Last year's income tax season was marked by an explosion of refund theft. Will this year be any different?
Increased protections may cut down on fraud but will likely draw out the wait for your money. Changes will be visible when you use tax preparation firms and filing software, with warnings akin to those from your bank if you try to log in from a new device or change account information. Less visible will be broader changes, such as revamped fraud-sniffing programs used by the IRS, states, and the tax prep industry, as well as new information-sharing agreements among all three.
Whether theses measures will make it appreciably harder for someone to use your identity to claim your refund isn't clear. One of the best consumer defenses against refund fraud is to file as early as possible, starting Jan. 19, beating would-be thieves who depend on your procrastination. But the best defense is to set your deductions ahead of time so that you get no refund at all.
Here's what taxpayers can expect this season:
More identity verification
Yes, this means wider use of those multiple-choice questions about where you lived 30 years ago if you're filing electronically. It also means "a lot more reactive warnings to users that something has been changed, and making sure it was them that changed it," said JoAnn Kintzel, chief executive of Tax Act, a tax software firm. "If an e-mail address changes, a message will go both to the new e-mail and the old e-mail."
Taxpayers will also get a notice if bank deposit information or their home address is changed, said Julie Miller, a spokesperson for tax software company TurboTax, and companies will check to see if more than one account is using the same Social Security number.
Leading tax prep and software companies, as well as payroll and tax financial payment processors, working with states and the IRS, have all agreed to a set of minimum security measures. Companies and states may put in place additional measures, as Alabama did this year, requiring anyone filing electronically in that state to provide information from a driver's license or state ID card.
Though complex passwords are commonplace on other consumer and bank websites, the tax industry has finally joined the club. The passwords must now include a lowercase letter, an uppercase letter, a symbol, and a number (for example, #H8This). A new timed lockout feature will kick in after repeated failed login attempts.
The IRS launched a consumer education and awareness campaign this past November about security basics. They include not using the same password for multiple accounts, using anti-virus protection, and encrypting sensitive data.
Looser refund timing
There will be less certainty about when taxpayers can expect state refund checks, said Verenda Smith, deputy director of the Federation of Tax Administrators. "In the past, there was a political imperative to get refunds out the door, and that has certainly changed," she said. “You may have a perfectly fine return, but the state will take just a little longer to confirm that it’s you who is filing it.”
More paper checks
There may also be more refunds that come in paper checks, even for those who request direct deposit. That may prove particularly true for first-time filers, said Smith.
Last year, many fraudsters changed a taxpayer's preferences in favor of direct deposit to a prepaid debit card account created before filing the false return. So this year, Utah will directly deposit a refund only into a bank account or prepaid debit card issued by a taxpayer's financial institution. Alabama also changed its policy so that its Department of Revenue can send paper checks to your mailbox even if a taxpayer requested direct deposit, which will be done on a case-by-case basis.
"Prepaid cards are the currency of criminals,'' IRS Commissioner John Koskinen told 60 Minutes in 2014. "Our problem is you can't distinguish the number of a prepaid card from a legitimate bank account."