The Internal Revenue Service has been unable to get control of rampant identity theft this tax season, despite high-profile efforts to confront the problem with the help of private industry.
Yesterday the IRS warned it has seen a 400 percent increase in email phishing and malware incidents this tax season aimed at both taxpayers and tax professionals (see
Admittedly, the IRS has been making efforts to get a better handle on the problem in recent years. According to a
After tax season last year, the IRS convened a series of meetings it dubbed the “Security Summit,” partnering with state tax authorities, tax software companies, and major tax prep chains in an effort to collaborate on ways to better protect tax filings from identity thieves. They agreed on new standards for this tax season for logging onto all tax software products, including minimum password requirements, new security questions and standard lockout features. The software industry also agreed to provide more than 20 additional data elements from the tax return submission to the IRS and, in turn, to the states to help identity fraudulent returns. Plus, they agreed to information sharing on a weekly basis to help quickly identify and adjust to new and emerging tax-related fraud schemes, along with the launch of a new public awareness campaign aimed at reminding taxpayers to take steps to protect their own personal information.
However, the identity theft problem has continued to plague the IRS. This month, the IRS reported that it had detected and stopped an attack on another of its online services, the Electronic Filing PIN app, in which identity thieves tried to use hundreds of thousands of Social Security Numbers to access a personal identification number used by tax professionals to electronically file tax returns (see
Tax software companies have also been experiencing problems. Both TaxAct and TaxSlayer have needed to alert thousands of their customers to suspicious activity (see
Nationwide tax preparation chains have also found themselves running afoul of identity theft and tax fraud. Maryland and Michigan officials have shut down a number of Liberty Tax Service franchises after noticing questionable returns being filed from them (see
A security expert who monitors the underground forums frequented by identity thieves recently told Accounting Today he has seen few signs of a reduction in chatter, despite the IRS’s new safeguards (see
“Since it’s tax season again, we’re noticing again that they are focusing on defrauding the IRS and more specifically defrauding U.S. taxpayers and the services that they use to process their tax returns in order to basically fill prepaid cards and cash them out with the returns before the actual person is able to,” said SecurityScorecard chief research officer Alex Heid. “They do that using a series of prepaid cards that are set up with fake identities. They use the same information from the fake identities to file a tax return before the actual person does, and it usually requires the coordination of several individuals.”
Taxpayers are increasingly finding themselves in the position of having to file their tax returns earlier in the season in order to minimize the chances that a thief will be able to claim their tax refund before they can. Waiting until the deadline before filing a tax return can mean the tax refund simply won’t be there. The IRS needs to improve security, as do taxpayers and the tax industry, but one step they can take that’s sure to be beneficial is to stop support for depositing tax refunds on prepaid debit cards. While the debit cards are useful for taxpayers who lack bank accounts, they’re all too useful for the identity thieves who victimize legitimate taxpayers.
Do you think the IRS needs to be doing more to prevent identity theft?