TIGTA Reports Examine IRS Identity Theft Processes, Services
By Jason Bramwell
Identity theft was the focus of two reports released by the Treasury Inspector General for Tax Administration (TIGTA) on November 7 – the first concluding that the IRS issued billions of dollars in potentially fraudulent refunds in tax year 2011 despite expanded identity theft detection processes, and the second finding that the IRS needs to improve customer service efforts for identity theft victims.
The IRS reported that identity theft affected 1.2 million taxpayers in calendar year 2012, and, as of June 29, an additional 1.6 million people were affected in calendar year 2013.
"Identity theft continues to be a serious problem with devastating consequences for taxpayers and an enormous impact on tax administration", J. Russell George, Treasury Inspector General for Tax Administration, said in a written statement.
The first report, Detection Has Improved; However, Identity Theft Continues to Result in Billions of Dollars in Potentially Fraudulent Tax Refunds, follows up on a July 2012 report that found billions of dollars were being lost to identity theft in 2010.
TIGTA's objective for its most recent report was to determine if the IRS had improved its programs and procedures to identify and prevent fraudulent tax refunds resulting from identity theft. TIGTA found that the IRS had expanded identity theft prevention efforts, which helped the agency recognize fraudulent tax returns. Those efforts included:
- Expanding identity theft filters.
- Expanding account locks.
- Developing a process to cluster tax returns with the same address and/or direct deposit account numbers.
- Developing leads from its Identity Theft Clearinghouse.
- Expanding cooperation with local law enforcement.
However, after analyzing tax year 2011 returns, TIGTA identified approximately 1.1 million undetected tax returns filed using Social Security numbers that had the same characteristics of IRS-confirmed identity theft tax returns. Potentially fraudulent tax refunds issued amounted to approximately $3.6 billion, which was less than the $5.2 billion TIGTA reported for tax year 2010.
Additionally, TIGTA expanded its tax year 2011 analysis to include tax returns for which the primary Taxpayer Identification Number on the return was an Individual Taxpayer Identification Number (ITIN).
"We identified more than 141,000 tax year 2011 tax returns filed with an ITIN that have the same characteristics as IRS-confirmed identity theft tax returns involving an ITIN", TIGTA stated in the report. "Potentially fraudulent tax refunds issued for these undetected tax returns totaled approximately $385 million."
TIGTA also concluded that the IRS had still not taken actions to prevent multiple tax refunds from being deposited to the same bank account, which could provide identity thieves with an easy method of obtaining fraudulent tax refunds.
"Undetected tax refund fraud results in significant unintended federal outlays and erodes taxpayer confidence in the federal tax system", George said.
Two recommendations were made to Peggy Bogadi, commissioner of the IRS Wage and Investment Division, to further tighten identity theft prevention processes:
- Deactivate ITINs assigned to individuals prior to January 1, 2013, who no longer have a tax-filing requirement.
- Analyze characteristics of fraudulent tax returns resulting from identity theft to refine and expand identity theft filters used to detect and prevent the issuance of fraudulent tax refunds resulting from identity theft.
In response to TIGTA's recommendations, IRS management stated that an implementation team is addressing the deactivation process for ITINs issued prior to 2013 and is developing an agency-wide process to accomplish that objective. Additionally, during the 2012 and 2013 filing seasons, the IRS Taxpayer Protection Program identified opportunities for improvement to the filter processes and implemented changes that improved their performance and effectiveness.
The IRS also plans to continue to evaluate the feasibility and impact of changes to the Dependent Database filters and ITIN Real-Time System.
"The tactics employed by unscrupulous individuals in committing identity theft-related refund fraud are constantly evolving, and the practice remains a threat to the tax system", Bogadi wrote in a memorandum to TIGTA. "The use of filters was further expanded during the 2013 filing season. We also revised processes to proactively lock accounts at increased risk of identity theft and have developed more sophisticated data models to detect patterns of fraud as they emerged during the year. Another notable accomplishment in combating refund fraud by identity theft was launching the pilot program that permitted the sharing of data with state and local law enforcement agencies. We believe the expansions and improvements to fraud filters and other processes will cause the projected fraud losses to continue to decrease for tax year 2013 and beyond."
Delays in Resolving Identity Theft Cases
In its second report, Case Processing Delays and Tax Account Errors Increased Hardship for Victims of Identity Theft, TIGTA found that the IRS took an average of 312 days to resolve tax-related identity theft cases.
TIGTA conducted this audit as a follow-up to a May 2012 identity theft audit report that found case resolution averaged 414 days, cases were open from three to 917 days, and inactivity on the cases averaged eighty-six days.
For its latest report, TIGTA reviewed a statistically valid sample of one hundred identity theft cases closed between August 1, 2011, and July 31, 2012, and found that the IRS correctly determined the rightful owner of the Social Security number in all cases. However, TIGTA identified lengthy delays in case processing and found that tax accounts were not always correctly resolved, which resulted in delayed or incorrect refunds
For example, inactivity on the one hundred identity theft cases averaged 277 days, and tax accounts were not correctly resolved for twenty-five cases.
"I continue to be troubled by the lengthy case processing delays and tax account errors experienced by victims of tax-related identity theft", George said.
In the report, TIGTA said errors in account resolutions resulted from the lack of clear procedures and training provided to assistors working these cases.
"We surveyed 183 assistors who work identity theft cases", TIGTA stated in the report. "When asked to describe concerns with guidance on working cases, 133 (73 percent) of the assistors responded that the accounts management function's identity theft procedures are confusing. The remaining fifty employees (27 percent) believed that the Identity Theft Program needed its own procedure section in the IRS' internal guidance. In response to another survey question, 305 (74 percent) assistors responded that the overall process for working identity theft cases has not improved over the past year."
TIGTA also noted that the IRS needed to improve the accuracy of its Refund Fraud and Identity Theft Global Report. In the calendar year 2012 Global Report, the accounts management function's open case inventory was overstated by 95,429 cases.
The IRS made the following five recommendations to the IRS:
- Ensure that assistors assigned to identity theft cases work these cases exclusively and are provided with ongoing training and the ability to perform actions to work these cases to conclusion.
- Develop clear and consistent processes and procedures to ensure that taxpayer accounts are correctly updated when cases are resolved.
- Develop a standard format for information provided for inclusion in the Refund Fraud and Identity Theft Global Report.
- Develop validation processes and procedures to ensure the accuracy of information included in the Global Report.
- Develop retention requirements for the documentation supporting information included in the Global Report.
The IRS said it plans to ensure that sufficient resources are assigned to identity theft inventory and phones, and that processes and procedures are developed to make certain that all appropriate actions are taken on identity theft victims' accounts. The agency also plans to develop a template for use when reporting inventory for the Global Report and plans to use a certification process for each function to verify the data it provided. Lastly, the IRS plans to ensure that each function maintains documentation in accordance with retention standards.
Rebecca Chiaramida, director of IRS Office of Privacy, Governmental Liaison, and Disclosure, said in response to the TIGTA report that identity theft impacting tax administration remains one of the biggest challenges facing the IRS, and the harm it inflicts on taxpayers is an issue the agency takes seriously.
"Our work on identity theft and refund fraud continues to grow, touching nearly every part of the organization", she wrote in a memorandum dated September 16, 2013. "We expanded these efforts this past filing season to better protect taxpayers and help victims. Over 3,000 IRS employees are currently working on identity theft – more than double the number at the start of the previous filing season. We have also provided identity theft training to approximately 35,000 employees who work with taxpayers so that they are better able to recognize identity theft problems and assist victims. So far this calendar year, the IRS has worked with victims to resolve more than 565,000 cases. This number is more than three times the number of identity theft victim cases that we had resolved at the same time last year."