IRS improves its fraud, ID theft detection
- By Derek B. Johnson
- Jul 20, 2020
Despite a 30% reduction in funding and staff allocated to tax enforcement since 2010, the IRS received high marks for its efforts cracking down on tax refund fraud and identity theft, according to a new audit from the Treasury Inspector General for Tax Administration (TIGTA). By deploying a layered approach that combines new software, public-private partnerships and innovative pilot programs, the IRS was able to save billions of dollars from ending up in the hands of criminals and fraudsters.
The topline figures over the past decade illustrates the progress made. In 2012, TIGTA estimated the IRS lost approximately $5.2 billion, but that number has shrunk substantially over the past decade. The latest available numbers from 2019 peg losses between $90 million and $380 million, and IRS programs have identified 438,580 fraudulent tax returns, another 442,991 identity-theft related tax returns and prevented a collective $3.63 billion in improperly issued tax dollars, auditors said. Numbers from 2018 claim more than $6 billion in fraudulent tax returns were identified and stopped before payments were issued.
One software system, the Return Review Program, scans tax returns and cross references them against more than 200 different filters designed to spot signs of fraudulent behavior or identity theft. The IRS is conducting manual analysis of suspicious returns flagged by the RRP system with the help of an organization called the Fraud Referral and Evaluation Group.
Another system, the Dependent Database, combines data from IRS, the Department of Health and Human Services, the Social Security Administration and other sources to spot identity theft.
The agency set up public-private partnerships with the Security Summit and the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC) to exchange information with industry on the latest threats and best practices. Work from the 2019 Security Summit led to the development and incorporation of more than 50 data elements that can help identify or detect potential tax refund fraud.
The IRS has also set up a dedicated resource center online, providing taxpayers with guidance on how to spot tax-related identify theft and tips on how to better protect their data from fraudsters by utilizing security software, passwords and identity protection PIN numbers developed by the agency.
Successful pilots have been expanded to further catch illegal behavior that fall through the cracks. One, the Deposit Account Verification Program, partners with industry providers to calculate a risk score for hundreds of thousands of suspicious returns that request refunds be sent via debit cards. Another, the External Leads Program, works with banks to cross-reference refunds when there is a mismatch in names or other account characteristics between the return and the requested bank account.
Another program automatically locks tax accounts for deceased individuals. The agency came under criticism last month for sending out stimulus checks to more than a million dead people, a problem officials attributed to not having full access to death data held by the Department of Treasury and Bureau of the Fiscal Service.
The agency is conducting several other fraud-based pilots, but the details are largely redacted from the report.
One area where the agency has fallen short is developing effective performance metrics for some of its anti-fraud efforts. The Taxpayer First Act passed in 2019 allows IRS to share fraudulent tax returns with ISAC partners, including the taxpayer’s name, IP addresses, device identification, email domain name, method of authentication, tax ID numbers and bank account and routing numbers. However, it has yet to begin such sharing for the 2019 or 2020 tax seasons, and the agency lacks meaningful metrics to measure the success of the ISAC’s work preventing fraud and identity theft.
“Currently, the only measure the IRS has relative to the ISAC is level of participation. IRS management stated that the increase in the participation results in more alerts posted, which shows the success of the ISAC,” auditors wrote. “Management also stated that participants would not continue to participate if the ISAC was not helpful to their organizations.
In a response attached to the audit, Wage and Investment Commissioner Kenneth Corbin said the IRS has begun sharing potential identity theft data with ISAC partners and has set up a secure platform to do so. The agency will also roll out new ISAC Federal Tax Information Analytical Reports by 2022 that will seek to better measure the ISAC’s impact on curbing fraud.
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.