The Internal Revenue Service glossed over computer security in planning for a new tax return law that applies to e-payment processors, government investigators said. The law kicks in during the 2012 filing season for the 2011 tax year.
A tiny provision folded into the 2008 Housing and Economic Recovery Act stipulates that companies handling credit card transactions for merchants, such as PayPal, Amazon and traditional banks, must report the gross amounts of merchants' transactions along with the vendors' sensitive personal information starting in tax year 2011. The Treasury Department estimates that clamping down on sellers that are under-reporting sales, by comparing self-reported gross figures to the payment processors' numbers, will generate nearly $10 billion during the next 10 years.
But the law will add millions of additional reporting documents to IRS computer systems, according to federal auditors. And the agency's strategy for applying the law "does not consider the security of the computer systems being planned and changed or the new data being received," Michael R. Phillips, the Treasury Inspector General for Tax Administration's deputy IG for audit wrote in a July 26 report released Thursday.