Why the IRS Can't Stop ID Theft

WHY THE IRS CAN’T STOP ID THEFT

The “Crime of the 21^st Century” is Unstoppable

By Daniel J. Pilla

Identify theft has turned into a monster for the IRS. It has been identified as a problem for the agency since 2004 but has since grown into a beast. The number of ID theft cases handled by the IRS is growing at an alarming rate. For example, the number of cases reported to the IRS’s Identity Protection Specialized Unit increased by 78 percent in just one year, from 2011 to 2012. And the Taxpayer Advocate Service (TAS) saw an increase in its ID theft cases of 60 percent during that same period. However, since 2008, the number of ID cases reported to TAS increased by more than 650 percent. National Taxpayer Advocate (NTA), 2012 Annual Report to Congress, p. 43.

The Treasury Inspector General for Tax Administration (TIGTA) calls ID theft an “epidemic” facing taxpayers. In 2013, the head of TIGTA testified during a Senate Committee hearing that ID theft scams “have become so prevalent that they are being called the ‘crime of the 21st century’.” Testimony of J. Russell George, TIGTA, April 10, 2013, p. 1.

In that same testimony, it was reported that the IRS identified 1.8 million ID theft cases in 2012 and another 1.6 million potential cases. Based upon the growth of this crime, the IRS could issue up to $21 billion in fraudulent tax refunds over the next five years. The IRS itself described identity theft as the number one tax scam for 2013. See:  IRS Press Release, IR-2013-33 (March 26, 2013).

How IRS-related ID Theft Works

The “why” of ID theft is very simple. Criminals are able to obtain the refunds of honest citizens by filing bogus tax returns before the taxpayer files his own correct return. The check is cashed and the money is gone before the taxpayer (or the IRS) knows what hit him. Often, senior citizens are targeted because they are likely not required to file returns and therefore, might not realize their IDs were used to steal a fraudulent refund from the IRS.

The “how” of ID theft is a bit more complicated. To pull off the caper, the thief needs a victim’s name and Social Security Number. The thief then files a tax return under that name and SSN. The return reports false income and wage withholding, and claims various credits. The credits usually include the Earned Income Tax Credit, the Additional Child Tax Credit and the American Opportunity Tax Credit. Because these are “refundable” credits, a person claiming these on his tax return will actually get more money back from the IRS then was paid through wage withholding in the first place.

The thief also dummies up a false W-2 to support the claimed withholding. Between the claimed withholding and the bogus refundable credits, the thief can potentially recover thousands of dollars per fraudulent return filed. The bogus refund is mailed to a PO Box which was set up the by thief. But thieves often don’t even bother with refund checks. IRS refunds can be direct deposited to a bank account or even directly to a debit card, which can then be used for every purchase imaginable. According to TIGTA testimony, of the approximately 1.5 million tax returns identified as bogus in 2010, 1.2 million (82 percent) involved the use of direct deposit to get tax refunds totaling approximately $4.5 billion. “One bank account received 590 direct deposits totaling over $900,000.” TIGTA, p. 7. One has to wonder why IRS systems were unable to detect that multiple refunds were going to the same back account.

Because the bogus returns are usually filed early in the filing season, the thief often beats two important events: a) the filing by the taxpayer of his correct return, and b) the input and assimilation by the IRS of the correct W-2 information. That is to say, the thief does an end run around the two key factors that might alert the IRS that a bogus return was filed. The likelihood of a thief getting away with the refund is heightened when the tax return is e-filed because of the speed of processing the returns. About 91 percent of ID theft returns are e-filed.

If the individual whose SSN was used in the scam was not required to file a return in the first place, he may never know his SSN was swiped unless and until the IRS questions the return. However, if the victim files his own return based upon his correct income and expenses, the IRS treats that as a duplicate return. The agency then holds the claimed refund until the citizen’s identify can be confirmed. This starts the arduous process of navigating the IRS’s labyrinth to release the correct refund and clear up the compromised account.

Matters can be much worse if the victim finds himself in the midst of an audit or collection situation involving the bogus return. In that case, an honest taxpayer might even face wage and bank levies in the IRS’s effort to recover the refund associated with the bogus return.

IRS Can’t Stop ID Theft

All that is necessary for an ID thief to be successful with the IRS is to have the victim’s name and SSN, and in turn, as stated above, file the return early in the filing cycle to be beat both the taxpayer’s actual return and the assimilation by the IRS of the correct W-2 information.

It has proven to be an easy matter to get the names and SSNs of honest citizens. The IRS itself—indeed the nature of the tax system—is responsible for this fact. American businesses are forced to file billions (that’s with a B) of information returns with the IRS every year. In 2015, there will be in excess of 2.1 billion such returns filed. These include Forms W-2 and 1099. Each form contains a taxpayer’s name and SSN, along with his address and the details of what he was paid and by whom. This data is transmitted both through the U.S. Postal Service and via e-mail.

ID thieves know that the U.S. mails are loaded with information returns beginning the last week of January, as all information returns must be delivered to taxpayers by January 31. Even beyond the U.S. mails, we all know that computer systems get hacked all the time. Untold millions of citizens are victimized by various e-mail scams that lead to giving up their private financial data or intercepting electronically transmitted financial information.

Even security-conscience corporations are not immune to being hacked. We all know about Target and Home Depot’s systems being compromised. We know that Sony was hacked. And we know that even Turbo Tax itself was hacked. The irony with that Intuit, which owns Turbo Tax, is a Microsoft company. If they can’t stop hackers, who can? Electronic systems that store personal financial data are not safe. And they can never be 100 percent safe because, since man built it, man can beat it.

And while all this is happening right under the nose of the IRS, the agency demands even more annual information reporting. As I write at length in my book, How to Win Your Tax Audit, the IRS is increasingly a “data driven agency.” The IRS’s mantra is “Where there is information, there is compliance.” For these reasons, the IRS believes that there is never enough third-party information available to it, and certainly no such thing as too much. See: How to Win Your Tax Audit, chapter 2.

This is why the agency continues to push Congress year after year for more and broader third party reporting. The information goal is for or the IRS to know everything you do, including when and how you do it. Until the scope of the IRS’s knowledge about your private life is ubiquitous, the agency’s lust for information will never be satisfied.

How can Congress and the IRS possibly believe that ID theft can be controlled, never mind abated, when this blizzard of financial data reporting goes on non-stop, year after year, and in fact, the intensity and volume of the reporting only increases?

The Front-end Tax System

The IRS believes a key step in eliminating tax-related ID theft is to push harder for the so-called Front-end Tax System. I discuss this at length in How to Win Your Tax Audit. Under this system, the IRS knows so much about you in advance that you can actually be taken out the return preparation loop entirely. This requires not only that more information be provided by third parties, but that the information is filed much faster so IRS can get the data processed and assimilated before the filing cycle even begins.

Insofar as this relates to battling ID theft, the TIGTA chief testified as follows:

Access to third-party income and withholding information at the time tax returns are processed is the single most important tool the IRS could use to detect and prevent tax fraud-related identity theft resulting from the reporting of false income and withholding. Third-party reporting information would enable the IRS to identify the income as false and prevent the issuance of a fraudulent tax refund. However, most of this information is not available until well after taxpayers begin filing their returns. TIGTA, p. 6

Ironically, it is this very information that enables ID thieves to be successful in the first place. If not for the uninterrupted river of data flowing into the IRS every year—providing billions of bytes of data that make ID thieves salivate—there would not be tens of billions of dollars stolen from the federal government annually.

As it is, the IRS must expend additional resources to deal with this problem, including:

• Adding more employees to manage ID theft prevention and resolution issues,
• Developing computer programs and filters to limit the capacity of ID thieves to hack the system,
• Creating computer programs to cross-check data with other federal agencies such as the Social Security Administration,
• Creating new functions within the agency, such as the ID Theft Clearing House, established in 2012, designed to accept and evaluate ID theft leads from the IRS’s local Criminal Investigation field offices, and
• The implementation of an ID theft indicator to lock the accounts of taxpayers who have died, making it more difficult to use a deceased person’s SSN to obtain a bogus refund. 

But these steps are not enough solve the problem. Even now, the IRS will never be able to work its entire inventory of fraudulent ID theft-related tax returns. It will have to select only the most egregious cases, meaning that fraudulent refunds will continue to be issued to the tune of billions of dollars every year. As it is already, the TIGTA chief pointed out:

While the amount of fraudulent tax refunds the IRS detects and prevents is substantial, it does not know how many identity thieves are filing fictitious tax returns and how much revenue is being lost due to the issuance of fraudulent tax refunds. TIGTA, p. 8.

The Solution is to Change the Tax System

This is just one more reason we have to consider fundamental changes to the tax system. Not even a flat tax will fix the problem of ID theft since a flat tax still requires the filing of tax returns and the blizzard of information the IRS lusts after. Only a national retail sales tax can solve this massive problem because only that system can once and for all dam the river of data flowing to the federal government.

Short of that, given the scope and breadth of the information demanded by the IRS, there can never be sufficient measures in place to solve the ID theft problem as long as data can be stolen from the public at large. Regardless of what the IRS does, creative thieves can always find a way to beat the system, and thus without fundamental change, the game of cat and mouse goes on endlessly.