Can Intuit’s Safeguards Prevent Tax Refund Fraud?

Who is at fault for the recent spate of fraudulent returns on TurboTax…and who can fight against it?

Last month, the Intuit-owned company — one of the most popular tax-filing softwares in the U.S. — halted e-filing of all state returns in response to a flurry of attempts to criminally acquire refunds through its system. Now that the smoke has more or less cleared but as tax season reaches its peak, experts are weighing in on what allowed the mass of transgressions to occur in the first place and whether enough is being done to prevent it from happening again.

The Washington Post has learned from Intuit that some states have seen a 37-fold increase in suspicious filings so far this year. However, not all of these filings are deemed fraudulent by the company, who says that responsibility falls to the IRS.

Some criticize this strategy by Intuit and other tax-services companies as passing the buck.

“They can’t blame everything on the IRS. That’s ridiculous,” Ed Mierzwinski, consumer program director at the U.S. Public Interest Research Group, told the Post. “I think that both the IRS and the states need to up their game. The agencies have been starved. They have not gotten adequate funding to protect people’s financial lives in the way that they should. . . . They’re not keeping up with the bad guys.”

While the question of who’s to blame might remain up in the air, a somewhat clearer consensus can be gleaned in exploring what can be done better moving forward.

KrebsOnSecurity outlines a number of basic security protocols that would improve security for TurboTax accounts, including email verification, phone number validation, notification of account changes, identity proofing, enhanced account recovery tools, and linking state and federal returns.

The Post story points out that Intuit, in the time since the temporary shutdown of TurboTax last month, has already implemented a number of new safeguards, including linking state and federal returns and adding multi-factor authentication — a process requiring customers to provide a code that was sent to their mobile phones or email addresses in order to access their accounts.

But, as more Americans prepare to file their taxes, only time will tell if Intuit’s security upgrades pass the test and prevent additional cases of tax refund fraud.