IRS Awards $7 Million Fraud Prevention Contract To Equifax (politico.com) 115
An anonymous reader quotes a report from Politico: The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans. A contract award for Equifax's data services was posted to the Federal Business Opportunities database Sept. 30 -- the final day of the fiscal year. The credit agency will "verify taxpayer identity" and "assist in ongoing identity verification and validations" at the IRS, according to the award. The notice describes the contract as a "sole source order," meaning Equifax is the only company deemed capable of providing the service. It says the order was issued to prevent a lapse in identity checks while officials resolve a dispute over a separate contract. Lawmakers on both sides of the aisle blasted the IRS decision.
The IRS just stepped in it.... (Score:3, Insightful)
More regulations (Score:3, Insightful)
It won't happen. Listen my fellow peasant, we have to just bend over and take it.
And when we get the letter stating that our taxes have already been filed (probably by some illegal alien using our SSN to get his refund and CTC, EITC, ACTC), WE will be the ones that will have to spend the time filling out forms to prove that we are who we are.
Then, every tax year, WE will have to provide the documentation stating that we are who we say we are.
All because businesses are careless with the data they insist on
European style privacy laws (Score:1)
My company is currently spending a lot of money and time to comply with Europe's new General Data Protection Rules whereby any person can request that their information be completely removed for a company's systems. The reason the company is taking it seriously is because the fines for non-compliance are set as a percentage of the company's revenue so they could be massive. Plus no other European company will do business with us unless we're compliant.
Here in the USA though the moment most people hear "Euro
Re: (Score:1)
don't forget the freedom to have guns no subject needs.
FTFY
Re: (Score:1)
Re:More regulations (Score:4, Insightful)
A number is not proof of identity. It is a reference number to help establish that you are who you say you are. Having identifying information, like a Social Security Number is not proof of identity, it simply is a tool in what should be a chain of tools to help one verify (key word) identity.
People who accept it as "proof" of identity are misusing it, and should be held accountable for that misuse. Any Line of Credit established without enough other evidence is itself evidence of lack of due diligence.
Re:More regulations (Score:4, Insightful)
The problem is, when someone, say Equifax, collects the "other evidence useful for proof of identity", then they can impersonate you to anyone who don't personally know you. And if they share that information with some other entity, willingly or not, THAT entity can no impersonate you to anyone who doesn't know you.
We aren't just talking about one piece of information here.
Re: (Score:2)
It is a reference number to help establish that you are who you say you are.
Not quite. It is a reference number to help establish who you say you are. You need something else, like a secret or some unique biometric, to help establish who you are.
Re: (Score:1)
Re: (Score:2)
Time to Start up a Class Action Against the IRS for ENABLING
Heheh. We'll be lucky if lawsuit against Equifax gets us a $5 credit off our next credit freeze fee.
Class Action against IRS will get you many years of free tax audits, though.
Re: (Score:2)
Re: (Score:2)
This makes no sense. The IRS only does what Congress tells them to do. If the government wanted the IRS to not look at certain books, they could easily change the law to make that happen. No underfunding required.
Re: (Score:2)
That's a good point. On the other hand, Congress has historically been very good with telling the IRS to do things that are very unpopular while at the same time blaming and directing the outrage about it at the IRS.
Re: (Score:2)
but the IRS will never have the funding to do it in-house properly.
Whoa there; in years past the IRS has wasted whopping piles of money on failed IT projects that they don't outsource. The problem is not lack of funding but lack of competence, especially in project management.
Re: (Score:2)
Are you claiming that Equifax is better? Or just that Equifax doesn't make their mistakes public?
Re: (Score:2)
I'm claiming that I was replying to someone who said the IRS never has the funding to do IT projects in house.
Re: (Score:2)
Re: (Score:3)
More misleading than fake (Score:2)
The IRS tried to replace Equifax back in July when it awarded the contract that was competed to another company.
Equifax was the incumbent and protested the award.
In order to keep the service available to taxpayers, the IRS awarded Equifax a "bridge contract" until the protest is resolved.
So the IRS did everything right, the normal red tape prevented it from reacting to the security breach when it happened.
Re:Swamp (Score:5, Funny)
Someone should really drain that thing and build a castle...
Re: (Score:2)
Hell, if anything, the levee isn't draining the swamp, it's actually preventing the natural outflow and turning it into a lake!
Re:Don't blame the IRS (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
Aren't there like 3 of these major credit agencies?
Transunion...and another one.
I was about to say that the Feds have used Acxiom [acxiom.com] to clean up data before...but I think they may own Transunion, so, that might be redundant.
Re: (Score:1)
Experian is the the third big one.
But depending on any number of things, TransUnion and Experian might not meet some qualification to run this program. But through the magic of government bureaucracy and loopholes, Equifax does.
Go figure.
Re:Don't blame the IRS (Score:5, Informative)
I may agree in other circumstances, but awarding a contract for fraud prevention to what's probably the largest victim of a form of fraud in human history- an entity that is now trying to deflect blame by citing conditions that they themselves created in the first place, is about as stupid as it gets.
Equifax deserves to have its charter revoked, basically the corporate death penalty, with its assets liquidated and all of the proceeds going to a mitigation fund to attempt to combat the expected identity theft that the public will see in the upcoming years. Its officers should be prosecuted and if the ensuing investigation shows they were willfully negligent, the personal gains they made through those negligent actions should be confiscated through a civil forfeiture process as they're sentenced to jailtime. This is not the company that one awards a no-bid contract to.
Re: (Score:2, Informative)
Equifax is not actually preventing fraud. I worked a similar project where another government agency was also trying to prevent fraud and abuse, and we used Equifax as a data source specifically to confirm identities. You provide them certain information (first name, last name, date of birth, address, etc. etc.) and they would confirm whether you had the correct person, often filling in the blanks. The agency would then use that information, along with other inputs, to determine whether fraud was being comm
Re: (Score:2)
Re: (Score:2)
otherwise NOTHING will happen.
Doing nothing would be far preferable to putting a criminally incompetent company in this role.
capable (Score:5, Insightful)
Equifax is the only company deemed capable ...
Since Equifax has shown to be very incapable (of exactly the things they should be capable of), what does this say about all other companies in this business?
Re: (Score:2)
Equifax is the only company deemed capable ...
In other news IRS procurement and partner evaluation procedures revealed to be incapable.
Re: (Score:3)
Usually, being "deemed capable" implies being able to deliver a specific product or service in the exact manner that the requesting agency wants it.
TransUnion and Experian may be better on any number of metrics, but if they cannot check off all the requirements then they are eliminated from consideration.
That said, now would be a great time for those competitors to force the IRS to review its requirements. Half of the time, those important "sole source" contracts have a few bullshit requirements just to gua
Sole Source (Score:5, Funny)
No worries... (Score:3)
It makes perfect sense (Score:3)
Re: (Score:2)
Yeah well, nobody up there is doing it right [johnmoserforcongress.com].
Re-open the bidding (Score:5, Funny)
[quote]The notice describes the contract as a "sole source order," meaning Equifax is the only company deemed capable of providing the service[/quote]
While that may have been true at the time of posting the order, pretty much every company has access to the same data as Equifax now.
Re: (Score:2)
"every company has access to the same data as Equifax now" How do you figure? Do we know who exploited Equifax's alleged security? If it is the Chinese government, it would akin to an act of war to sell that information if the U.S. ever cottoned on to it.
Re: (Score:2)
An earlier story claimed that the original hacking group passed it on to a different set of hackers when they figured out how valuable it was. I interpreted that as meaning they'd already sold the access, the story figured that was proof it was a nation-state.
So you can take your pick. Either it's already on the market, or it's in the hands of an unknown nation state...from which it will likely leak (eventually), because it won't hurt their employers, and somebody always needs more money.
Re: (Score:2)
If Equifax is proving identity verification services, it's not just about the data.
There is some complicated process by which the government requests identity verification. There are two things that make this process complicated:
1. It complies with absolutely every federal privacy rule---because no bureaucrat is going to risk his job on something that does not comply with the law. The rules may or may not actually protect us, but they will be followed regardless.
2. It interfaces with some arcane government
So you fuck up and you get PAID ?! (Score:3)
WTF.
Re: (Score:3)
Rule 1 of corporate administration: Heads always roll uphill.
Re: (Score:2)
Personally, I don't care about the amount of the contract. If it were for $100, that would make it no less objectionable.
The serious problem here is hiring a company who is demonstrably incapable of detecting or preventing fraud in a role of fraud prevention.
Comment removed (Score:3)
Re: (Score:2)
This IRS calling to check your identity we need yo (Score:5, Funny)
This IRS calling to check your identity we need your
Name
Address
SS number or tax ID number
Re: (Score:2)
This IRS calling to check your identity we need your
Name
Address
SS number or tax ID number
Hello, IRS agent! It's on the internet now, so by all means, feel free to download it.
Well, of course! (Score:2)
Equifax just proved that they have the necessary data...
Government Level Stupidity (Score:3)
In other news... (Score:3)
The Dept. of Human Services has awarded a contract to a company formed by OJ Simpson, Robert Blake, and Scott Peterson to do research into domestic violence prevention and awareness.
gee (Score:2)
Is this another example of "draining the swamp"? (Score:2)
We have heard that the government doesn't work, so elect "so and so"; if they get elected, they then break the (previously working) government exactly as they described, and say it never worked.
What!? (Score:2)
Let's hear from lovers of taxes (Score:2)
Let's hear from the crowd, who like to pay taxes [progressiv...ickers.com] — because that's how they buy civilization [goodreads.com].
They seem kind of quiet today for some reason...
What's the word? Hmm. (Score:1)
I realize I am at odds with 50% of the American Electorate, but perhaps we need to get specific on who exactly is in this swamp that needs draining. Ajit Pai is cool? Equifax is legit? And people support these positions? WTF.
I don't know the exact word for state of A
WTF (Score:2)
The damned credit agencies can't even get my address right. I've ran 3 agency checks several times over the last few years, and found multiple errors, and yet the government wants to rely on these jackasses? They should be sued into oblivion for not getting their shit straight. I'm currently fighting with one of them over a phony bill from MCI...yes, MCI. I had used them at an old address that I moved away from back in '02, and yet MCI posted that I owe them about $50 as of 2013...eleven years after I n
DID I WAKE UP IN A PARALLEL UNIVERSE? (Score:1)
Did I wake up in a parallel universe? Think of every possible expletive than dream of shoving them up the tail of this huge asses.