For anyone who has filled out the federal student financial aid form called FAFSA, they know it is a pretty daunting task.
Well now it has become a bit more daunting.
Kind of like the problem the IRS had a few years ago with the tax transcript retrieval tool where hackers used the tool to get enough information to file fraudulent tax refunds, hackers were using the Data Retrieval Tool (DRT) to do the same thing.
Apparently, according to testimony by IRS commissioner John Koskinen earlier this week, the IRS noticed a spike in use of the tool where the student aid application was never finished.
The IRS told the Education Department that they would have to shut down the tool if there was any indication of criminal activity.
Last month the IRS acted and shut down the tool as millions of students apply for financial aid for the fall.
While they have not released the details of how the scam works, I gather you start a financial aid application like you were a new student and once you get to the point where the tool imports the tax data into the application, you stop and use that data to file a fraudulent tax refund.
For students, not having the tool means that they have to find last’s tax return for themselves (if they have one) and their parents and enter the data manually. Technically, not the end of the world, but it makes things a little more difficult.
And difficultly – or the opposite of that, simplicity – is the crux of the problem.
How does the IRS know that Joe, posing as a student applying for financial aid, is really Joe.
This is the same problem that EVERY company that allows users to interact with them on the Internet deals with every day. How does your bank know that you are you? Or a department store? Sure you know your Social Security Number and Birth Date, but that data is not hard to find. HOW DO YOU KNOW THAT JOE IS REALLY JOE. That is not easy to do.
Because, at the root of this question is that old mantra “SECURITY. CONVENIENCE. PICK ONE. If you make it hard for people to use the system, people complain. If you make it easy to use, then it may well be unsecure.
In this case, 100,000 taxpayers will be receiving a letter from the IRS. “Dear Taxpayer, sorry, your tax data has been hacked.” Not a letter anyone wants to get.
In a scale that only the government can appreciate, the IRS says that ONLY 30 million dollars in fraudulent refunds were granted before the tool was shut down. The only good news is that the IRS was able to stop another 14,000 refunds from going out.
They plan to turn the tool on once they figure out how to make it harder for hackers to abuse, but I am skeptical that they can actually do that and still make it usable by students. We shall see what they do. AND, what the hackers do.
Information for this post came from Pymnts.com .