IRS Working on Taxpayer Authentication to Combat Identity Theft-Related Tax Fraud
The Internal Revenue Service recently created a group whose goal is to centralize several prior ad hoc efforts to authenticate taxpayers across its systems in an effort to combat identity theft-related tax fraud, but the IRS lacks a good estimate of the costs, benefits and risks, according to a new government report.
The report, from the Government Accountability Office, found that the IRS estimated it prevented $24.2 billion in fraudulent identity theft refunds in 2013, but it actually paid $5.8 billion that was later determined to be fraud.
Because of the difficulties in knowing the amount of undetected fraud, the actual amount could differ from these estimates, the GAO report noted. Identity theft-related tax refund fraud occurs when an identity thief uses a legitimate taxpayer's identifying information to file a fraudulent tax return and claims a refund.
The IRS’s fraud estimates met several best practices found in the GAO Cost Guide, such as documenting data sources and detailing calculations. However, the estimates do not reflect the uncertainty inherent in measuring identity theft-related tax refund fraud because they are presented as point estimates.
Best practices suggest that agencies assess the effects of assumptions and potential errors on estimates. Officials said they did not assess the estimates' level of uncertainty because of resource constraints and methodological challenges. Because making different assumptions could affect identity theft tax fraud estimates by billions of dollars, a point estimate (as opposed to, for example, a range) could lead to different decisions about allocating identity theft resources, the GAO noted. Reporting the uncertainty that is already known from an IRS analysis (and conducting further analyses when not cost prohibitive) might help the IRS communicate identity theft tax refund fraud's inherent complexity, the GAO pointed out in its report.
While the IRS's fraud estimates note the relevant cost assumptions used to develop estimates, they do not provide the rationale or analysis to support them. IRS officials told the GAO they did not document the rationale because of the time and resources required. Best practices suggest that agencies should document assumptions, the GAO pointed out. Given the evolving nature of identity theft-related tax refund fraud, documenting assumptions' rationale would help IRS management and policymakers determine whether the assumptions remain valid or need to be updated.
The IRS recently created a group to centralize several prior ad hoc efforts to authenticate taxpayers. The IRS’s planning documentation contains goals and short- and long-term priorities, including implementation plans. However, a commitment to cost, benefit and risk analysis is not documented in the group's short- and long-term priorities.
The draft planning documentation also makes no mention of where such analyses would be included in the IRS's priorities. Guidance from the Office of Management and Budget states that agencies should use cost-benefit analyses that consider alternatives to promote efficient resource allocation and that agencies should ensure that authentication processes provide the appropriate level of assurance by assessing risks.
Without analysis of costs, benefits and risks, the IRS and Congress will not have quantitative information that could inform decisions about whether and how much to invest in the various authentication options, according to the GAO. Cost, benefit and risk estimates for authentication would have the additional benefit of allowing comparisons with other options for combating identity theft-related tax refund fraud. Such options could have significant costs for both taxpayers and the IRS, so more information about the tradeoffs would help inform decision-making by both the IRS and Congress.
The GAO recommended that the IRS improve its fraud estimates by reporting the inherent imprecision and uncertainty of estimates, and documenting the underlying analysis justifying cost-influencing assumptions. In addition, the IRS should estimate and document the economic costs, benefits and risks of possible options for taxpayer authentication, the GAO suggested.
The IRS agreed with the GAO's recommendations.
“The IRS takes the threat of IDT [identity theft] refund fraud very seriously and is continually evaluating trends in IDT refund fraud and adjusting our processes to counteract new tactics employed by the identity thieves,” wrote IRS deputy commissioner for services and enforcement John M. Dalrymple in response to the report. “Our detection models have become more dynamic, permitting us to make adjustments to address emerging threats in a more timely manner than was possible in the past.”