With just days left in the TY 2018 filing season, the IRS and its Security Summit partners have announced major progress has been made in the fight against tax-related identity theft. What’s more, they say, their combined efforts have added protection for thousands of taxpayers and billions of dollars in refunds.
The Security Summit, a group made up of IRS specialists, state tax agencies and income tax industry partners, joined forces with the Internal Revenue Service in 2015, at the behest of then-Commissioner John Koskinen. Together, the IRS and these stakeholder groups have built and implemented a number of joint initiatives. Many of these measures were unseen by taxpayers, running quietly in the background.
The results of these initiatives were fewer fraudulent tax returns entering tax processing systems, fewer confirmed identity theft returns being stopped, fewer bad refunds being issued, and fewer Americans identifying themselves as victims of tax-related identity theft.
A Brief Look at Four Years of Progress
Since the Security summit held its first meetings in 2015, the Summit partners have shared dozens of data elements from tax returns that could be indicators of fraud - such as the length of time used to prepare the return.
The IRS has enhanced and expanded its fraud filters and added protections to business as well as individual tax returns. States are also now requesting more information from filers, such as driver’s license numbers.
Software providers have strengthened password requirements to protect accounts and added multi-factor identity authentication. Debit card companies have also tightened their practices, and more financial institutions have helped recover fraudulent refunds.
As part of the team effort, the Summit partners established the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (IDTTRF-ISAC) to detect and prevent identity theft tax refund fraud. There are now 65 groups participating in the ISAC, able to react and respond quickly as scams arise.
Thanks to innovative action by the Security Summit and the overall tax industry, The IRS saw overall results almost immediately as fewer fraudulent returns entered the IRS processing system. As a gauge, here are some key numbers from 2018 and how they compare with their 2015 counterparts:
- Between 2015 and 2018, the number of taxpayers reporting they were identity theft victims fell 71 percent. These are taxpayers who file identity theft affidavits. In 2018, the IRS received 199,000 reports from taxpayers compared to 677,000 in 2015. This was the third consecutive year this number declined. There were 242,000 identity theft reports in 2017 and 401,000 in 2016.
- Between 2015 and 2018, the number of confirmed identity theft returns stopped by the IRS declined by 54 percent. For 2018, there was a slight, 9 percent uptick in the number of confirmed identity theft returns, 649,000 compared to 597,000 in 2017. But the 2018 count is still significantly below the 883,000 in 2016 and the 1.4 million in 2015.
- Between 2015 and 2018, the IRS protected a combined $24 billion in fraudulent refunds by stopping the confirmed identity theft returns. In 2018, the 649,000 confirmed fraudulent returns tried to obtain $3.1 billion in refunds. The IRS protected $6 billion in 2017, $6.4 billion in 2016 and $8.7 billion in 2015.
- Between 2015 and 2018, financial industry partners recovered an additional $1.4 billion in fraudulent refunds. The financial industry is a key partner in fighting identity theft, helping the IRS and states recover fraudulent refunds that may have been issued. But as fewer fraudulent tax returns enter the system, fewer fraudulent refunds are being issued. In 2018, financial institutions recovered 84,000 federal refunds totaling $112 million for the IRS. Institutions recovered 144,000 refunds worth $204 million in 2017, 124,000 refunds worth $281 million in 2016 and 249,000 refunds totaling $852 million in 2015.
IRS Commissioner Chuck Rettig credits teamwork for the gains made against identity thieves and scammers. But as he’s quick to point out, this is no time to rest on one’s laurels.
“Despite these major successes, more work remains,” Rettig said. “Identity thieves are often members of sophisticated criminal syndicates, based here and abroad. They have the resources, the technology and the skills to carry on this fight. The IRS and the Summit partners must continue to work together to protect taxpayers as cyber-thieves continue to evolve and adjust their tactics.”
Crime Marches On
As defenses change, so do the tactics of the criminal world. Emerging targets of identity thieves now include businesses and tax professionals. Despite the improvement in statistics on the individual income tax front, the number of businesses reporting tax-related identity theft increased 10 percent in 2018. The IRS fielded more than 2,400 reports of business identity theft, compared to just over 2,200 in 2017.
The Security Summit partners have now turned their efforts toward the business tax area, enacting many of the same protections that showed results in the individual tax arena.
However, simply using the same tools in the business tax area as on the individual side may not be enough to actually combat the problem.
Identity thieves use several different tactics with businesses. They may file a fraudulent tax return, a fraudulent quarterly tax payment or use stolen Employer Identification Numbers (EINs) to create fraudulent Forms W-2. Thieves also may impersonate business executives to convince payroll or finance employees to disclose employee W-2 information or make wire transfers. Partnerships, trusts and estates also can be at risk for tax-related identity theft.
And identity thieves haven’t given up on stealing individual tax data just because the Security Summit has made the process more difficult for them. The defenses just mean the crooks need more personal data in order to successfully impersonate a taxpayer – so that’s the thieves’ goal. Instead of getting that data from the taxpayer, though, the thief now looks to tax preparers.
Thieves can breach practitioners’ computer systems, steal client data and file fraudulent tax returns before a preparer may even know they have been victimized.
Thieves may also steal the tax practitioners Electronic Filing Identification Number (EFIN) or Preparer Tax Identification Number (PTIN) to help with identity theft and filing false returns. Tax professionals who experience a data theft should contact their IRS stakeholder liaison immediately for assistance.
For more information about identity theft, how to identify it, how to prevent it and how to report it, check out IRS.gov/identitytheft.