More than 640,000 taxpayers were affected by identity theft last year, up from 270,500 in 2010, according to the Treasury Inspector General for Tax Administration, and taxpayers whose identities are stolen receive confusing and conflicting instructions from the IRS.
Tax-related ID theft can take several forms, noted Raul Vargas, manager of fraud operations for IDTheft911, which works with major insurance and financial institutions. "Historically, people have committed fraud for years, by taking a legitimate tax refund that has all of the taxpayer's accurate information on it, and redirecting the funds from the return to a fraudulent account," he said. "In the past this was a fairly small operation, but it's gotten a lot larger lately. They can either take a legitimate return and redirect the funds, or file a completely fictitious return where only the name and SSN are accurate, but the actual taxpayer has no knowledge of the return."
The next step in the process was when e-filing became popular and easy to do, around the 2009 filing season, Vargas indicated. "There was a large increase in two different types of strategies that fraudsters used. The first was to set up bogus brick-and-mortar tax filing locations, and give them a name of one of the widespread franchises services," he said. "These locations would pop up and then disappear just as quickly. They would save peoples' returns and file them in one large batch, with a bogus account. On the day they filed, they would know the payout schedule and have all the funds directed to the same account on the same payout day, and then disappear."
The fraudsters also developed online Web sites that appeared to be legitimate tax sites for companies such as H&R Block or Jackson Hewitt, said Vargas. "They use these to gather legitimate information and then file returns and redirect refunds to the fraudster's account," he said.
THE REACTION
The IRS has been attacking the problem, but ID theft has grown exponentially each year, according to Vargas. "They are making an attempt to improve the experience of taxpayers who are victims," he observed. "They have created IRS Form 14039, Identity Theft Affidavit, and are trying to rectify situations more quickly and with less hoops to jump through for the victims. But the IRS has always been a tax season or two behind the problem."
While Form 14039 was a step in the right direction, it's not perfect, he observed. "They are attempting to use the same form for multiple issues. The form was their solution to anyone having any type of identity theft issue. The way it is designed, a person who lost their tax documents, has no fraud, and simply wants to notify the IRS, completes the same form and sends it to the same location as someone who has had repeated identity theft on personal W-2 tax returns or a business owner whose TIN has been used fraudulently."
Unfortunately, Vargas indicated, despite increased attention, IRS response time has actually decreased. "Victims are currently waiting 204 days to hear back on their initial claim," he said. "That's not the time it takes to resolve the claim, that's the time it takes for the IRS to acknowledge that they received your claim. ... ID theft grew so exponentially that they're [too] understaffed to handle it."
A May 2012 TIGTA report found that taxpayers whose identities are stolen receive confusing and conflicting instructions from the IRS, and delays of sometimes longer than a year to resolve their tax problems. The report noted that identity theft guidelines and procedures are dispersed among 38 different Internal Revenue Manual sections. The guidelines are inconsistent and conflicting, and not all functions have guidelines on handling identity theft issues. Moreover, the IRS makes little use of the data from the ID theft cases to identify any trends that could be used to detect or prevent future refund fraud.
The IRS agreed with all of TIGTA's recommendations, and said that it will establish a governance structure to oversee its ID theft initiatives. It also plans to expand its identity theft indicator codes identifying claims of identity theft, and will review its suite of identity theft letters and update its guidance instructing employees to notify taxpayers acknowledging receipt of documentation.
"The IRS is in a tough position because they want to make filing taxes and receiving a refund as easy as possible," Vargas observed. "They made the process streamlined and simple, but they didn't build a lot of checks and balances because that would slow down the process, and therefore it's easy to exploit."
ON THE GROUND
"We had a number of cases that we couldn't e-file because the Social Security number had already been filed on a return," said Linda de Marlor, president of Rockville, Md.-based Tax-Masters. "We are working now on the case of a widow whose husband's Social Security number was stolen a week after he died. The IRS has told us that she must now do paper filing for the next three years. It will take many months to sort out her federal and state refunds, since the perpetrator has already filed false refund requests."
Meanwhile, there are steps both preparers and taxpayers can take to avoid ID theft leading to tax fraud, according to Michelle Cacdac-Jones, spokesperson for credit reporting and monitoring service Equifax. "If a taxpayer's refund is stolen, other things could be going on as well," she observed. "Thieves focus on tax returns because there could be large amounts of money involved. The only way you know is when it's time to file your return, and it's already been filed."
