Blog post
IRS needs to get the eIVES income verification system right to help prevent fraud
SentiLink
Published
July 7, 2023
In 2018, Congress passed a law directing the IRS to modernize its service that allows a financial institution to obtain tax transcript data on a consumer. The system, called the Income Verification Express Service (IVES), has been used almost exclusively by the mortgage industry. This is not due to a lack of interest from other segments of the financial industry, but rather that the system is fax-based and takes days to return relevant data to lenders.
With the 2018 law, Congress expected the IRS to evolve their antiquated IVES system into one that utilizes API technology to make this permissioned data exchange happen in near real time. Most obviously, this would be a significant benefit to digital-first financial institutions and fintechs in the consumer and business lending space who would be able to incorporate income and transcript data into underwriting processes more efficiently.
We believe a real-time income verification system would also be an extremely useful tool to prevent fraud. Like the Social Security Administration (SSA) for Social Security numbers, the IRS is the "source of truth" to validate an applicant's stated income from prior tax years. As a fraud escalation strategy, an electronic IVES (or "eIVES") would allow financial institutions to add appropriate friction to select high-risk applicants, as well as many types of first party fraud. The ability to easily validate specific income indicators, as well as capture additional documentation for future disputes, is a strategy we believe can significantly dissuade a would-be fraudster from continuing an application.
Unfortunately, the IRS has created significant issues with the implementation of the eIVES system. The crux of the problem is an IRS-wide agenda to drive every tax-filing consumer to create an IRS.GOV account -- a process that requires an exhaustive and slow identity authentication flow. IRS has incorporated these requirements into its new eIVES system, meaning a consumer applying for a financial product would have to leave that process to create an account at IRS.GOV before being able to grant permission to request tax transcript data through the IRS system.
We believe a better solution is to require the financial institution to validate the identity of the consumer -- something already required by federal "know your customer" rules. In fact, this is how the legacy IVES system works today. Part of what makes this approach fundamentally logical is that the consumer does not actually interact with the IRS in the eIVES system: the financial institution or its service provider does. The consumer merely gives the financial institution consent to request the relevant tax transcript data from the IRS.
The SSA's Electronic Consent Based SSN Verification service (eCBSV) shows how an analogous public-private data exchange should work. To use eCBSV, SSA validates the identity of the financial institution or service provider connecting to the system, and leaves other consumer KYC requirements to the financial institution. IRS should follow the precedent set by SSA in this regard.
Recently, the Congressional champion of the 2018 law -- Chairman Patrick McHenry (R-NC) of the House Financial Services Committee -- introduced a bipartisan bill that would ensure the IRS implements the consent and identity verification components of the system the right way, and does not inappropriately assume control of the KYC process. We strongly support this measure and hope Congress acts quickly, so that lenders can benefit from both the underwriting enhancements and fraud mitigation benefits of a new eIVES system.