IRS needs bigger weapons to fight exploding identity theft-related tax refund fraud schemes

GAO report says there were 642,000 incidents of identity theft that impacted tax refunds in 2012 alone

There is a battle going on between what seems to be an army of fraudsters bent on using stolen identities to steal tax refunds and the Internal Revenue Service which has weapons to fight the problems but is obviously overwhelmed.

As of September 30, 2012, the IRS had identified almost 642,000 incidents of identity theft that impacted tax administration in 2012 alone, an almost three-fold increase over 2011 and a rate almost six times (47,730 incidents) that of 2008 when the fraud was initially tracked, according to a Government Accountability Office report out this week.

RELATED: IRS: Top 10 things every taxpayer should know about identity theft

IRS officials told the GAO that one of the challenges they face in combating identity fraud is its changing nature of the crime and how it is concealed. For example, IRS officials described several areas where the extent and nature of identity theft is unknown.

  • Total number and cost of fraudulent returns. IRS does not know the full extent of the occurrence of identity theft. Officials said that they count the refund fraud cases that IRS identifies but that they do not estimate the number of identity theft cases that go undetected.
  • Identity of the thieves. Unless IRS pursues a criminal investigation, IRS generally does not know the real identity of the thieves.
  • Whether a fraudulent return is an individual attempt or part of a broader scheme. Identifying new schemes or significant cases, such as one thief using numerous taxpayer identities, depends on analysts noticing patterns or other indications that a few cases may be part of a larger scheme. As a result, some schemes or cases involving multiple taxpayers may go undetected.
  • Characteristics of known identity theft returns. IRS officials told us that the agency does not systematically track characteristics of known identity theft returns, including the type of return preparation (paid preparer or software), whether the return is filed electronically or on paper, or how the individual claimed a refund (check, direct deposit, or debit card).
  • IRS captures data on the amount of money it recovers from all types of fraudulent returns, but it does not distinguish whether the type of fraud was identity theft or some other type of fraud. In some cases, external entities, such as banks or other agencies, may notify IRS of potential refund fraud, including suspected identity theft-based refund fraud. IRS reported it had received information from 116 banks and external leads on more than 193,000 accounts between January 1 and September 30, 2012, for all types of refund fraud. IRS reported that banks and other external entities returned almost $754 million dollars during this period.

Another challenge is prosecuting confirmed identity thieves.  While the number of cases has obviously grown, the prosecution of these thieves has not even scratched the surface.  For example according to the GAO, only 898 cases in 2012 have had formal criminal investigations been instigated.  The IRS typically only goes after "the most egregious and significant identity theft cases, as measured by volume and refund amounts," the GAO stated. 

MORE: IRS warns of Dirty Dozen 2012 tax scams

An audit of the IRS this past summer found that the agency stands to lose as much as US$21 billion in revenue over the next five years due to identity theft.  The Treasury Inspector General for Tax Administration (TIGTA), which is part of the US Treasury.  According to an IDG News Service story, TIGTA stated at the time that the IRS did not agree with the $21 billion figure, but wrote that the figure does include estimated savings from new fraud control filters. Without new controls, TIGTA estimated losses of $26 billion.  Part of problem is that the IRS is not gathering enough data about fraud trends, such as how a return was filed, income information from W-2 forms, the amount of refunds and where those refunds were sent, TIGTA said.  "We found that $8.1 million in potentially fraudulent tax refunds involved tax returns filed from one of five addresses," the audit said.

For its part the IRS has taken a number of steps to combat the problem.  For example, the GAO notes the IRS developed new filtering processes in 2012 to detect identity theft based on the characteristics of incoming tax returns that do not rely on a duplicate filing or self-identification by filers. "Identity theft indicators-also known as account flags-are a key tool used to resolve and detect identity theft. Identity theft indicators speed resolution by making a taxpayer's identity theft problems visible to all IRS personnel with account access. In some cases, IRS uses its identity theft indicators to screen tax returns filed in the names of known identity theft victims. If a return fails the screening, it is subject to additional IRS manual review, including contacting employers to verify that the income reported on the tax return was legitimate."

The IRS uses the Identity Protection Personal Identification Number (IP PIN)-a single-use identification number sent to victims of identity theft that have validated their identities with IRS-to prevent refund fraud, the GAO stated. 

According to the GAO, when screening returns for possible identity theft, IRS excludes returns with an IP PIN, which helps avoid the possibility of a "false positive" and a delayed tax refund. If a taxpayer was issued an IP PIN and does not use it when filing electronically, IRS rejects the electronically filed return and prompts the taxpayer to file on paper. Taxpayers that do not use an IP PIN or enter an incorrect IP PIN filing on paper experience processing delays as IRS verifies the taxpayers' identity. As of June 30th, IRS reported providing more than 251,500 IP PINs to taxpayers in 2012 and of those, 150,506 taxpayers filed using an IP PIN. Of filers that filed using an IP PIN, 8.6% (12,936) used an invalid IP PIN. IRS officials told us their review of a sample of these cases found that the majority of the invalid IP PINs were due to transposition or keying errors. Details on other IRS actions can be found in our previous reports.

IRS also developed the internal Refund Fraud and Identity Theft Global Report in July 2012 to consolidate and track existing information about identity theft incidents from multiple sources within IRS. IRS officials said that the information in the report is not new, but that they saw the need for consistency in identity theft-related information drawn from several data sources, the GAO noted.

Other steps taken in 2012 include temporarily reallocating hundreds of staff from other business units to resolve duplicate filing cases and issue refunds to legitimate taxpayers. Officials in IRS's accounts management function told the GAO that in October 2012 there were more than 1,700 staff working to resolve identity theft cases.

The IRS has also stated that in 2011, it identified and prevented stopped over $14 billion in fraudulent returns, of which identity theft is a subset.  From 2008 through the middle of 2012, the IRS said it identified more than 600,000 taxpayers who have been affected by identity theft. With respect to these taxpayers, during 2011 the IRS protected $1.4 billion in refunds from being erroneously sent to identity thieves. Through mid-April 2012, the IRS had stopped over 325,000 questionable returns with $1.75 billion in claimed refunds using filters specifically targeting refund fraud.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

DEA issues extortion scam warning involving Internet drug buys

Sandia Lab celebrates original "Mr. Clean" the clean room inventor

Cyber Monday bust: US law enforcement joins in world-wide seizure of 132 domain names

NASA paint kills that new car smell, saves satellites too

DARPA wants army of networked amateur astronomers to watch sky for space junk

NASA fires-up experimental space Internet for robot control

Astronomers find Super Earth that could support life - 42 light years away

US Navy outfits destroyers with potential $30 million worth of Gigabit Ethernet

DARPA seeks smart camera would blend visible, infrared images into a single shot

NASA shifts vital computer tasks onboard long-running Mars Odyssey satellite

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022