Skip to content
Dividends Magazine

Public-private partnership to combat identity theft tax fraud

Selen Ustun  Director, Enterprise Government Proposition

Selen Ustun  Director, Enterprise Government Proposition

Every tax filing season we become more aware of the dangers of identity theft, phishing, phone scams and various other schemes that target taxpayers.

If we are fortunate enough not to become victims, our interest fades after we file our taxes, only to be renewed the next year when we read about elaborate tax fraud schemes and look for ways to protect our personal information. The cycle begins again. For the federal and state tax authorities, however, fraud remains a challenge of utmost importance throughout the year. To tackle this challenge, the IRS initiated an effort to work with partners across the tax ecosystem to establish controls and safeguards to detect and prevent tax refund fraud resulting from identity theft – a model that can be utilized across the government beyond the area of tax.

Identity theft refund fraud

Every year, the IRS publishes its “Dirty Dozen” list,  which highlights the common scams that taxpayers may encounter throughout the year, particularly during the tax filing season. The 2017 Dirty Dozen includes schemes such as phishing (a staggering 400% increase in phishing and malware incidents in 2016), phone scams and offshore tax avoidance. Identity theft refund fraud makes its appearance in the Dirty Dozen for the seventh year in a row, leading the list in four of those years.

Identity theft refund fraud is committed when a criminal uses a stolen Social Security Number (SSN) or an Individual Taxpayer Identification Number (ITIN) to file a tax return and claim a fraudulent refund. When the person who actually owns the identity attempts to e-file his or her tax return, the IRS system gives a notification that a tax return has already been filed with that SSN or ITIN. In many cases, this is the first time that the person becomes aware of the identity theft. What follows is a long and arduous process of finding out the extent of the criminals’ activities and working on remediation of the damages. This is frustrating for the taxpayer, induces significant burden on the economy and erodes public trust in the tax system.

Recent investigations show the variety in size and scope of the schemes criminals devise to defraud the tax system using stolen identities:

  • In November 2016, a Tampa, Florida man was sentenced to 102 months in prison for involvement in a stolen identity refund fraud He and his coconspirators had filed fraudulent tax returns, requesting almost $6 million and receiving approximately $1.9 million from the IRS.
  • In August 2016, five people in Austin, Texas were sentenced to between 33 and 121 months in prison after they were found guilty of collecting Mexican identification documents and using them to obtain ITINs. They filed over 3,200 fraudulent tax returns and claimed more than $9 million in refunds from the IRS.
  • In July 2016, a Virginia man was sentenced to 47 months in prison for involvement in a stolen identity tax refund scheme. This individual was part of a 130-person operation, which filed at least 12,000 fraudulent federal income tax returns using stolen identities and claimed at least $42 million in refunds.

“Identity theft has shifted from small-time thieves to multinational criminal enterprises that mine the internet for personal information that is stolen, collected and sold to other criminals,” said Richard Weber, Chief, IRS Criminal Investigation.

IRS Security Summit and public-private collaboration

On March 19, 2015, IRS Commissioner John Koskinen convened the first Security Summit in Washington, D.C. and brought together IRS officials, state tax administrators and the CEOs of the nation’s leading tax preparation firms, tax software providers, and payroll and tax financial product processors. Approximately 25 leaders, including Jon Baron, managing director of the Tax & Accounting Professional Segment at Thomson Reuters, attended the summit and formed a public-private partnership to combat tax refund fraud and protect taxpayers.

The Security Summit established three working groups – Authentication, Information Sharing, and Strategic Threat Assessment and Response – which worked closely for the next two months and agreed on a set of new protections to enact before the 2016 tax filing season. Among other points, the Security Summit members agreed to:

  • Share 20 data elements from federal and state tax returns to improve authentication of taxpayer and tax return information to detect and prevent fraud.
  • Enhance identity requirements and authentication in tax software through mechanisms such as multi-factor authentication, trusted computer account validation and automatic email generation to notify users of account changes.
  • Align under the National Institute of Standards and Technology Cybersecurity Framework to reduce risks in the cyber infrastructure.
  • Launch a campaign called “Taxes. Together.” to increase public awareness about computer security and identity theft, and provide tips for taxpayers to protect themselves.

The Security Summit was held again in 2016 to build upon the successes of the previous year and add additional safeguards to protect taxpayers from evolving threats. With increased participation from the industry, including financial institutions, refund product providers and payroll service providers, the Security Summit was able to expand the public-private collaboration and provide more protections for taxpayers.

The IRS reports that this partnership has produced significant impact in the short time that it has been in place. From January to September 2016:

  • 237,750 identity theft affidavits were filed with the IRS. This shows a 50-percent drop in reported identity theft refund fraud victims compared to the same period in 2015.
  • The IRS saved over $4 billion by stopping 787,000 confirmed identity theft returns. This is almost a percent drop from the same period in 2015, indicating that more fraudulent returns were detected and stopped before they reached processing.
  • The new data elements shared on tax returns helped the IRS stop over 74,000 suspicious returns, saving over $372 million in refunds that might have been paid to criminals.
  • Information sharing from industry and state partners provided information that helped the IRS stop an additional 57,000  fraudulent  tax  returns.

“We’ve come a long way in a short time following the creation of the Security Summit,” Commissioner Koskinen said. “But much more work remains to be done, and the partnership has agreed to take even more steps to protect taxpayers in 2017.”  These steps include adding 37 new data elements to tax returns to strengthen authentication, sharing 32 data elements from business tax returns, expanding the Form W-2 Verification Code initiative, improving password requirements in tax software, expanding the public awareness campaign and establishing a new Identity Theft Tax Refund Fraud Information Sharing and Analysis Center.

Looking beyond tax fraud

The public-private partnership established by the IRS, states and tax industry as part of the Security Summit shows success in the particular case of tax fraud, but the underlying drivers of that success – sharing information, developing standards, increasing public awareness, taking advantage of advanced analytic capabilities developed in the private sector, working collaboratively towards a common cause and measuring progress – are transferable to other domains.

Jon Baron emphasizes this point and underlines this partnership’s potential as a model going forward. “I applaud Commissioner Koskinen for bringing together a cross-section of the public sector and private industry to combat a very real issue impacting not only individuals, but the very core of the tax system itself,” says Baron. “This highly successful effort can be held up as a stellar example of having a vision, communicating effectively how that vision can be accomplished, driving it through to execution and seeing to it that it continues to evolve to stay ahead of a rapidly changing landscape.”

For more information, visit: tax.thomsonreuters.com


Thomson Reuters Government Solutions

Where government challenges meet trusted answers. Click to learn more about global security; financial and regulatory insights; and transparency, efficiency and effectiveness solutions.

Where government challenges meet trusted answers on:

  • Global security
  • Financial and regulatory insights
  • Transparency, efficiency and effectiveness

Learn more at tr.com/government.

  • Facebook
  • Twitter
  • Linkedin
  • Google+
  • Email

More answers