10 steps the IRS needs to take now to secure tax returns, fight fraud, identity theft

Rampant identity theft, tax fraud have severely tainted the tax system

10-steps-the-irs-needs-to-take-now-to-secure-tax-returns-fight-fraud-identity-theft
Credit: CSO

The digital, online world has left the Internal Revenue Service struggling to move forward.  

The key IRS advisory group, The Electronic Tax Administration Advisory Committee issued its annual state of the agency report this week that concluded: The erosion of the IRS tax system’s integrity from the proliferation of tax identity theft and inadequate levels of taxpayer service at the IRS caused by an antiquated customer service model that does not adequately apply digital service tools.

ETAAC’s wide-ranging report looked at all aspects of the IRS but for our purposes we’ll focus on what the group is recommending the revenue agency do to combat its worst threat – fraud and identity theft.

ETAAC recommends that the IRS examine large-scale changes to the tax system to combat these threats. One important change is a voluntary filer-registration process that would educate taxpayers and authenticate their identities, and provide the benefit of a streamlined refund process.

The IRS should make several changes to its existing information return requirements, technology systems and procedures that will improve data integrity and reduce the risk of fraud and identity theft.

+More on Network World: To fight $5.2B worth of identity theft IRS may need to change the way you file taxes, get refunds+

Congress should expand the IRS’ authority so it could question and adjust returns that do not match information returns. These changes would allow the IRS to identify mismatches earlier, increase taxpayer compliance, and minimize refund fraud and tax identity theft, the ETAAC wrote.

“Notwithstanding electronic filing, the IRS is still mired in a manual taxpayer service delivery model that relies on interactions using people, paper and phones to serve taxpayers. The IRS understands the need to move from the current model to create more efficient, scalable service and compliance delivery models for the taxpayers who prefer them. This approach is not only necessary to increase service and compliance levels at the IRS, but it is also what consumers are increasingly demanding of all service providers,” the ETAAC wrote.

Here is a look at what actions ETAAC recommends the IRS take to battle identity theft and fraud:

  • The IRS should provide a voluntary registration process for tax filers to authenticate their identities. For this recommendation, it’s valuable to start by examining how most financial service companies interact with their customers to conduct business and provide customer service. Financial service companies require their customers to register with them before conducting ongoing business. During the registration process, customers create an account and establish a relationship with their service provider. Online registration processes generally include two important elements: First, customers authenticate their identities. They get an account number and create security credentials, such as a user name, password, and additional security features to match their identity and appropriately authorize transactions.
  • The IRS should release refunds only after the IRS can reasonably verify taxpayers and their withholding. The IRS issues more than 90% of refunds in less than 21 days.The IRS does not receive Form W-2 data or other information return data until after the filing season begins, and does not compile all such data for several months thereafter. As a result, the IRS frequently receives information returns too late to match tax return wage data against employer wage data prior to issuing refunds. Industry analysts view this haste in issuing refunds as directly contributing to tax fraud and identity theft. In 2015, Congress took an initial step in this direction with a new provision in the Consolidated Appropriations Act, 2016 that allows the IRS to postpone until February15 paying refund claims that are based on the Earned Income Tax Credit. This change becomes effective for the 2017 filing season. However, this change will do little to combat refund fraud where thieves claim refunds based on false Form W-2 withholding. Some state tax authorities delayed refunds for the 2016 filing season, given concerns about tax fraud and identity theft. Illinois announced on January 4, 2016, that it did not anticipate issuing any refunds until March 1, 2016.The press release announcing the delay specifically stated that “the decision comes as fraud prevention efforts from last year’s tax season illustrate the positive impact that additional delays and scrutiny have had in combating tax return fraud and identity theft.” Hawaii’s Department of Taxation also indicated that it may delay certain refunds by as much as 16 weeks. Utah’s legislature passed a law prohibiting refunds before March 1, unless the employer and the employee had filed all required returns and forms by January 31.ETAAC recommends that the IRS adopt similar practices and delay refunds until it can reasonably verify taxpayers and their withholding. While there are positive and negative consequences of this plan, ETAAC views such a process as critical in guarding against fraud.
  • The IRS should require payers to collect a certified Taxpayer Identification Number (TIN) from all contractors receiving payments subject to Form 1099-MISC reporting for non-employee compensation.
  • The IRS should expand access to TIN-matching functionality beyond information returns where payments are subject to backup withholding. The significant benefits of TIN-matching for the IRS and taxpayers justify expanding access to all information-return filers. For the IRS, expanding access would mean improved data integrity and more efficient use of information returns to verify taxpayer returns and combat fraud.

+More on Network World: IRS: Top 10 2015 identity theft busts+

  • The IRS should remove barriers to adoption of TIN-matching functionality to facilitate increased use of the application. The IRS should review existing barriers to adoption for the TIN-matching system, including an overly cumbersome authentication scheme. The current TIN-matching registration process requires withholding agents to designate an employee to register for the service. That employee must provide personal information –including name, address, Social Security Number, and prior-year adjusted gross income, as reported on his or her individual tax return. Once the employee registers, it takes several days for the IRS to issue and mail the individual a personal identification number to finalize the registration process. The requirement that employees provide detailed personal information, such as adjusted gross income, is a considerable barrier to getting withholding agents to register for the TIN-matching system.
  • The IRS should add an indicator to Forms 1099 allowing payers to flag payments made to presumed U.S. persons subject to backup withholding, so as to exclude these information returns from B Notices. Under current regulations, payments made to undocumented individuals must be presumed to be made to U.S. persons. This generally means the payment is subject to 28% backup withholding and Form 1099 reporting.
  • The IRS should automatically issue penalty notices for all missing or incorrect TINs and require proof that the payee was TIN-matched as part of any reasonable cause rationale for penalty abatement. If a payer issues a Form 1099 or other information return statement with a missing U.S. TIN or an incorrect name-TIN combination, the IRS will issue a penalty under Section 6721 for failure to file a correct information return. Currently, this penalty is generally $260 per payee, with an annual cap of $3,178,500 per payer. TIN-matching is currently an optional service available within IRS e-Services. However, the IRS and practitioners strongly encourage payers to use the system to proactively identify and correct name-TIN mismatches that would otherwise slow the IRS matching process. Given the importance of data integrity in mitigating fraud and identity theft, the IRS should require proof of TIN-matching as part of any reasonable cause justification for penalty abatement –assuming that the IRS removes barriers to adoption.
  • Given recent regulatory changes, the IRS should ensure that information return filing systems can successfully accommodate increased filing volumes in reduced timeframes. The Protecting Americans from Tax Hikes (PATH) Act of 2015 accelerates the filing deadline for Forms W-2 and W-3, and Forms 1099-MISC reporting non-employee compensation. Starting in the 2017 filing season, these forms must be filed by January31.That deadline is accelerated by 30 days for paper filers and 60 days for electronic filers versus current requirements. This change will mean that the IRS will receive a significant amount of information earlier in the tax season; however, the IRS must be able to effectively consume this information to help prevent identity theft and refund fraud. Currently, while submissions to the Filing Information Returns Electronically (FIRE) system peak during March and April, they are somewhat dispersed through the filing season. The accelerated January 31 deadline will create a similar peak in January and February, much earlier in the filing season. For the IRS to effectively manage this concentrated volume during January, ETAAC recommends that the IRS open FIRE at least one week earlier. ETAAC recognizes that this tactic alone will not meet the accelerated demand and that the IRS will need to implement other technology improvements to process information statements.
  • The IRS should introduce a phased reduction of the threshold for mandatory electronic filing of Forms 1099-MISC from 250 forms to 20 forms. Electronic filing of third-party information reports is essential for the IRS to quickly process data to identify potential fraud. In 2014, payers electronically filed only 65.3% of Forms 1099-MISC. Currently, the IRS requires payers with more than 250 of a specific type of information return to file them electronically. A separate 250 threshold applies for amended information returns. Reducing this threshold to 20 returns would increase the IRS’ ability to detect fraud and enhance compliance through earlier matching, while being sensitive to the needs of small businesses lacking the necessary resources (either human or financial) to file electronically.
  • Congress should fund the IRS specifically to compile information returns in a manner that allows real-time matching of tax returns to information returns on file. Congress should also provide the IRS with the authority to question and correct returns that do not match information returns

Check out these other hot stories:

Security of “high-impact” federal systems not exactly rock-solid

DARPA wants to design an army of ultimate automated data scientists

Cisco platform lets IT rein-in disruptive data center operations, security, applications

Quick look: Cisco Tetration Analytics

FBI: Business e-mail scam losses top $3 billion, a 1,300% increase in since Jan.

NASA describes out of this world data glitch that almost finished its planet hunter

National Intelligence office wants to perfect the art of security deception

US intelligence unit to advance management of virtual desktop security, systems

Cisco: IP traffic will surpass the zettabyte level in 2016

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.