A Hoosier state lesson in fraud prevention

Improper payments perennially bedevil the federal government. Most of them come out of the Internal Revenue Service and the Centers for Medicare and Medicaid Services (CMS). The IRS sends out billions of dollars worth of fraudulently obtained refunds and payments for people wrongly claiming the earned income tax credit. CMS claims around 15 percent of the $700 billion or so it sends out are to fraudulent claims.

Identity theft for purposes of obtaining government benefits is a growing national scandal. To their credit, federal agencies are working hard on it. Both CMS and IRS have analytics programs and other measures in place to try and flag bad claims before money goes out. The IRS says it avoided $50 million in fraud refunds, but some $7 billion got away.

The problem might be overwhelming. CMS from time to time busts up rings of fraudsters, but it’s like the proverbial whack-a-mole, especially when the bad guys are in Estonia or a gang that can melt away when the cops show up. And there’s no dearth of Jeremiad types out there reminding law enforcement, attorneys general and tax commissioners at all levels of government just how bad it’s getting. Case in point: Frank Abagnale, of former “Catch Me If You Can” fame, who seems to be everywhere and in every medium, such as this interview with City and State.

I recently caught up with Bob Dittmer, the deputy commissioner for the Indiana Department of Revenue. He says a couple of years ago, the department noticed it had received 100,000 more returns that it had a year before. The population of taxpayers didn’t grow, so a little investigation showed the state was receiving, and about to pay refunds on, a wave of phony returns. The same problem the IRS has. People use stolen identities, make up a return, and file for refunds. It’s stupidly simple.

Criminals throughout the world know about and participate in a vast, dark, online marketplace of ID elements — names, dates of birth, Social Security numbers of course, credit card numbers and so on. The wonder is everyone hasn’t had his or her identity stolen. Actually, we probably all have. But not all of them have been sold for profitable exploitation.

Dittmer explains that Indiana now takes every return and runs it though a search operated by a database contractor that compares the taxpayer information with hundreds of other databases the state itself doesn’t have. Indiana uses Lexis-Nexis. Long story short, the state avoided $80 million in what the feds would call improper payments two years ago, and $15 million last year. Why the drop? Dittmer says it’s because the fraudsters have moved on to riper pastures and the state is simply getting fewer attempted fraud returns.

For questionable returns, taxpayers receive a letter asking then to go online and answer a quiz with questions only the individual could answer, such as the make and model of a car she bought four years ago. Or which of three magazines they subscribe to.

Dittmer says it’s a never-ending cat-and-mouse game against what is essentially a worldwide network of organized crime.

The answer will eventually be a new definition of what constitutes an identity. It won’t be just name, date of birth, and SSN. Today, that’s all a hacker needs to steal or create an identity and use it to defraud governments and companies, to say nothing of the victims. The Commerce Department’s National Strategy for Trusted Identities in Cyberspace is making progress on this front with its pilot projects and workshops. In the meantime, revenue agencies need to take steps to keep the trust of taxpayers. Indiana is a good model.

More commentary from Tom Temin


Sign up for breaking news alerts