Business identity theft still plaguing IRS

Register now

The Internal Revenue Service could be pursuing further action to reduce tax refund losses associated with business identity theft, according to a new report.

The report, from the Treasury Inspector General for Tax Administration, noted that identity theft affects not only individual taxpayers, but businesses as well, especially when criminals appropriate a business’s Employer Identification Number, or EIN.

TIGTA issued an earlier report on business identity theft three years ago. In response, the IRS created 25 business identity theft filters and three dynamic selection lists to identify potentially fraudulent returns. Last year, the filters identified 20,764 business returns that showed characteristics of identity theft, with the potential refunds associated with them totaling $2.2 billion.

However, TIGTA found that thousands of employment tax returns still aren’t being evaluated for potential identity theft. It identified 15,127 returns last year with refunds totaling more than $200 million that would have been flagged as potentially fraudulent if the current business ID theft filters included an evaluation of those types of tax returns.

TIGTA also found that only 220 out of 5,133 Employer Identification Numbers on the IRS’s Suspicious EIN Listing had the tax accounts associated with them locked. Even though the IRS issued internal guidelines requiring the locking of tax accounts associated with bogus or fictitious EINs after January 2017, the guidelines weren’t being followed consistently. The IRS removed 1,097 of the EINs from its Suspicious EIN Listing after doing a systemic analysis of filing and payment history. However, TIGTA’s more in-depth analysis identified characteristics indicating many of the EINs shouldn’t have been removed at all.

On top of that, some business identity theft cases weren’t always accurately processed by the IRS. A review of a sample of them found that 21 of the 91 cases TIGTA could review (that is, 23 percent of them) weren’t processed accurately. TIGTA estimates that 188 cases might have been inaccurately processed based on projections from that sample. The report also suggested the IRS should take action to protect tax refunds associated with confirmed business identity theft from being erroneously released. TIGTA found 872 tax returns identified by the IRS as identity theft returns in 2016 for which tax refunds totaling more than $61 million appeared to have been released by mistake.

TIGTA made 10 recommendations in the report to improve the identification of business identity theft. They include expanding the use of business identity theft filters to employment tax returns, reviewing and updating the Suspicious EIN Listing on a periodic basis, ensuring all EINs considered to be bogus or fictitious are locked, developing processes and procedures to ensure tax examiners accurately process the business identity theft cases, and developing processes to ensure that refunds associated with the identity theft tax returns from 2016 stay frozen.

The IRS agreed with eight of TIGTA’s recommendations and partially agreed with the other two. The IRS didn’t agree, though, that all of the accounts identified by TIGTA should be locked. It plans to lock accounts only when there are clear indications of ID theft fraud. It also believes the degree and the method of taxpayer contact should be determined on a case-by-case basis.

“The detection of business identity theft can be challenging in that it shares many characteristics of noncompliance or attempts to defraud by individuals with legitimate authorization to use the businesses’ information,” wrote Kenneth Corbin, commissioner of the IRS’s Wage and Investment Division, in response to the report. “Since 2015, we have improved and expanded our ability to detect both conventional fraud and identity theft fraud associated with the filing of business tax returns.”

For reprint and licensing requests for this article, click here.
Identity theft Identity theft protection Tax fraud IRS TIGTA