and over again, but how do we bring those 
to life and make sure they actually happen for the American 
taxpayer?
    Mr. KOSKINEN. Well, I totally agree with you that tax 
simplification is core to the issue. It would make our lives 
simpler. It would make taxpayers' lives simpler. The code 
really is a mess. So as I have made it clear, while the policy 
of tax simplification and Tax Code is the domain of Congress 
and the White House, anything we can do to be supportive of 
simplifying the Administration of the Tax Code, which is our 
responsibility, we are happy to do.
    I would note, just to make you feel hopefully a little 
better, the OECD just published statistics that noted that it 
cost us 50 percent of what the average cost of collection is 
around the world. Germany, France, England, Australia, Canada 
spend twice as much to collect a dollar of revenue as the IRS 
does.
    So we need to be efficient. They are our taxpayer dollars 
we are spending, and I agree that every problem does not have a 
monetary solution to it, hence the Security Summit, but on the 
other hand, there is a point at which as you have more and more 
work to do, as I have said, and you and I have talked, nobody I 
know in the private sector says, ``I think I will take my 
revenue arm, my accounts receivable arm,'' whatever you think 
it is, ``and starve it for funds and just see how it does.''
    In other words, most of those businesses say, ``Wherever I 
produce the revenue, I want to protect that while I am becoming 
efficient and trying to run the organization.''
    Mr. KELLY. It is the only way to survive. You are right. 
Thank you.
    And I yield back.
    Chairman ROSKAM. I want to thank our panel and the members 
for actively participating.
    Let me just ask a couple of other questions, but make one 
point. Just to step back from this whole process for a second, 
I have got to share with you an interaction that I had last 
week with a group of visiting parliamentarians from emerging 
democracies. This is part of an effort of the House Democracy 
Partnership. It is a relationship the House has with emerging 
democracies around the world.
    And we had a panel and a discussion, and to go back and 
forth with parliamentarians of other countries that are 
emerging and really struggling with the voices of 
authoritarianism within their own countries, and you talk about 
this process, and if they were to be witnesses here today, this 
would be a marvel to them, an absolute marvel, that you have 
got an oversight process. We have got these two co-equal 
branches of government that are tussling it out and sort of 
arguing and so forth and presenting different perspectives.
    But in the great scheme of things, we have got a lot to be 
thankful for. I know we have got very serious challenges that 
we have got to deal with, but you compare what we are dealing 
with with what is going on around the world, and we have got a 
lot to be thankful for.
    And the disposition and the talent of the members as well 
as our witnesses today are all part of the solution. So end of 
sermon, but I think it is an important point to make.
    Commissioner, you mentioned the multi-factor authentication 
process. Let me take you back to a hearing that you did not 
attend, but we had as a subcommittee. It was last year, I 
think, and we had invited in the person who is in charge of 
fighting fraud at Medicare, and we asked a very simple 
question: what is the fraud and erroneous payments rate?
    And he said the number is 12.7 percent, and all of our jaws 
just dropped.
    We had on a similar panel that same day the person who is 
in charge of fighting fraud at Visa and asked him the same 
question. What is your fraud rate? And he said it was .06 
percent.
    So there is this high contrast between what the public 
sector was doing and what the private sector is doing.
    On this multi-factor authentication, this is not new 
ground. It is out there in the private sector. What is your 
expectation of when this would be implemented at the IRS? Is 
this a matter of months in your view? Is this a matter of years 
in your view?
    Can you just give us a sense of scope and scale?
    Mr. KOSKINEN. I said some time ago we would have it in the 
spring, and if you define that broadly, we are running internal 
tests on it right now. We are having security experts----
    Chairman ROSKAM. Okay. I mean, that is reasonable.
    Mr. KOSKINEN. Sometime in the next couple of months it will 
be up.
    Chairman ROSKAM. Mr. Camus, do you have an expectation that 
that is realistic, that what the Commissioner is talking about 
to have that multi-factor authentication in place in that time 
frame based on your experience. Do you think that is realistic?
    Mr. CAMUS. I think it is a significant challenge, but I 
know they are dedicated to doing that, and our agents have 
consulted with them on things that we have seen in our 
investigation of the breaches. So we are sharing that 
information with them, but it is a significant undertaking and 
a very complex one.
    Chairman ROSKAM. Okay. Ms. Lucas-Judy, what is your opinion 
on whether the Commissioner's time line is realistic?
    Ms. LUCAS-JUDY. I agree that it would be complicated. It 
would probably take a while, and there is a lot for them to 
consider. We do think it is important that they take a measured 
approach and consider very carefully the costs, the benefits, 
the risks of any of the authentication tools before they go 
forward and implement them.
    Chairman ROSKAM. Okay. Let me just shift gears and, Ms. 
Lucas-Judy, stick with you for a second. The Commissioner 
mentioned in response to Mr. Rice's inquiry about 
recommendations from GAO as it relates to the management 
failure surrounding the targeting issue, and if I understood 
the Commissioner, he said that they have been implemented, 
those recommendations.
    Is that your understanding? Have those recommendations been 
fully implemented or are there things that yet have to be 
implemented? What is your understanding?
    Ms. LUCAS-JUDY. I would have to get back with you to be 
sure. I am pretty certain that the recommendations are still 
open.
    Mr. KOSKINEN. I think the recommendations were from the 
Inspector General that I testified.
    Chairman ROSKAM. Okay.
    Mr. KOSKINEN. As well as the Senate Finance Committee.
    Chairman ROSKAM. Okay. Then I stand corrected.
    Mr. Camus, is that your understanding, that TIGTA's 
recommendations have been fully implemented on the targeting 
mismanagement?
    Mr. CAMUS. I believe we did a recent audit report that was 
favorable in that regard, but I can get that audit report 
reference for you.
    Chairman ROSKAM. Okay. Just so that we are clear and thank 
you for making that clarification.
    Ms. Lucas-Judy, could you give us a sense? So we have heard 
this testimony today about the nature of the changing fraud 
schemes. It was fairly pedestrian in the past. The fraudsters 
are moving at the same rate of technology, becoming more and 
more sophisticated.
    In the past it was basically get a name and get a Social 
Security number and manipulate something.
    Do you have a sense of how we should be thinking about 
fraudsters now that have access to all of the information? So a 
fraudster based on the data breaches and all of these other 
areas are not guessing John Lewis, date of birth, you know, 
what his favorite drink is, Coca-Cola by the way. He is working 
the hometown product. But they are coming in the front door 
with all of the information.
    Do you have an opinion or recommendation in terms of what 
we should be thinking about and that changing nature of the way 
the technology is driving the crime?
    Do you follow my question?
    Ms. LUCAS-JUDY. I think so.
    Chairman ROSKAM. You had a very quizzical look on your 
face. Go ahead.
    Ms. LUCAS-JUDY. We are currently looking at the 
characteristics of identity theft refund fraud to, you know, 
try to determine if there are any patterns in terms of, you 
know, where it is coming from, location, other characteristics, 
and we are going to be reporting out on that later this year.
    But in general, I mean, we have said before that it needs 
to be a multipronged, multilayered approach to fighting 
identity theft refund fraud, you know, trying to get at the 
situation up front, during the processing, and then afterwards 
following up with leads from partners, and again, you know, 
analyzing that information, developing metrics to determine how 
effective the leads program is and sharing information that is 
actionable with the folks that are providing the leads 
information so that they can help strengthen their own security 
posture.
    Chairman ROSKAM. Mr. Camus, on the idea of a refund deposit 
being made to an account, electronically made, it is my 
understanding that the IRS has changed its policy, and they 
have limited the amount of deposits that will be made into a 
single account.
    Can you give us a sense of that, you know, what your 
understanding is of that?
    Because I think implicit is the recognition that it would 
have been ridiculous over a period of time to have hundreds of 
refunds going to a single account, and the IRS has changed that 
policy.
    Now, my understanding is that they will put three refunds 
into a single account, but is there still an issue as to where 
a paper check could go, that it could go to more than one 
address?
    Do you follow me on the nature of this question?
    And can you give us some insight for this? Because it is 
really troubling, and I think like we are in the midst of it, 
but we are not quite done dealing with it. Can you give us a 
sense of that?
    Mr. CAMUS. Yes, you hit the nail on the head. It is a very 
complex issue because taxpayers, if you have seen one taxpayer, 
you have seen one taxpayer. Each taxpayer can have their own 
set of circumstances.
    So the IRS did, in fact, take a look at that issue based on 
some recommendations, and they agreed that any more than three 
deposits to a single bank account is questionable even if it is 
maybe a family member that has the bank account on behalf of 
all the people.
    So limiting those bank accounts, limiting those deposits to 
a single bank account to three people, their filters have 
caught about 885,000 questionable returns using that screen.
    We also think thought that mailing then subsequent paper 
checks could cause a problem because who is to say that the 
criminals have not gone in and changed the address of record? 
That is one of the concerns that we have when we talk to the 
Commissioner's staff about all the ways that criminals from all 
over the world look at this $3.3 trillion that is collected or 
the 400 billion that gets issued in refunds. That is a very 
ripe area for criminal enterprise, and they are constantly 
looking at it and testing it.
    So we think the limiting the refunds to three is good. We 
are looking at that, and we will be writing an audit report on 
the effects of that.
    Chairman ROSKAM. Okay. Commissioner, thank you for your 
time today, and I have just got sort of just a closing question 
and just a general inquiry.
    So some of the concerns that were either articulated or 
implied today are no surprise to you. You have heard some of 
these things in the past. One of the areas that I think is 
really worthy of exploration is this. The allocation of 
resources as it relates to technology has from my point of view 
underperformed, and your head of IT came up, and we had a 
briefing. I think it was last year. Do not hold my feet to the 
fire, but you remember when you came up and you brought your 
team.
    And one of the things that he said to me startled me, and 
we were criticizing, you know, as is sort of our pattern, and 
he said, ``Well,''--and this is as it relates to the IG 
spending--and he said, ``We do not look at it as a failure. We 
look at it as we have learned what does not work.''
    Now, that is great if you are Thomas Edison and this is 
Menlo Park, but that is not what we are dealing with, and I am 
not trying to be cavalier or flippant. My view is, look, some 
of this technology has been explored and robust in the private 
sector, and it has been allocated, and the example I used a 
couple of minutes ago about the use of Visa's technology as it 
relates to Medicare, it is deployed. It is successful.
    So what is the level of complication that has made it so 
difficult for the Internal Revenue Service to transition and to 
be successful on these themes?
    And this is in the context of an agency that has been 
successful in moving through and implementing the Affordable 
Care Act. And one of the reasons we are not talking about the 
Affordable Care Act today is because the IRS has been 
successful largely in implementing a terribly complicated new 
law and did it pretty well.
    So why should the IRS not be held to account? If you can do 
it with the Affordable Care Act and be successful, what is to 
say it cannot be done on cybersecurity and these identity theft 
questions?
    That is how it looks to me. Am I misperceiving this? What 
new information? Because I am not believing that it is just 
money. I just am not buying it, and if that is sort of what it 
distills down to, then okay. We are shirts and skins, and I 
guess that is just the way it is.
    I do not think that is it. I think that there is something 
else going on, and I am interested just in your perspective. 
What else do you think is going on?
    Mr. KOSKINEN. I think the biggest difference is with the 
Affordable Care Act or when we get tax extenders, it is a fixed 
target. You know exactly what it is you are going to do. It is 
complicated. We run an antiquated system, as you know, that we 
are trying to upgrade.
    When you are dealing with identity theft and refund fraud, 
as you have noted and this hearing has discussed, you are 
dealing with a moving target that as you push down here and 
stop it there, it moves and evolves.
    That is to say we are now dealing with and part of the 
reason for the Security Summit is the ways of getting refund 
fraud information is not just stealing it in the public domain, 
and it is not trying to access IRS systems. It is, in fact, 
accessing all private sector systems so that the reason the 
states are so enthusiastic is they are fighting the same 
battle, and it changes every year.
    So we are moving. It is as if you change the rule of the 
football game every year, and last year's rules have now been 
changed, and we have got to play with a different game and a 
different set of rules, and it will continue to be a moving 
target.
    But I do think that it is important for us to continue to 
fight that battle. As I say, my goal is for us to get to a 
point where instead of just reacting and stopping in their 
latest incarnation, we can begin to anticipate where are they 
going next? If we have stopped them here, what is the next 
likely place they will go?
    One of the things we are getting with leads from private 
sector and the states is what are they seeing that is 
different. What are the patterns that are going on out there 
that did not happen last year? Last year, you know, there were 
actually suddenly refund fraud attacks on states, not the 
Federal Government but on state systems.
    This year we are seeing other things. That is why our data 
elements that we are involved with. We have over 200 filters 
now that have evolved over time. Those 200 filters five years 
ago would have stopped everything. They do not stop everything 
today because, in fact, we are fixing the plane while it flies, 
but we do not know the direction it is going every year.
    Chairman ROSKAM. So just in closing, I think that there is 
an opportunity here, and you heard it from both sides of the 
aisle. There is a level of concern and a level of anxiety. From 
my point of view, the IRS has demonstrated a capacity to deal 
with some very significant, challenging things.
    I will stipulate that the implementation of the Affordable 
Care Act as you have described it is a fixed target and date 
certain and so forth.
    I think we have a season right now where there is a lot of 
interest on both sides in trying to drive towards some of these 
solutions, and I think that we should seize on that 
opportunity.
    But I want to thank each of you for your time today and for 
the members who have chosen to participate.
    The meeting is adjourned.
    [Whereupon, at 12:05 p.m., the subcommittee was adjourned.]
    [Questions for the record follow:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
                                 [all]