Tax Refund Fraud and Identity Theft – an Update | Citizens Against Government Waste

Tax Refund Fraud and Identity Theft – an Update

The WasteWatcher

April is the cruelest month for most taxpayers, but for a growing number of them, it is the months that follow that do the most damage. 

Those unlucky thousands are the victims of tax refund fraud, a process in which a thief acquires someone else’s social security number and address, files an early return, and has the refund direct deposited to a bank account or debit card, or sent to a mailbox.  According to a January 13, 2013 article in the Wall Street Journal, “tax fraud” has become “the third-largest theft of federal funds after Medicare/Medicaid and unemployment-insurance fraud.”  That sounds scary, and it is, but “tax fraud” must be differentiated from tax refund fraud as a result of identity theft.  An individual with half his income in a holding company on the Cayman Islands or huge donations to bogus charities may be perpetrating tax fraud, but neither requires any kind of identity theft.   

As Citizens Against Government Waste (CAGW) pointed out last year, the true amount of tax refund fraud as a result of identity theft, though inherently unknowable since so much goes undetected, is massive and growing.  The Treasury Inspector General for Tax Administration (TIGTA) J. Russell George has estimated that the Internal Revenue Service (IRS) could issue $26 billion in fraudulent refunds over the next five years.  Worse, the number of tax refund fraud cases handled by the IRS has increased 650 percent since 2008, and no one has even tried to account for the value lost to months of frustration and wasted time by legitimate tax filers who want to recover the refund they are owed.  The problem has grown large enough that there are entire websites, such as HackedbyTurboTax.com, dedicated to helping victims.

So it was with a certain morbid excitement that we at CAGW awaited this month’s hearing on tax refund fraud at the Senate Finance Committee, held just one day after the conclusion of the 2013 tax filing season on April 15.  That hearing revealed an IRS dealing with an impressive onslaught of scammers, and while the IRS claimed it had taken significant steps to brace itself, it also says it will require a great deal of help from Congress, other federal agencies, and the private sector if its defenses are not to be entirely overwhelmed.

Among those who testified at the hearing was Acting IRS Commissioner Steven Miller, who promised that his agency has not been sitting on its hands while tax refund fraud has skyrocketed.  Since the end of the 2012 filing season, the IRS says that it has more than doubled the number of employees it has working on tax refund fraud, an effort that allowed the agency to resolve more than 200,000 cases in 2013.  The IRS says it has also developed new filters to catch fraudulent tax returns at multiple stages of the return processing system.  One method is to place indicators on accounts that have been victimized by tax refund fraud in the past using Personal Identification Numbers (PINs). 

Anecdotally, however, the IRS does not seem to be making as much progress as they would have taxpayers believe.  A CNBC story published on April 3, 2013, highlighted the story of Priscilla Diggs-Costen, an accountant in Atlanta whose computer was stolen along with data files containing her clients’ social security numbers.  In an effort to block potential defrauders before they struck, Diggs-Costen and many of her clients tried to provide the IRS with a list of the social security numbers that had been compromised.  They were told that nothing could be done until the false returns had been filed.  According to CNBC, “identity thieves have become so sophisticated [that] some have been known to contact the IRS themselves posing as victims.”  Amazingly, even when the IRS has all the information it needs to protect certain accounts, it has not come up with a way to utilize its advantage.

Because the IRS issued its PINs in December, weeks before the Atlanta victims suspected they had anything to worry about, none of the victims had PINs.  The IRS insists that issuing PINs for each and every taxpayer would be “impractical,” and has yet to implement a security system that uses “out of wallet” questions like “What street did you grow up on?” or “What was the name of your first pet?” for identification verification, a practice commonly by banks and other security-sensitive institutions.  TIGTA has recommended the use of “out of wallet” questions not only when taxpayers are filing but also when they call or write to the IRS for help with a refund.    

For those cases of tax refund fraud that have slipped through the IRS’ security net, Acting Commissioner Miller stated that the average case takes an average of 180 days for the IRS to resolve.  That estimate was in direct contradiction to the testimony of United States Taxpayer Advocate Nina Olson (head of the Office of the Taxpayer Advocate, an independent office within the IRS), who delivered some sobering statistics of her own. 

Ms. Olson reviewed the findings of a 2012 TIGTA report that selected a sample of 17 cases of identity theft and found that the IRS needed an average of 414 days to resolve each case.  The IRS is quick to point out that it would prevent more tax refund fraud if it had more resources, by which it means more money, but clearly there is room for streamlining and better use of current IRS resources. 

On a more positive note, Ms. Olson acknowledged that the IRS’s identity theft filters have allowed the IRS to prevent more than 360,000 fraudulent returns through February 2013, an increase of 150 percent from that same interval in 2012.  By working with private-sector businesses, many of which do their own fraud prevention, the IRS has been alerted to thousands more potentially fraudulent transactions, a process that has led to the recovery of more than $109 million in 2013.  The catch?  The IRS had 1.25 million cases of tax refund fraud in its inventory at the end of February this year, compared to just 235,000 cases a year ago. 

With luck, the Finance Committee’s hearing will amount to more than well-timed tax season grandstanding.  Congress does not lack for legislative opportunities that could help curb identity theft refund fraud, but it must be willing to act. 

Senator Bill Nelson (D-Fla.) authored a bill that would, among other measures, make tax refund fraud a felony punishable by up to five years in prison, while creating a special numbering system for prepaid debit cards that could be tracked by the IRS, since many identity thieves arrange for fraudulent returns to be sent on prepaid debit cards.  Sen. Nelson’s bill would also keep the Social Security Administration’s Death Master File, a major source of useful information for identity thieves intent on stealing refunds, from becoming public until three years after a person’s death.  Rep. Sam Johnson (R-Texas) has proposed eliminating public disclosure of the Death Master File completely.

Reps. Richard Nugent (R-Fla.) and Kathy Castor (D-Fla.) have co-sponsored a bill that would also increase penalties for tax refund fraud while encouraging the IRS and local law enforcement officials to share more information on these cases. 

Each of these proposals has complex implications for taxpayers, businesses, and consumers, but something must be done.  In a world full of enterprising scam artists, Congress’s sluggishness makes taxpayers more vulnerable by the minute.     

- Luke Gelber