Despite telltale warning signs of stolen Social Security numbers, the IRS failed to identify and protect nearly half a million people without tax accounts for 2015 who were victims of employment-related identity theft. For another 61,000 people with IRS tax accounts, the agency failed to update their information with an employment identity theft marker.
That’s the bottom line of a new report from the Treasury Inspector General for Tax Administration (TIGTA).
Employment-related identity theft occurs when criminals use someone else’s identity – typically a Social Security number – to get a job. The first sign of being a victim usually comes when taxpayers receive an IRS notice of a discrepancy in the income they reported on their tax return.
Each year, the IRS receives about 2.4 million tax returns filed using an Individual Taxpayer Identification Number (ITIN) with reported wages – an indicator of potential identity theft.
TIGTA launched the probe to check the IRS’s strategies for identifying and helping victims of employment-related identity theft, which should include placing an identity theft marker on victims’ tax accounts and notifying the US Social Security Administration to ensure that victims’ Social Security benefits are not affected by the crime.
The result: IRS processes aren’t sufficient to identify all employment-related identity theft victims.
For instance, 497,248 victims weren’t identified by the IRS, even though identity thieves electronically filed tax returns with evidence that they used stolen Social Security numbers to gain employment. These victims did not have an IRS tax account, and many were claimed as a dependent on a filed tax return.
The agency also failed to spot employment-related identity theft when it processed paper tax returns. Based on its review, TIGTA projects that the IRS didn’t identify 272,416 victims of employment-related identity theft for the 685,737 paper tax returns filed by ITIN holders reporting wages in 2015.
TIGTA also identified 16,597 individuals whose Social Security numbers and full or partial names were used by an ITIN holder to obtain employment, but the IRS didn’t notify the Social Security Administration that the income earned under the victim’s Social Security number wasn’t earned by the victim.
Here’s what TIGTA wants the IRS to do, followed by the IRS’s reaction:
1. Figure out how to notify parents and legal guardians when dependents’ Social Security numbers are stolen.
IRS response: The agency disagreed, saying that claiming an individual as a dependent on a tax return isn’t conclusive proof that the person claiming the dependent is who should receive the notice on the dependent’s behalf. The agency is concerned that a systemic notification process, outside of an audit, couldn’t be sophisticated enough to account for “the nuances of complex family situations.”
2. Correct programming so that identity theft watches, or markers, are put on all electronically filed tax returns where there are ITIN and Social Security mismatches.
IRS response: The agency agreed and expects to determine how to do this soon.
3. Place the identity theft marker on the accounts of the 61,000 taxpayers.
IRS response: The agency agreed.
4. Require ITIN filers who provide paper tax returns to attach Form W-2 to their tax return.
IRS response: The agency disagreed, saying that wages are reportable even when a Form W-2 is not provided.
5. Develop tactics to spot employment identity theft on paper ITIN returns and add the identity theft marker on valid Social Security number owners’ tax accounts.
IRS response: The agency agreed and expects programming changes to be in place for the 2018 filing season.
6. Establish a process to ensure that an employment identity theft marker is placed on accounts of Social Security number owners for whom the Taxpayer Identification Number Perfection Unit associates income with an ITIN holder.
IRS response: The agency disagreed, saying that it’s unnecessary to mark the account to prevent the Social Security number owner from being contacted by the IRS’s compliance division. When the IRS links SSA Earnings Suspense File referrals to ITIN accounts based on prior-year usage, the earnings are not attributed to the account of the legitimate Social Security number owner. The earnings record is marked as using an invalid Social Security number when it is recorded in the Information Returns Master File. This action prevents the wages associated with the invalid account from being attributed to the Social Security number owner when document-matching activities are performed to determine if income has been reported correctly on filed returns.
7. Develop a procedure to notify the Social Security Administration when ITIN and Social Security number mismatches involve an ITIN holder using a victim’s Social Security number and full or partial name to commit identity theft.
IRS response: The agency agreed, saying it has processes in place now for doing that and they will be modified as needed.