IRS Testing Behavioral Analytics to Verify Online Users [Tracking you by Smartphone]

www.nextgov.com ^ | September 20, 2019 | By Aaron Boyd, Senior Editor, Nextgov

[Red Badger]

The agency is piloting a proof-of-concept that will track how individual taxpayers interact with its online systems.

==============================================================

When taxpayers use online systems, the IRS really wants to make sure the people accessing information are who they say they are. The agency has implemented a number of authentication tools over the years—with varying degrees of success—and is now looking at behavioral analytics as an option.

The IRS announced a sole-source contract to BioCatch for a proof-of-concept that would incorporate behavioral analytics for the agency’s eAuthentication system. BioCatch’s technology tracks how a user interacts with their device and the agency’s apps to continually verify their identity.

“BioCatch collects behavioral metrics—i.e., left/right handedness, pressure—while a user is interacting with eAuth without impacting user experience and establishes a profile for the user,” IRS contracting officers wrote in the statement of work. “Once this profile is established, this data is used to detect fraud on subsequent login attempts and to prevent account takeover during the user’s session.”

For the program to be successful, the proof-of-concept has to demonstrate the ability to reliably authenticate users without disrupting the process or adding extra steps.

The proof-of-concept work will go through Jan. 17, at which point the IRS will decide whether to adopt the technology or seek a different solution.

The road to the BioCatch contract started in July 2018, when Treasury Department officials granted funding to the IRS’ Enterprise Services division to “incorporate innovative ideas to bring strong authentication to the IRS online,” according to the statement of work.

“With these funds, a large set of ideas was researched and subsequently narrowed down to a smaller list of potentially implementable solutions,” the document states. “From this list, BioCatch was selected for its behavioral biometrics and fraud reduction capabilities to be tested with eAuth.”

[Bitman]

Big brother is looking for another way to watch...

[Buckeye McFrog]

A foil lined potato chip bag is your friend.

[bgill]

Use your big toe.

[2banana]

The IRS seems incapable of detecting 10 million illegals using stolen SSNs

[VTenigma]

Skynet is now active.

[House Atreides]

I guess my reaction to this differs from those of the initial responders. If the IRS gets a call or online access attempt from somebody claiming to be me I want the IRS to be as sure as humanly possible that the caller/accessor is me and not an impersonator. That caller/accessor identity verification process is called “authentication” and is not a bad thing.

[Svartalfiar]

“BioCatch collects behavioral metrics—i.e., left/right handedness, pressure—while a user is interacting with eAuth without impacting user experience and establishes a profile for the user,”

What? As far as I understand, eAuth is just the USDA/IRS/other online portal for logging in to your account / paying stuff.

How is the IRS gonna figure out if you're right- or left-handed? How much pressure you use? Even with a non-intrusive/viable method or recording this info, do they really think this data is going to be that consistent / exact as to identify each user? Are they sending a special keypad out to every taxpayer, that also sends this data back? I don't see this being that successful...

[Albion Wilde]

bump