IRS works to improve its identity theft protections for tax season
The Internal Revenue Service is making progress on its efforts to combat stolen identity refund fraud, but the accuracy of its measurements of the identity theft problem needs to be better, according to a new government report.
The report, from the Treasury Inspector General for Tax Administration, found that the IRS’s strategies for improving the detection and prevention of identity theft have led to some big improvements. But as identity theft continues to evolve and cybercriminals find increasingly sophisticated ways to get around the IRS’s barriers, the IRS has begun to explore more initiatives to aid in its overall detection and prevention efforts. For example, the IRS has created a Security Summit in partnership with the tax software industry, major tax prep chains and state tax authorities. It has also done additional coding of W-2 and Wage and Tax Statement forms to help detect and stop identity theft.
TIGTA has seen some continuing reductions in the volume of undetected potentially fraudulent tax returns. For tax year 2013, TIGTA identified 568,329 undetected potentially fraudulent tax returns with tax refunds totaling more than $1.6 billion, a reduction of more than $523 million from the prior year. However, the false reporting of wages and withholding continues to make up the largest amount of undetected potentially fraudulent tax return refunds, at $1.3 billion. With the passage of legislation to accelerate the reporting of Forms W-2, TIGTA believes the IRS should be able to significantly reduce the number of these undetected returns.
However, TIGTA found the accuracy of the Identity Theft Taxonomy quantification for both protected and unprotected revenue could be improved. For example, the IRS’s estimate of protected revenue was overstated by nearly $2.4 billion. That was the result of an incorrect calculation of tax refunds associated with rejected electronically filed tax returns.
“Identity theft continues to have a significant impact on tax administration,” said TIGTA Inspector General J. Russell George in a statement. “As a result, the IRS must continue to evolve and explore other initiatives that will assist with its overall detection and prevention efforts.”
TIGTA recommended the IRS expand the use of its identity theft models to include all accelerated Forms W-2. The IRS should also develop a process to use leads it receives from state tax authorities, and it should update the taxonomy methodology it uses to quantify the amount of unprotected and protected revenue, TIGTA suggested.
The IRS agreed with TIGTA’s recommendations and said it has modified its Return Review Program to include all accelerated Forms W-2 it receives from the Social Security Administration for tax year 2016. The IRS has also put in place a process to use more data from state leads, and it has modified its methodology for handling rejected tax returns. In addition, the IRS has updated the taxonomy methodology it uses to remove duplications of tax returns. The IRS plans to revise the methodology even more to improve the accuracy of its estimates of unprotected identity theft.
“As part of our strategy for improving IDT detection, the IRS has partnered with industry, tax practitioners, and state governments in sharing information, improving communication, and jointly developing effective countermeasures to constantly changing threats,” wrote Kenneth Corbin, commissioner of the IRS’s Wage and Investment Division, in response to the report. “The Security Summit, a groundbreaking partnership, made great progress in 2016. As a result, we have implemented new safeguards leveraging cooperation with Summit partners, begun working with Summit partners to develop a framework for enhancing cybersecurity protections, and developed an ‘early warning’ system that will help industry, tax practitioner, and state partners quickly identify and share identity theft schemes. Also, the Security Summit partnership has worked to establish an Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC) that will be effective for the 2017 filing season and that will assist the members of the Security Summit in detecting and stopping IDT fraud.”