IRS Gets Better at Detecting Identity Theft

On the heels of a disclosure this week that identity thieves were able to access 104,000 tax returns through the Internal Revenue Service’s Get Transcript application, a new report finds that the IRS is improving its identification of fraudulent tax returns involving identity theft.

The report, from the Treasury Inspector General for Tax Administration, found that the IRS is getting better at preventing identity theft-related tax fraud, but pointed out that the extent of the IRS’s ability to stem this problem is still limited because it does not have access to third-party income and withholding information until well after tax return filing begins. The IRS is continuing to propose legislation to accelerate and expand its access to data that would further improve its detection efforts.

The new report follows up on an earlier TIGTA report from September 2013, with the objective of determining the effectiveness of the IRS’s ongoing efforts to detect and prevent identity theft at the time tax returns are processed.

TIGTA’s analysis of tax year 2012 tax returns identified 787,343 undetected potentially fraudulent tax returns with tax refunds totaling more than $2.1 billion that have the same characteristics as IRS-confirmed identity theft tax returns. In addition, TIGTA’s analysis continues to identify multiple tax returns with the same address and/or bank accounts that were not identified by the IRS’s cluster-filtering tool.

Individual Taxpayer Identification Numbers, or ITINs, continued to be used to file potentially fraudulent tax returns. TIGTA identified more than 140,00 tax year 2012 tax returns filed by individuals using an ITIN that had the same characteristics as IRS-confirmed identity theft tax returns. These tax returns resulted in the issuance of approximately $375 million in potentially fraudulent tax refunds.

J. Russell George, the Treasury Inspector General for Tax Administration, noted that the IRS recognizes that new identity theft patterns are constantly evolving and the IRS needs to continue to adapt its detection and prevention processes. “Undetected tax refund fraud results in significant federal outlays and erodes taxpayer confidence in the federal tax system,” he said in a statement.

George is scheduled to testify before the Senate Finance Committee next Tuesday on the security breach in the Get Transcript application, alongside IRS Commissioner John Koskinen, who disclosed that criminals had accessed more than 100,000 tax returns (see IRS Detects Massive Data Breach in ‘Get Transcript’ Application and Senator Prods IRS for More Info on Massive Data Breach).

TIGTA recommended that the IRS continue to evaluate clustering filters to ensure that they properly identify tax returns with multiple uses of addresses and/or bank accounts. The IRS should also expand identity theft filters to address filing patterns that may indicate that a tax return is related to identity theft, TIGTA recommended, and outline specific actions and time frames for implementation of a process to deactivate ITINs assigned prior to Jan. 1, 2013, including ITINs assigned to individuals who are now deceased.

The IRS agreed with TIGTA’s recommendations and plans to continue evaluating identity theft-related fraud trends and review fraud filter performance to improve its clustering process. The IRS also plans to develop an action plan to deactivate ITINS.

“As the report shows, the IRS has made significant progress in recent years in our ability to detect and stop IDT-related refund fraud,” wrote Debra Holland, commissioner of the IRS’s Wage and Investment Division, in response to the report. “The 2013 filing season, during which tax year 2012 returns were received and processed, was a period many of our initial improvements to detection tools and processes were implemented. For the 2013 filing season, existing fraud filters were updated and refined, based on observations of their performance in prior years, and a substantial number of new filters were added to address the ever-evolving nature of IDT fraud.”

However, the hackers involved in the Get Transcript identity thefts purportedly were able to overcome those filters by using information they had garnered from social media and other sources to be able to enter enough information to give them access to approximately 104,000 taxpayers’ prior tax returns. The identity thefts reportedly originated with an organized crime ring in Russia, according to CNN.

What Tax Preparers Can Do
Bill Smith, managing director at CBIZ MHM and leader of the firm’s National Tax Practice Group, said his firm has been trying to get the word out to clients about identity theft. “The typical scenario is getting their e-filed return bounced because another return has already been filed,” he told Accounting Today. “The IRS is saying on their Web site that they’ve beefed up their identity theft resources, and they’ve blocked tons of fraudulent refund claims through October of 2014.”

The IRS is supposed to begin sending out letters to taxpayers who have been affected by the data breach.

“We don’t know who’s been affected yet until the letters start arriving,” said Smith. “They’re supposed to be sending out letters telling people that they’ve been targeted and then offering them free credit monitoring. But otherwise we don’t know, and we’re already through the first busy season. We’re not attempting to file a lot of returns on extension right now so we’re not seeing anything bounce right now as a result. It gives the crooks a little more breathing room to do more damage. I doubt if we’ll see an uptick before the letters start arriving. I think most taxpayers are going to find out about it through the letters.”

He suspects the identity thieves could be planning to file using the information they have garnered for the 2015 tax year next tax season. Smith pointed to National Taxpayer Advocate Nina Olson’s report criticizing how the IRS has been handling victims of identity theft in terms of how long it’s taking to close cases, and how taxpayers get their cases transferred from place to place within the IRS. “They have to repeat the same information over and over, so it’s a big headache for the Service,” he said.

Smith pointed out that the IRS has been dealing with a series of budget cuts in recent years at the hands of Congress. “Identity theft alone is going to require significantly more resources than they currently have to deal with it,” he said. “It’s going to expand in orders of magnitude.”

The hackers apparently made use of data-mining and analysis technology to find information that could be entered into the IRS's Get Transcript app and get past the IRS's filters. "This one seemed particularly sophisticated to me because they’re not getting the source information from the IRS," said Smith. "They’re getting the information from other hacks, doing things like scraping social media. They can garner enough information to go in and get transcripts, and answer all the questions correctly to allow them in. Then they’re just accessing the transcripts to get information that makes it look like they’re not anomalous with prior-year information. It’s a frightening prospect that they can handle this kind of major data compilation. What’s to stop them from doing it on bank accounts or any of the other systems we use in daily life where we’re asked a series of questions? You can probably get more cash from the federal government than you can get out of a personal bank account, so it makes refund claims a better target. If you can generate $50 million in refund claims, I guess it gives you the cash you need for capital investment."

IRS Response
An IRS spokesman emailed a further response to the TIGTA report Thursday to Accounting Today beyond the one from Debra Holland included in the report. “Identity theft is one of the most serious threats our tax system faces, and the IRS continues to add and strengthen protections in our processing systems to protect the nation's taxpayers,” said the IRS statement. “Much more work remains, but it’s important to note that our actions have led to an increasing number of fraudulent returns being detected and stopped—despite challenging budgets in recent years.

“The 2013 filing season reviewed by TIGTA was a period when many of our initial improvements to detection tools and processes were being put in place, including numerous system filter refinements to protect against refund fraud and identity theft,” said the IRS. “We have made significant progress since that time, and we are glad to see that TIGTA’s review reflected this first wave of improvements. 

“However, we remain concerned with some of the figures used by TIGTA,” the IRS continued. “For example, we believe that 54 percent of their pool of more than 787,000 returns should not be considered undetected fraud, which affects the projected loss estimates. Several years ago, TIGTA projected substantial fraud losses over five years, but we have not realized these numbers in such magnitude and believe the five-year estimate they made will be significantly less than originally projected.

“We catch more refund fraud on the front end before the legitimate taxpayer even files, and as such, the IRS has improved our ability to help victims and potential victims as they go through the process,” the IRS added. “We closely monitor incoming tax returns, watching for fraud indicators and adjusting our systems as necessary.

“Starting this past January, the IRS limited the number of direct deposit refunds to a single financial account or pre-paid debit card to three—limiting the number of electronic deposits a fraudster can make,” the IRS statement continued. ”We partner with financial institutions and law enforcement agencies to leverage information obtained to address this crime. And we continue to work and refine our process for identifying ITINs used for fraudulent purposes and deactivating them.

“In addition to adequate funding, there are a number of legislative proposals in the Administration’s FY 2016 Budget request that would also assist the IRS in its efforts to combat identity theft, including accelerating information return filing dates,” the IRS added. “Under current law, most information returns, including Forms 1099 and 1098, must be filed with the IRS by February 28 of the year following the year for which the information is being reported, while Form W-2 must be filed with the Social Security Administration (SSA) by the last day of February. The due date for filing information returns with the IRS or SSA is generally extended until March 31 if the returns are filed electronically. The budget proposal would require these information returns to be filed earlier, which would assist the IRS in identifying fraudulent returns and reduce refund fraud related to identity theft.

“Preventing and detecting identity theft and refund fraud remains a top priority for the IRS,” the IRS statement concluded. “Recent events only underscore the need to make even more improvements and further strengthen our systems."

For reprint and licensing requests for this article, click here.