The Treasury Inspector General for Tax Administration (TIGTA) reported that the IRS had failed to detect 1.5 million tax returns with potential identity-theft-related fraudulent tax refunds exceeding $5.2 billion for the 2011 filing season (TIGTA Rep’t No. 2012-42-080). The IRS itself reported that it detected 938,664 returns with fraudulent tax refunds of $6.5 billion in the same period. TIGTA also reported that known instances of tax-related identity theft more than doubled from 2009 to 2011 (see related graphic).
TIGTA recommended that the IRS make the following changes to its procedures to reduce the problem:
1. Develop processes to use the National Directory of New Hires (NDNH), a database containing information on all newly hired employees, to verify wage and other information. (Currently, the IRS is not permitted to access this information for this purpose.) The IRS should also use prior-year third-party income and withholding information to identify fraudulent returns. The IRS agreed with this recommendation.
2. Develop processes to analyze characteristics of fraudulent tax returns resulting from identity theft and to refine the IRS’s existing tax processing filters. TIGTA used as an example its discovery that a large number of fraudulent tax returns came from the same address, noting that this was one method to flag suspicious returns. The IRS also agreed with this recommendation.
3. Seek legislation authorizing the IRS to obtain information from the NDNH frequently and regularly. The IRS agreed with this recommendation.
4. Develop a process to detect false Social Security benefit income and withholding claims at the time tax returns are processed, using Form SSA-1099 information from the Social Security Administration. That information is received each December, and the IRS should be using information from those forms earlier in the year, before it issues refunds. The IRS agreed and said that it had used the information in January this year while processing 2011 tax returns.
5. Develop a process with federal agencies and banks to ensure that tax refunds issued by direct deposit are made only to an account in the taxpayer’s name. The IRS said it will discuss with the government’s Financial Management Service whether such restrictions can be implemented.
6. Limit the number of refunds that can be deposited to the same account. The IRS has resisted having only one refund permitted per account because it is concerned about situations in which an account is in the name of multiple individuals. TIGTA countered by presenting evidence that at least 10 accounts had each received more than 300 refund direct deposits—one with 590 deposits totaling $909,267. The IRS agreed to work with the Financial Management Service to determine whether these limits are feasible.
7. Work with Treasury to ensure financial institutions and debit card administration companies authenticate the identity of individuals purchasing a debit card and prevent the direct deposit of tax refunds to debit cards issued or administered by financial institutions and debit card administration companies that do not take reasonable steps to authenticate individuals’ identities. The IRS agreed to work with Treasury’s Financial Crimes Enforcement Network (FinCEN) to develop procedures to ensure individuals’ identities are authenticated.
Other issues raised in the report included the IRS’s efforts to reduce the number of fraudulent returns filed using deceased taxpayers’ Social Security numbers by placing a lock on these taxpayers’ accounts. As of March 31, 2012, the IRS placed a deceased lock on more than 164,000 tax accounts and prevented approximately $1.8 million in fraudulent tax refunds using deceased individuals’ identities.
The IRS issues an identity protection personal identification number (PIN) to protect victims of identity theft from further losses and make sure their refunds are not needlessly delayed. TIGTA had found that the process was not working well and many victims’ refunds were delayed. The IRS fixed the problem before the start of the 2012 filing season. The IRS issued an identity protection PIN to 251,568 individuals for this filing season, up from 53,799 last year.