Another IRS tax tool bites the dust

The IRS has killed its online tool for requesting electronic-filing PINs after cyberattacks ramped up.

IRS Headquarters in Washington, D.C. (Photo credit: Rob Crandall / Shutterstock.com)
 

The IRS has nixed its online and telephone-based electronic filing PIN offerings following increased cyberattacks.

In a June 23 statement, the agency cited an increasing frequency of automated attacks through which hackers could generate the e-file PINs needed to file fraudulent refunds.

Tax industry insiders have long sounded the alarm on the tool's reliance on Social Security numbers and other static identifiers. Answers to such "out-of-wallet" questions can sometimes be easier for scammers to obtain than answers to the knowledge-based authentication that failed to protect another IRS web tool, Get Transcript.

IRS officials said they were shutting down the e-file PIN options as a precaution to protect taxpayers, and they had already been working with the tax-preparation industry to eliminate the feature.

The tool has been the target of bot attacks since at least February, but officials said they opted to delay taking the tool off-line because most commercial tax-preparation software relies on it to some degree.

As it yanks down insecure web tools, the IRS has been building a new security model that incorporates two-factor authentication and a harder-to-answer series of security questions.