IRS Filters Caught $4.1 Billion in Suspected Identity Theft Tax Fraud
WASHINGTON, D.C. (OCTOBER 7, 2016)
BY MICHAEL COHN
The Internal Revenue Service added new data elements last tax season to its computer system filters to catch suspected cases of identity theft-related tax fraud totaling $4.1 billion, according to a new report, but it posted information about the secret data elements on its public website IRS.gov before removing it.
The report, from the Treasury Inspector General for Tax Administration, said the IRS tested 23 new federal tax return related data elements during the 2016 filing season in accordance with procedures in the Internal Revenue Manual. All 23 of the data elements became part of the IRS’s Return Review Program system, although the IRS ended up using only three of the elements to systemically filter returns and help identify potential instances of identity theft tax refund fraud during the 2016 filing season.
As of March 25, 2016, the IRS identified approximately $4.1 billion in suspected identity theft tax refund fraud, of which $72 million (from 21,000 tax returns) could be attributed to the three new data elements. The IRS also attributed the prevention of 24,000 taxpayer returns from being incorrectly selected as potential identity theft tax refund fraud returns to one of the three data elements.
For the other 20 data elements, there was not enough historical data to create business rules that would allow the IRS to use them systematically during the 2016 filing season. The IRS’s Applications Development division plans to decide in future filing seasons on potentially using the data elements.
For obvious reasons, the IRS wants to keep the data elements confidential and be kept secret from the public. TIGTA said it agrees with the IRS’s position and did not reveal them in the report to protect them from public exposure.
In response to the report, Debra Holland, commissioner of the IRS’s Wage and Investment Division, noted that the IRS convened a Security Summit in March 2015 with CEOs of the leading tax preparation firms, software developers, payroll and tax financial product processors and state tax administrators to discuss ways to leverage their collective resources to combat identity theft refund fraud. One of the outcomes was that software providers shared approximately 20 data elements from tax returns with the IRS and the states that could identify possible fraud. The IRS held subsequent meetings of the Security Summit last year and this year.
As a result of the Security Summit, from January to April 2016, the IRS stopped $1.1 billion in fraudulent refunds claimed by identity thieves on more than 171,000 tax returns, compared to $754 million in fraudulent refunds claimed on 141,000 returns for the same period in 2015, Holland noted. “Better data from returns and information about schemes resulted in better internal processing filters that identify fraudulent tax returns,” she noted.
She agreed that the processes and procedures used by the IRS to spot identity theft should not be made public, but she pointed out that the IRS publishes the schemas necessary for filing tax returns because software developers need to use them to develop their tax prep applications.
“New data elements, resulting from the Security Summit, were added to the schemas to assist in fraud detection,” Holland wrote. “While it was preferable to provide some form of secure access to the schemas, a workable solution could not be implemented in time for the 2016 filing season. The IRS made an informed decision to accept the business risk of making the schemas public but not to include any information about the elements in Modernized e-File publications to provide them as much protection as possible. While knowledge about the existence of data elements in the header schemas might be helpful to fraudsters, those data elements by themselves do not necessarily increase the risk of fraud. The IRS removed the schema information from IRS.gov in March 2016, shortly after the audit team brought their concern to our attention.”