Taxpayers that want to access their online accounts on IRS.gov will have to take a selfie to verify their identity with ID.me starting this summer.
Existing accounts on IRS.gov use an email and password to login, but they will stop working in the middle of 2022, according to the IRS.
The agency is saying that the reason for the change is to protect taxpayers from potential identity theft.
However, some privacy advocates are saying that the change is invasive and that the company behind ID.me does not have the best record with verifying a person’s identity.
ID.me has become the government’s default ID-verification system over the course of the pandemic. The 12-year-old company originated as a way for military veterans to get discounts.
They have since grown drastically and are now worth an estimated $1.5 billion, according to Bloomberg. ID.me has pulled in over $200 million in venture funding and has also secured contracts with 27 states in an attempt to stop unemployment fraud.
An IRS spokesperson clarified that Americans won’t be forced to make a new account with ID.me or take a selfie to file their tax return.
“The IRS emphasizes taxpayers can pay or file their taxes without submitting a selfie or other information to a third-party identity verification company. Tax payments can be made from a bank account, by credit card or by other means without the use of facial recognition technology or registering for an account,” the IRS said in a statement.
Taxpayers will still need to register if they want to see records of previous payments, access their wage transcripts or to access their Child Tax Credit Update portal.
Security researcher Brian Krebs noticed the change on the IRS’ website and shared his challenging experience verifying his identity with ID.me.
“[F]or anyone who fails the automated signup, count on spending several hours getting verified,” Krebs wrote.
Users must provide an email address and a phone number, upload identity documents, and take a selfie that will get scanned by the software to sign up. The application could flag any issues with the user’s documents, and if that happens you would have to speak on the phone or video chat with an ID.me representative.
Daniel Morris, a CPA based in California, explained why the IRS is making these security changes, as the agency has had some issues protecting data in the past.
“Privacy and data theft is significant at the IRS. They are deathly afraid of a hack,” Morris said.
“The service is trying to modernize, and make sure from a data protection standpoint … they want to make sure that someone who is getting your data is authorized,” Morris said.