Skip to content
Financial Fraud

Banks beware ID theft as US pumps funds into economy, says IRS financial crimes chief

Brett Wolf  Regulatory Intelligence

Brett Wolf  Regulatory Intelligence

As the U.S. government pumps hundreds of billions of dollars into the economy through payments to individuals, forgivable loans to businesses, and other steps to ease the impact of the COVID-19 pandemic, federal law enforcement authorities are counting on banks to spot and report potential fraud, said the head of the Internal Revenue Service's financial crime investigation unit in an interview with Thomson Reuters Regulatory Intelligence.

Don Fort, chief of Internal Revenue Service-Criminal Investigation (IRS-CI), said he is “very concerned” about potential identify theft, both “business and personal,” stemming from the “upcoming economic impact payments (EIPs)” and other financial relief in the more than $2 trillion Coronavirus Aid, Relief, and Economic Security Act (the CARES Act) passed by the U.S. Congress.

“History has shown that criminals take every opportunity to perpetrate a fraud on unsuspecting victims, especially when a group of people is vulnerable or in a state of need,” Fort said in the interview, which was conducted via email.

During the interview, Fort shared a number of “red flags” banks should be aware of as they scrutinize transactions and accounts for COVID-19-related frauds. Fort addressed the Payroll Protection Program (PPP), a key element of the CARES Act that dedicates $350 billion for loans so small businesses can keep paying workers and meet basic expenses like rent. He also addressed the provision providing IRS EIPs, of up to $1,200 per taxpaying adult. (Below is a summary of the interview, edited for length and clarity.)

TRRI: To what extent are you concerned about identity thieves obtaining Americans’ personal information and stealing their economic impact payments?

Don Fort: IRS-CI is very concerned about the potential ID theft, both business and personal, relating to the upcoming EIPs and other financial relief in the CARES Act. CI has already started communicating and forming task forces with our local, state and federal law enforcement counterparts and working with the Department of Justice and U.S. Attorney’s offices to combat COVID-19 fraud.

We have already seen a significant increase in phishing schemes where bad actors are trying to collect personally identifying information and financial account information. We know that some of these attempts and schemes will be successful and recognize that taxpayers will not receive their stimulus payments based on being victims of identity theft. We have learned from past stimulus and refund payments and are trying extremely hard to ensure the taxpayers that so desperately need this money during the current pandemic get it.

TRRI: Can you share specific “red flags” bank anti-money laundering (AML) and anti-fraud professionals can look for as they seek to spot such identity theft and other fraud related to the COVID-19 crisis and the CARES Act transactions?

Don Fort: Here are a couple examples but certainly not all-inclusive:

  • Multiple refund checks being deposited by a single taxpayer;
  • Multiple checks being deposited into one account by multiple taxpayers;
  • More than three direct deposits going into one account or three deposits going into multiple accounts of one taxpayer; Rapid transfer or withdrawal of EIP funds soon after deposit or transfer in;
  • Opening a new account with an emergency assistance check, where the name of the account holder is different from the depositor of the check;
  • Organizations that claim to be non-profits or charities that are collecting funds on behalf of relief efforts or scientific research whose names may include words like “relief,” “fund,” “medical,” and “foundation” in their titles to give the illusion that they are a legitimate organization and likely will not have a lengthy history;
  • Businesses (or merchants) that do not appear to have a lengthy corporate history (e.g., established within the last few months), a physical presence or address, or an EIN;
  • Discrepancies with an address, or presence in a high-risk jurisdiction or a region that is not usually associated with the merchandise they are selling — searches in corporate databases may reveal that the merchant’s listing contains a vague or inappropriate company name, multiple unrelated names, does not align with its business model, or the company has three or more name variations/multiple “doing business as” (dba) names; and
  • The merchant has an unclear business model and it is difficult to determining the true nature of the company and its operations; and Customers demonstrating a desire for virtual currency to pay a “ransom” after clicking on malware who could be victims of account takeover after their identity is stolen.

TRRI: Since the federal income tax filing deadline has been extended from April 15 to July 15, are you concerned that identity thieves will have more time to preempt legitimate tax filings and steal people’s refunds?

Don Fort: We recognize the extension of the filing season will give identity thieves additional opportunity to file tax returns to get fraudulent refunds from the IRS, but we also recognize that most scams, schemes and frauds take place throughout the year.

In most ID theft cases, we find an increase of filings early in the filing season in an effort to beat legitimate taxpayers filing their legitimate returns. We don’t turn off the filters on April 16th or let our guard down at any point of the year. In fact, we continue to learn from fraudulent attempts and are continually looking to add and fine tune to detect more fraud. CI works year-round with Wage and Investment Division and Return Integrity & Compliance Service Section to ensure the integrity of the U.S. tax system is strong.

TRRI: Will IRS-CI have an oversight role with regard to the PPP, which some expect will be rife with fraud as criminals try to take advantage of a loan program intended to sustain small businesses and jobs during the pandemic?

Don Fort: CI will not have specific oversight over the program but will bring our financial and cyber-expertise to any financial investigation to assist our local, state and federal law enforcement partners along with the prosecuting offices to ensure the best case is brought forward against criminals trying to take advantage of the system.

TRRI: What should bank compliance AML and anti-fraud officers keep in mind as they prepare for fraud stemming from the PPP and the EIP program?

Don Fort: AML professionals should continue to operate as normal, but maybe with a heightened sense of awareness due to the current operating environment. AML professionals may want to add changes/rules in their internal alerts systems based on EIP payments.

TRRI: Is there anything bank compliance officer should keep in mind when filing Suspicious Activity Reports (SARs) related to the COVID-19 crisis and government payments?

Don Fort: The most important part of the SAR narrative and the most helpful to law enforcement is an explanation of why the activity is suspicious. And per the statement from U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN): When filing SARs containing suspicious transactions linked to COVID-19, along with checking the appropriate SAR template boxes for certain typologies, financial institutions are encouraged to enter “COVID19” in Field 2 of the SAR-template.


More answers