Tech that helps flag fraudulent tax returns
- By Mark Pomerleau
- Feb 11, 2015
In spite of the safeguards instituted by private companies and governments to protect data from hackers and crooks, online data is almost always vulnerable. The latest example is Intuit’s Turbo Tax, which has lately been experiencing a spate of bad press after several states were forced to suspend income tax return filings online due to an unusually high volume of fraudulent returns.
Although Intuit is back online and states have resumed their online applications for income tax refunds, taxpayers whose returns have been hijacked might have to wait several months for states to straighten the paperwork out and give them refunds.
After working with third-party security expert Palantir on a preliminary examination of recent fraud, Intuit said it believes the fraud cases did not result from a security breach but rather from criminals using stolen identities. Hackers and criminals have been able to purchase information from previous returns in order to circumvent the tax preparation software, according to an NBC News report.
Some experts believe this could be one of the largest accounts of fraud as over 15 states have been affected.
But because tax fraud is pervasive, governments take additional precautionary measures to ensure such secure information is not compromised. Between 2011 and October 2014, the IRS said it stopped 19 million suspicious returns and protected more than $63 billion in fraudulent refunds. For 2015, it plans to increase both the number and efficiency of identity theft data models and filters that are used to identify potentially fraudulent returns.
Elsewhere, states have adopted measures called knowledge-based authentication, which can also be used for other government online services such as Medicaid. The Experian system used in Georgia works by asking certain questions that should only be known by the filer.
The answers to these “out of wallet” questions , such as “what was the color of your first car” or request previous addresses, should not be discoverable from typical identity theft information. Questions based on a combination of public- and private-sector information increases the system’s ability to correctly verify a taxpayer’s identity.
Indiana introduced a similar protocol after over 1 million taxpayers reported becoming victims of identity theft in 2012. Filers were redirected to a “secure exchange” powered by LexisNexis that compared data compiled from billions of identity records to information provided on one’s tax return filing.
In addition to Indiana, Georgia, Louisiana and Connecticut have partnered with LexisNexis to ensure similar security measures for their citizens’ filing. Georgia spots fraudulent returns with identity-based filters that flag people who have died, Social Security numbers changed to elude Do Not Pay lists, people not associated with the given address they list, people not associated with the Social Security number they list, identities not found in public-records searches and people incarcerated in prisons.
Tax agencies can combat fraud with authentication tools that fit into any existing tax return evaluation process, adding little to no additional time to the current process, according to Experian’s Barbara Rivera. With such technology, government can quickly process refunds while assuring they are being provided only to the legitimate taxpayer.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.