The Internal Revenue Service (IRS) will start requiring people to provide a photo of themselves to a third-party company to verify their identification before they can access their online accounts.
This applies to people who created an online account to manage their tax records with the IRS. The login credentials will not work to gain access by summer of 2022. Users will then be required to log in to irs.gov through an online identity verification service called ID.me, which the IRS deems “a trusted technology provider.”
“Identity verification is critical to protect taxpayers and their information,” IRS Commissioner Chuck Rettig said in a statement. “The IRS has been working hard to make improvements in this area, and this new verification process is designed to make IRS online applications as secure as possible for people.”
He added, “To help taxpayers and the tax community, we are improving the accessibility of online tools that help families manage their Child Tax Credit, check on their IRS accounts and securely perform other routine tasks online.”
The routine tasks include obtaining a tax transcript, getting an Identity Protection PIN, or viewing on online payment agreement. Other IRS applications will also eventually require similar online verification.
“The new process is one more step the IRS is taking to ensure that taxpayer information is provided only to the person who legally has a right to the data,” the IRS announced.
To apply for the service, people will need to submit copies of bills and another form of ID, such as a driver’s license, state ID, or passport. They will also need to take a photo of themselves. ID.me may also require a recorded, live video chat with the applicant if there are not enough materials for the application or there are potential indications of fraud.
The IRS noted that people won’t be required to go have their selfies scanned or use ID.me to submit their tax returns.
“The IRS emphasizes taxpayers can pay or file their taxes without submitting a selfie or other information to a third-party identity verification company,” the agency said in a statement to news outlets. “Tax payments can be made from a bank account, by credit card or by other means without the use of facial recognition technology or registering for an account.”
Brian Krebs, who writes on his blog Krebs on Security, noted that ID.me stated that users can delete their biometric data at any time; however, “there was no apparent option to do so when I logged straight into my new account at ID.me.”
“When I asked the support technician who conducted the video interview to remove my biometric data, he sent me a link to a process for deleting one’s ID.me account. So, it seems that removing one’s data from ID.me post-verification equals deleting one’s account, and potentially having to re-register at some point in the future,” he wrote.
Jackie Singh, director of technology and operations at the Surveillance Technology Oversight Project, expressed concern over potential data breaches with the new IRS move.
“Very [expletive] short-term decision making which will only lead to further ruin for Americans when their data is inevitably breached. Now that [Facebook] has ‘deleted’ their data I guess it needs to come from elsewhere,” she wrote on Twitter.
“IRS trying to fight fraud so they’re forcing Americans who want to get tax data from the IRS online to submit biometric data in the form of a selfie (to a third-party company) to verify themselves,” she said in a separate Twitter post. “This is very, very bad, and every tech-aware American should fight it.”
From The Epoch Times