Background

The IRS eAuthentication system provides registration and login capabilities that protects mission critical taxpayer applications. The system uses knowledge-based authentication (KBA) as one method to prove the identity of someone registering to use an IRS application. In 2011, the IRS chose Equifax as the KBA provider for eAuthentication. STP’s engineers successfully integrated Equifax’s proprietary KBA service with eAuthentication’s proprietary commercial off-the-shelf (COTS) identity proofing software.

Challenge

In 2017, four members of the Chinese Military hacked Equifax’s KBA service, stealing sensitive data about 147 million Americans. Facing public backlash and strong political pressures, along with the risk of exposing tax data of 45% of the US population, the IRS had to act fast to replace the Equifax service.

The Solution

Six years before the Equifax breach, STP software engineers, working on a contract with CA Technologies, anticipated the need to quickly change KBA providers without the arduous task of reintegrating the new service with the highly proprietary COTS identity proofing implementation. To avoid future integration challenges, STP software engineers built a loosely coupled interface between the COTS system and Equifax. The custom-built interface that integrates the COTS system with Equifax allows the COTS system to function as designed regardless of who provides the KBA service. Within days of the IRS giving the green light to replace Equifax with Experien, STP’s software engineers integrated the new service and was ready for deployment. By foreseeing potential challenges, STP’s engineers put measures in place that gave the IRS the ability to react quickly, protecting Americans from what could have been the greatest breach in privacy in US history.

800k Purchased hours of STP expertise from Fortune 500 companies.

125m Worth of IRS invested services to build their most critical systems.

30m People have used systems that we built.