IRS Isn’t Checking ID Proofing Performance
The US Inland Revenue Service (IRS) has not been independently evaluating the digital identity proofing services provided by ID.me, its exclusive vendor for access to sensitive taxpayer services. A recent Government Accountability Office (GAO) report found that the IRS is relying solely on ID.me’s internal performance assessments, with no external verification or established performance benchmarks 1.
This situation indicates a gap in oversight, particularly given the volume of transactions: over 150 million logins to ID.me-secured IRS applications occurred between 2021 and 2024. The absence of quality assurance mechanisms was attributed to the structure of the blanket purchase agreement (BPA) contract, which expires in August 2025—potentially creating an opportunity to establish more rigorous oversight in a renewed agreement.
Beyond contractual controls, a broader issue remains unresolved: the lack of data on the effectiveness of identity proofing itself. The GAO noted the IRS’s failure to gather or use performance data to assess how well the system detects fraud or handles false rejections. Given that the core mechanism—a facial recognition match between a selfie and ID photo—is known to vary significantly in accuracy and fairness, this is a serious oversight.
Subscriber content
Read the full article
Full access to ID & Secure Document News articles, newsletters and archives.