Software used to file tax returns may never be foolproof against identity theft — but the Internal Revenue Service and states are making significant progress with help from industry groups to fight back harder than ever.
A Feb. 7 audit report from the Treasury Inspector General for Tax Administration (TIGTA) showed a significant reduction in undetected fraudulent tax returns. TIGTA praised the IRS’ prevention efforts, including its security summit. Auditors also offered suggestions for more improvements the agency could make to further reduce the risk.
Using data from 2013, TIGTA found more than 568,000 undetected and potentially fraudulent tax returns with funds totaling more than $1.6 billion. This was a reduction of more than $523 million from the year before.
The IRS provided more recent numbers in November 2016 showing a 50 percent cut in the number of fraudulent tax returns that made it into the agency’s processing system, saving more than $4 billion. The agency also expanded the W-2 form verification code initiative from 2 million to 50 million forms.
“Each aspect of the data related to the return, but not the return itself, can be interesting in terms of that activity,” Steve Ryan, an attorney with the law firm McDermott Will and EmeryFederal Drive with Tom Temin. “The IRS and DoJ want the metadata from each return so they can look at that as well. All of that is non-return data; in other words, it’s not looking at your income.”
The largest amount of undetected and potentially fraudulent tax return funds still results from false reporting of wages and withholding, costing the government around $1.3 billion per year, the TIGTA report said.
Looking closely at the metadata will help the agency look more thoroughly at potential risk factors. The IRS will further bolster this approach through its creation of the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC), which is slated to open sometime in 2017.
“There are other ISACs in government, but this one is really focused in on trying to limit identity theft and stemming the flow of bad refunds out of IRS and the states,” said Ryan, a partner with McDermott, Scott and Emery. “If someone fills out a return in a minute and a half, it’s probably a machine. There’s no single data point that tells you a return is bad, but there are algorithms that industry, IRS and states use to try and figure out which are fraudulent.”
Criminals at one point targeted mainly federal refunds because it was a significantly larger amount of money, but that is no longer the norm. Identity thieves are now targeting state returns as well, which amplifies the need for a comprehensive system across the board to protect both state and federal refunds, Ryan said.
The IRS doesn’t share what goes on behind its firewall, but industry groups can pick up on suspicious activity. When a potentially bad return is detected, industry and state department of revenues will send information to the IRS.
The ISAC will analyze leads and determine how successful the IRS, industry and states are in detecting and preventing fraud, and then will feed that information back to them. So far, the partnership between the agencies and industry have produced positive results.
“There’s never going to be a silver bullet,” Ryan said. “But (Commissioner John) Koskinen’s work in creating a bridge between the IRS, industry and state DORs that didn’t really exist before is quite an accomplishment.”
Identity theft in the tax area occurs when an individual uses the information of another taxpayer paired with their identification number to file a fraudulent tax return. Sometimes those bad returns get through and the money has to be clawed back from the financial institutions where returns were deposited —the goal is to prevent this altogether.
“Industry does not police tax returns, we are not law enforcement officers, but the IRS and state DoRs are law enforcement officers and have a sworn duty to ferret out this stuff,” Ryan said. “Industry is cooperating where it is appropriate to do so.”
TIGTA recommended in its audit report that the IRS expand its identity theft models to include all accelerated W-2 forms, develop a process to use state-lead data and update the Identity Theft Taxonomy methodology used to quantify unprotected and protected revenue.