Background
The IRS eAuthentication system provides registration and login capabilities that protects mission critical taxpayer applications. The system uses knowledge-based authentication (KBA) as one method to prove the identity of someone registering to use an IRS application. In 2011, the IRS chose Equifax as the KBA provider for eAuthentication. STP’s engineers successfully integrated Equifax’s proprietary KBA service with eAuthentication’s proprietary commercial off-the-shelf (COTS) identity proofing software.
Challenge
In 2017, four members of the Chinese Military hacked Equifax’s KBA service, stealing sensitive data about 147 million Americans. Facing public backlash and strong political pressures, along with the risk of exposing tax data of 45% of the US population, the IRS had to act fast to replace the Equifax service.