Embed Size (px)
DESCRIPTION
Writing Sample - Tax Identity Theft Note
Citation preview
Tax Policy Seminar
Note
January 2013
Curbing the Identity-theft Refund Fraud Epidemic with
Technology and Common Sense
Christopher J. Sleeper
1
Introduction
Identity-theft related refund fraud is the crime du jour.1 Defrauding
taxpayers through the Internal Revenue Service does not require superior
intelligence, sophisticated tools or any specialized subset of knowledge.
Street criminals do it2; nurses do it3; undocumented workers do it4; people
behind bars do it5; geeks do it6; even Floridians do it (a lot)7; and you can do
it too. In hotel conference rooms, perpetrators teach groups of 50 to 100
1 See Identity Theft and Income Tax Preparation Fraud: Hearing Before the Subcomm. on Crime, Terrorism and Homeland Security of the H. Comm. on the Judiciary, 112th Cong. 14 (statement of Nina E. Olsen, National Taxpayer Advocate).2 In Tampa, detectives investigating drug dealers seized $600,000 in preloaded debit cards, $32,000 in fraudulent return checks, $15,000 in cash and ledgers with stolen personal information in suspects’ car following a high-speed chase. See Tampa Bay Online, “Drug Sting Leads Police to $600,000 in Tax Refund Debit Cards,” at http://www2.tbo.com/news/ news/2012/apr/02/5/drug-sting-leads-police-to-600000-in-tax-refund-de-ar-387665.3 Many of the 19 suspects arrested in a Florida sting used their positions in nursing homes to steal elderly people’s information. See Press Release, Polk County Sheriff’s Office, “PCSO Tax Fraud Investigation ‘Stop the Drop’ Nets 19 Suspects” (May, 8 2012), at http://www.polksheriff.org/NewsRoom/News %20Releases/Pages/05-08-2012.aspx. 4 See WRAL.com, “Investigators: Child Tax Credit Allows Fraudsters a Chance to Cheat,” at http://www.wral.com/investigators-child-tax-credit-allows-fraudsters-a-chance-to-cheat/11697176/.5 In TIGTA’s sample, 48,887 prisoners fraudulently claimed refunds totaling more than $130 million. See TIGTA, TIGTA 2010-40-129, Expanded Access to Wage and Withholding Information Can Improve Identification of Fraudulent Tax Returns, September 30, 2010.6 See IRS, IR-2012-23, IRS Releases the Dirty Dozen Tax Scams for 2012 (Feb. 16, 2012) (warning taxpayers about phishing).7 Tampa is the capital of refund fraud. See CNN Money, “IRS Pays Billions in Refunds to Identity Thieves,” at http://money.cnn.com/2012/08/02/pf/taxes/irs-identity-theft/index.htm.
2
how to commit refund fraud.8 They call these gatherings “drop parties”
because the easy money is dropped onto prepaid debit cards right into your
mailbox.9
Jokes aside, refund fraud is a serious issue that burdens the treasury,
individual taxpayers whose identities are stolen and the integrity of the tax
system. The Treasury Inspector General for Tax Administration (TIGTA)
estimated that in 2011 1.5 million returns involving ID theft went
undetected, representing a loss to the treasury of $5.2 billion.10 TIGTA
estimates that the IRS will issue $21 to $26 billion in fraudulent returns
over the next five years.11
Despite efforts to curb refund fraud, the government has
unintentionally encouraged its growth by making it more lucrative and
convenient. The government increasingly uses refundable credits for socio-
economic purposes.12 Tax filers may earn a negative income tax through
claiming a myriad of refundable credits, such as the Earned Income Credit,
Additional Child Tax Credit, Adoption Tax Credit, First-Time Homebuyer
Credit, Work Opportunity Credit, Making Work Pay Credit, Qualified Hybrid
Credit, and Health Coverage Tax Credit.13 Defrauders can manipulate
8 See Tampa Bay Times, “49 Accused of Tax Fraud and Identity Theft,” at http://www.tampabay.com/news/publicsafety/crime/49-accused-of-tax-fraud-and-identity-theft/1189406.9 Id.10 See TIGTA, TIGTA 2012-42-080, There Are Billions of Dollars in Undetected Tax Refund Fraud Resulting From Identity Theft, July 19, 2012.11 Id.12 See Identity Theft and Income Tax Preparation Fraud, 4.13 Id., 3-4; See also, Tax Credits, 1040.com, http://www.1040.com/federal-taxes/credits/ (last visited Jan. 9, 2012).
3
figures on returns through consumer-friendly software, such as TurboTax,
to maximize their refunds. Then they can bypass the IRS’s flimsy electronic
signature, electronically file, and receive their fraudulent refund in one to
two weeks via direct deposit or prepaid debit card.14 Due to poor detection
and prevention and lax enforcement and prosecution, fraudsters are
unlikely to face justice.15 Given the current state of affairs, refund fraud is
surely one of the most attractive crimes in the United States.
This paper will address identity-theft related refund fraud in four
parts. Part I will take the reader step-by-step through how fraudsters
commonly perpetrate refund fraud. Part II will explain how the IRS’s
current procedure is largely ineffective and, in fact, victimizes the injured
taxpayer. Part III will discuss the government’s attempts to minimize
refund fraud and analyze its failures and, if applicable, successes. Part IV
will recommend comprehensive solutions, including a real-time processing
system, which will greatly reduce this type of fraud. While some of my
recommendations are applicable to other types of refund fraud, such as
legitimate taxpayers abusing refundable credits to fraudulently inflate their
refunds, this paper will exclusively deal with identity-theft related refund
fraud.
I. Identity-theft Related Refund Fraud for Dummies
14 See Identity Theft and Income Tax Preparation Fraud, 3.15 Nationwide IRS launched only 898 refund fraud investigations in 2012. See Total Extent of Refund Fraud Using Stolen Identities is Unknown: Hearing Before the Subcomm. on Gov’t. Org., Efficiency and Fin. Mgmt. of the H. Comm. on Oversight and Gov’t. Reform, 112th Cong. 7 (statement of James R. White, Director, Strategic Issues).
4
Step one: steal an identity. For tax purposes, this is a lot easier than
it sounds. Indeed, for any purpose it is a lot easier than most people
probably think.16 To file someone else’s tax return, all a defrauder needs is
that person’s social security number, name and last-known address.17
Employees in health, finance or insurance have ready access to this
information.18 Prisoners can “borrow” this information from their fellow
inmates.19 Criminals can create phishing websites or phony official emails
to fraudulently obtain this information.20 IRS agents of course have access
to this information, and because the IRS prints this information on the front
of its notices, so would anyone who intercepts IRS documents.21 The
16 See e.g. Charlotte Johnson. Why is Identity Theft So Easy?, eHow, http://www.ehow.com/ about_5434049_identity-theft-easy.html (last visited Jan. 9, 2012).17 Accord PCSO Tax Fraud Investigation ‘Stop the Drop’ Nets 19 Suspects.18 Id.19 Identity-theft related refund fraud occurs in prisons in all 50 states and is increasingly popular. The number of fraudulent prisoner returns doubled between 2009 and 2010 with an attending 153% increase in fraudulent refunds issued. The scheme works by incarcerated individuals giving their information to a co-conspirator outside of prison, often a recent parolee. The co-conspirator files returns on their behalf, receives the refunds and shares a portion with the incarcerated prisoners. The incarcerated fraudsters have plausible deniability by claiming that they could not have filed since they were in prison. See IRS Prisoner Tax Compliance Program: IRS, American Correctional Association Conference, 5-22 (January, 2012) (available at http://www.aca.org/conferences/winter2012/WorkshopPresentations/E-1B%20The%20IRS's%20Partnership%20With%20Correctional%20Agencies%20to%20Fight%20Fraud.pdf).20 See IR-2012-23.21 See TIGTA, TIGTA 2012-40-050, Most Taxpayers Whose Identities Have Been Stolen to Commit Refund Fraud Do Not Receive Quality Customer Service, May, 3 2012, 10.
5
absolute best way to get this information, however, is to gain access to the
Death Master File (DMF).22
The DMF is a list of recently deceased individuals that includes their
full names, social security numbers, dates of birth, dates of death, and
county, state and zip code of their last-known addresses.23 The Social
Security Administration (SSA) publishes this document online through the
Department of Commerce’s National Technological Information Service
(NTIS) and updates the information weekly.24 Unlimited access is available
through the NTIS website for $995 per year.25 It is also commonly available
through genealogical websites for a nominal sum.26 While originally
intended to be used by financial and credit agencies to prevent identity
fraud, the DMF is a cheap way to gain another identity.27 For refund fraud
purposes, a decedent identity is just as useful as a living person’s identity
because the fiduciary of a decedent’s estate must file the decedent’s final
22 In United States v. Serge St-Vil, et al., Case No. 12-20768-CR-Scola, three defendants were charged with filing 5,000 decedent returns. The IRS blocked $14 million in refund, but still issued $6 million to the defendants. Press Release, United States Attorney’s Office Southern District of Florida, “Forty Defendants Charged In Separate Schemes That Resulted In Thousands Of Identities Stolen And Millions Of Dollars In Identity Theft Tax Filings,” (Oct. 10, 2012) (http://www.justice.gov/usao/fls/PressReleases/ 121010-02.html).23 Identity Theft and Income Tax Preparation Fraud, 15.24 National Taxpayer Advocate 2011 Annual Report to Congress 519.25 CNN Money, “Buy A Dead Person’s Identity From Social Security For $10, ” at http://money.cnn.com/ 2012/07/18/pf/identity-theft-deceased/index.htm?iid=EL.26 National Taxpayer Advocate 2011 Annual Report to Congress 519.27 Id. at 519-522.
6
income tax return for the year of death and any returns not filed for
preceding years.28
Step two: fill out return using TurboTax29. The identity thief must file
the return before the legitimate taxpayer does, or else the thief’s return will
be rejected as a duplicate.30 Therefore, the identity thief should file the
return early in January before the legitimate taxpayer has likely filed his or
her return or even received his or her W-2s and 1099s. The identity thief
fills out a fraudulent tax return using the stolen identity. He then fabricates
data, manipulates wage and deduction figures, and claims credits to
maximize the refund without triggering too much suspicion. Usually, the
identity thief uses TurboTax’s built-in refund calculator to generate a refund
of just under $10,000.31 The last step before filing is determining how to
get the refund – cash or check. The identity thief could simply have the IRS
deposit the refund directly into his or her bank account, but should the IRS
detect the fraud it is better to avoid leaving such an obvious trace. Instead,
refund fraudsters have refund checks or prepaid debit cards mailed to
28 IRM 5.5.1.8 (March, 26 2010).29 “TurboTax” is street parlance for this type of crime. Tampa Bay Online, “Drug Sting Leads Police to $600,000 in Tax Refund Debit Cards.”30 TIGTA 2012-40-050, 6.31 Tampa Bay Times, “49 Accused of Tax Fraud and Identity Theft.” While $10,000 is a good rule of thumb, thieves can get away with requesting significantly larger refunds. For example, Krystle Marie Reyes falsely reported income of $3 million and received a $2.1 million prepaid visa debit card. The state approved this gigantic refund even after several manual reviews. She was only caught when she lost the debit card and then asked for a replacement. See Huffington Post, “Krstle Marie Reyes Gets 5 ½ Years For $2.1 Million Bogus Tax Refund,” at http://www.huffingtonpost.com/2012/07/25/krystle-marie-reyes-tax-refund_n_1700458.html.
7
vacant homes, co-conspirators or even, brazenly, to the legitimate
taxpayer’s own address where they can just intercept the refund before the
taxpayer checks the mail.32
Step three: e-file. In order to e-file, the fraudster must “prove” that
he is the legitimate taxpayer by providing the IRS with his electronic
signature.33 The electronic signature may be either the taxpayer’s prior
year’s adjusted gross income or self-created PIN.34 For the elderly, prior
year adjusted gross income is often just zero, making their electronic
signature effectively useless as a security measure. The fraudster will have
a high rate of success filing on behalf of an elderly or deceased individual by
just entering zero as the electronic signature. Therefore identity thieves
frequently target such individuals (See table 1).
Table 1: Number of Returns Involving Identity-Theft by Category FY 201035
Deceased 104, 950
Elderly 76,338
32 See CNN Money, “IRS Pays Billions in Refunds to Identity Thieves.”33 Signing Your Electronic Signature, IRS, http://www.irs.gov/uac/Signing-Your-Electronic-Tax-Return (last visited Jan. 9, 2012).34 Id.35 TIGTA 2012-42-080.
8
Citizens of U.S. Possessions 67,789
Students 288,252
Children 2,274
Income level does not require tax
return952,612
However, should the identity thief need or desire to verify the
taxpayer’s PIN, the IRS has set up a mechanism for the thief to easily obtain
it. He merely needs to call 1-800-829-1040, provide the taxpayer’s social
security number, name and address (which he has already stolen and used
to fill out the return), and the IRS will give the thief the legitimate
taxpayer’s prior year original AGI amount or prior year PIN right over the
phone.36
As the above demonstrates, committing identity-theft related refund
fraud is relatively simple. There is very little risk inherent in any step. To
limit risk, one could steal identities from the DMF using a library computer
and use a payphone or prepaid cellphone to obtain PINs. Then one can
purchase a cheap laptop with cash and use it to file returns at Starbucks.
Send the prepaid debit cards to a vacant home. Then, prepaid debit cards
in-hand, either launder them or turn them into cash at various gas station
ATMs. As will be explained in Part II, the IRS response to identity-theft
36 Free Tax USA, http://www.freetaxusa.com/display_faq.jsp?faq_id=86, (last visited Jan. 9, 2012).
9
related refund fraud does little to hinder this criminal scheme, and in fact
harms the real taxpayer in the process.
II. The IRS’s Current Procedure for Handling Identity Theft
Assuming a fraudulent return is not blocked by the IRS’s fraud
detection filter (discussed in Part III), it may not be detected until the
legitimate taxpayer attempts to file, if ever, or until the IRS discovers the
fraud by matching income and withholding information to individual tax
returns.37 Instances of refund fraud may go undetected for years.38 If the
legitimate taxpayer is not required to file, he may only become aware that
his identity has been fraudulently used when the IRS attempts to recover
the deficiency from him through liens, levies and other enforcement
mechanisms.39 This breakdown in communication occurs because the IRS
uses the address from the most current tax return (the fraudulent one) for
all correspondence.40 Therefore, the IRS will send the deficiency notice to
the identity thief’s address rather than the previous, and probably correct,
address.41
37 Identity Theft: Who’s Got Your Number, Hearing before S. Comm. on Finance, 110th Cong. (statement of Max Baucus, Chairman, Committee of Finance.38 Id.39 Identity Theft and Income Tax Preparation Fraud, 9; See also CNN Money, “IRS Struggles To Keep Up Amid Surge In Tax Fraud,” at http://money.cnn.com/2012/06/28/pf/taxes/irs-tax-fraud/index.htm?iid=EL.40 Identity Theft-Related Tax Fraud: Hearing Before the Subcomm. on Gov’t. Org., Efficiency and Fin. Mgmt. of the H. Comm. on Oversight and Gov’t. Reform, 112th Cong. 10 (statement of Nina E. Olsen, National Taxpayer Advocate).41 Id.
10
If the legitimate taxpayer attempts to electronically file her return
subsequent to the fraudster, she will receive an error code that indicates
that her social security number has already been used to file a return. Then
she must contact the IRS and attempt to resolve the matter, a process that
on average takes 414 days, but may take twice as long.42
A second return using the same social security number is considered a
duplicate return.43 If an individual attempts to submit a duplicate return
electronically, it will be rejected immediately.44 Unable to file
electronically, the taxpayer will either call the IRS hotline or look online for
guidance. If the taxpayer calls the IRS’s toll-free hotline, the IRS customer
service agent will not immediately flag the social security number or open a
case, but will merely request that the taxpayer file a paper return with an
attached Form 14039, Identity Theft Affidavit, or a police report and a valid
government issued ID.45
If the taxpayer elects to seek help online, she may face another
problem. The taxpayer may believe that she needs to file Form 3949-A,
Information Referral, which is intended to allow taxpayers to report certain
types of fraud, specifically tax fraud and tax law violations.46 It is not clear
from the form’s directions that identity-theft is not one of those types of
42 TIGTA 2012-40-050, at 8.43 Id. at 6-9.44 Id.45 See TIGTA, TIGTA 2012-40-106, The Process For Individuals To Report Suspected Tax Law Violations Is Not Efficient Or Effective, September 10, 2012, at 5.46 Id. at 7.
11
fraud.47 In 2011, over 3,000 victims of identity-theft related refund fraud
filed Form 3949-A.48 Because the IRS lacks a procedure on how to process
Form 3949-A when it contains a claim of identity-theft, all of these forms
were destroyed without the IRS recording any of the data or notifying the
victims.49 Hopefully for these taxpayers, they also called the IRS hotline
and discovered that they needed to file a Form 14039 instead.
When the IRS receives the taxpayer’s paper return and Form 14039, it
is sent to the Duplicate Function of the IRS.50 The return sits in the
Duplicate Function, along with other identity-theft related returns, until
after the April 15th filing deadline.51 Only then does an IRS assistor in the
Duplicate Function flag the return as a possible case of identity-theft.52
Even at this point, the IRS does not notify the legitimate taxpayer, who may
have been waiting to hear from the IRS about his identity being stolen since
January, that an identity-theft investigation has been opened.53 Next the
Duplicate Function transfers the case to one of twenty-four other IRS
functions.54 If the case involves multiple issues, it will be transferred
between functions.55 Despite the establishment of the Identity Prosecution
Specialized Unit (IPSU) in 2008 to act as “traffic-cop” (discussed more in
47 Id.48 Id.49 Id.50 TIGTA 2012-40-050, 6-12.51 Id.52 Id.53 Id.54 Id. See also Identity Theft-Related Tax Fraud, 8; 55 Identity Theft-Related Tax Fraud, 9.
12
Part III) and placement of identity-theft specialists in each function, the
procedure is inefficient and confusing for the taxpayer.56
TIGTA performed a case study on seventeen identity-theft related
refund cases and discovered the following: (1) Case resolution averaged 414
days; cases were opened from three to 917 days; (2) Inactivity on cases
averaged a staggering 86 days; inactivity ranged from 0 to 431 days; (3)
The 17 taxpayers had 58 different cases opened and multiple assistors
workers their cases; 57 and (4) The victims were asked multiple times to
substantiate their identities. 58 While it can be difficult to determine who
the legitimate taxpayer is, clearly the IRS was not expediently making this
determination.
Resolving who is the legitimate taxpayer is complicated by the IRS’s
poor communication with the taxpayer.59 The IPSU was intended to provide
the taxpayer with single point of contact.60 However, a taxpayer whose
identity has been stolen does not receive the contact information of one
agent, but instead deals with multiple agents, whom are rarely on the same
page, and, worse, relies primarily on the IRS’s paper notices.61 Even if the
IRS is aware that the current address is fraudulent, the IRS does not update
the taxpayer’s official address until the identity theft is fully resolved.62
56 See Identity Theft and Income Tax Preparation Fraud, at 5.57 TIGTA 2012-40-050, at 9.58 Id. at 5.59 See TIGTA 2012-40-050.60 Id. at 20.61 Id. at 10.62 Identity Theft-Related Tax Fraud, at 10.
13
Therefore, the IRS will send many important notices to the wrong address.
These notices may disclose personal information to the identity thief.63
Further, TIGTA found that because multiple departments with conflicting
procedures handle the taxpayer’s case, the taxpayer receives redundant and
sometimes contradictory notices from the IRS, which serve to just confuse
the victim.64
III. The IRS’s Response to ID-Theft Related Tax Fraud
The IRS has responded to the boom in identity-theft related refund
fraud predictably by stepping up prevention, detection, enforcement and
prosecution, but it has done nothing particularly meaningful.
A. Prevention – Electronic Signature, IP PIN and Deceased Lock
The figures indicate that the IRS is unable to prevent the vast majority
of identity-theft related refund fraud. TIGTA estimates that in 2011 the IRS
successfully blocked 938,664 identity-theft related returns but failed to
detect 1.5 million.65 The first line of defense is the electronic signature. As
discussed above, this defense is effectively useless because it will not stop
an identity thief who already has the victim’s social security number, name
and address.
63 See TIGTA 2012-40-050, at 10. 64 Id.65 TIGTA 2012-42-080, at 2.
14
In 2012, the IRS implemented an additional PIN, the Identity
Protection (IP) PIN, for taxpayers who are confirmed victims of identity
theft.66 The IP PIN is a unique code that the taxpayer must use to
electronically file.67 Failure to provide the code during e-filing will result in
the return’s immediate rejection by IRS filters.68 So far, the IRS has issued
250,000 IP PINs to victims whose addresses and identities have been
verified.69 While this additional security credential will effectively prevent
identity-theft related refund fraud for these 250,000, it is inherently limited
to this small class of taxpayers. For IP PIN to be helpful for the larger class
of taxpayers who have not yet been victimized, the IRS would need to allow
all taxpayers to receive a unique identifier. For the credential to be
effective, the taxpayer must only be able to receive this PIN after the IRS
has verified his or her identity. Allowing an identity thief to receive this
number via a toll-free call to the IRS would completely undermine the
program’s effectiveness.
In 2011, the IRS has sought to curb the theft of deceased identities by
placing a lock on a small portion of accounts where both the IRS Master
File and the DMF show a date of death.70 As of March 2012, the IRS had
locked 164,000 decedent accounts, preventing $1.8 million in fraudulent
66 Identity Theft and Income Tax Preparation Fraud, at 11.67 Id.68 Id.69 Id.70 Identity Theft and Tax Fraud: Hearing before Subcomm. on Oversight and Subcomm. on Soc. Sec. of H. Comm. on Ways & Means, 112th Cong. 2 (statement of J. Russell George, Treasury Inspector General for Tax Administration).
15
refunds.71 This program will probably not be successful. Because the
fiduciary of a decedent’s estate must still file taxes on behalf of the
decedent for many prior tax years, the IRS will prevent legitimate tax
returns by merely locking an account where the social security appears on
the DMF. Blocking 164,000 accounts for a savings of $1.8 million is
negligible considering the legitimate need for decedent accounts to stay
open and that the payoff per account here was just over $10 ($1.8 million
divided by 164,000).
B. EFDS Filter
The IRS’s Electronic Fraud Detection System (EFDS) is the most
critical element of the IRS’s efforts to prevent refund fraud. EFDS is a
“mission critical, stand-alone automated system” that detects “reliable
indicators of taxpayer fraud.”72 Once EFDS flags a return as suspicious, the
IRS can delay processing the refund for up to 14 days in order to identify
questionable claims.73 If the IRS determines it needs more time to review
the claim, it may place the account in a temporary lock for up to 70 days.74
At the end of the 70 days, the IRS must release the refund, disallow the
claim or refer the case to another function of the IRS for further (more
serious) investigation.75 During this process, agents in the Account
Management Taxpayer Assurance Program (AMTAP) attempt to verify wage
71 TIGTA 2012-42-080, at 4.72 Electronic Fraud Detection System (EFDS) – Privacy Impact Assessment, IRS (Dec. 17, 2010), http://www.irs.gov/pub//irs-pia/efds-pia.pdf.73 National Taxpayer Advocate 2011 Annual Report to Congress 3174 Id.75 Id.
16
and withholding information.76 Typically, due to resource constraints or
lack of information, AMTAP must place an account at least in temporary
lockdown because it is unable to verify wage and withholding information.77
While this screening prevents fraudulent returns, it also burdens innocent
taxpayers whose refunds are mistakenly delayed.78 When a taxpayer wants
to inquire with the IRS why his refund has been blocked by EFDS, the IRS
refers his call to the Taxpayer Protection Unit.79 During peak filing season
in 2011, the Taxpayer Protection Unit could only field 11.7% of its phone
calls.80 Callers who did get through to the Taxpayer Protection Unit waited
an average of one hour six minutes.81 Overall, the IRS is unable to field
about 30% of its calls.82 These figures about poor communication with the
IRS indicate not just the burden that EFDS imposes on taxpayers but also
casts doubt upon any figure the IRS releases regarding the accuracy of
EFDS.83
In 2011, EFDS identified 1,054,704 suspicious returns, up from
611,845 in 2010.84 The IRS estimates that EFDS is 89% accurate, i.e. 89%
of flagged returns are fraudulent.85 TIGTA and others question the IRS’s
76 Id.77 See National Taxpayer Advocate 2011 Annual Report to Congress 32-35.78 Id.79 Identity Theft and Tax Fraud: Hearing before Subcomm. on Oversight and Subcomm. on Soc. Sec. of H. Comm. on Ways & Means, 112th Cong. 13 (statement of Nina E. Olsen, National Taxpayer Advocate).80 Id. at 14.81 Id.82 “IRS Struggles To Keep Up Amid Surge In Tax Fraud”.83 Identity Theft and Tax Fraud (statement by Nina E. Olsen), at 14.84 Identity Theft and Income Tax Preparation Fraud, at footnote 9.85 Id. at 8.
17
estimate.86 In addition to mistakenly delaying at least 100,000 legitimate
taxpayer’s returns87, EFDS fails to identify the majority of fraudulent
returns (1.5 million fraudulent returns in 2011).88 TIGTA examined a
sample of 60 fraudulent returns and found that 49 did not score high
enough on EFDS’s filters to merit further review.89
While no filter is perfect, EFDS glaringly omits a number of factors
that would significantly increase detection of refund fraud. First, EFDS
should consider the address given on the return because a large portion of
fraudulent returns comes from one of five cities: Lansing, Chicago, Belle
Glade, Orlando and Tampa.90 2,137 fraudulent returns came from one
address in Lansing, MI.91 Second, EFDS does not look at whether or not the
tax filer is incarcerated. TIGTA discovered that 88% of returns filed by
prisoners were not screened by EFDS.92 Further, TIGTA found that 17% of
prisoner returns (48,887) were fraudulent and falsely claimed $130 million
in refunds.93 Lastly, the IRS does not retain data from previous identity
theft cases.94 The IRS should retain and factor into EFDS the following info:
(1) how the return was filed, (2) income information, (3) the amount of the
86 Id. See also TIGTA 2012-40-050.87 Id.88 TIGTA 2012-42-080, at 2.89 Id. at 3-4.90 Id. at 9.91 Id.92 TIGTA 2010-40-129, at 22.93 Id.94 TIGTA 2012-42-080, at 9.
18
refund, (4) how the refund was issued and (5) the account or debit number
issued.95
Until the IRS implements more comprehensive reform, such as that
suggested in Part IV of this paper, the IRS should continue to improve
EFDS’s algorithms to reduce the number of false positives and improve
detection of fraudulent returns. EFDS is not nearly as sophisticated as it
could and should be. Also, the IRS must do a better job at vetting out
legitimate taxpayers caught in the EFDS filter.
C. Organizational Improvements – IPSU and Specialization
There are currently 660,000 identity-theft related tax cases in the IRS
inventory servicewide.96 Due to the tremendous growth of identity-theft
related refund fraud, the IRS has only responded with meager
organizational improvements. In 2008, the IRS established the Identity
Prosecution Specialized Unit (IPSU).97 IPSU’s goal was to provide end-to-
end case resolution and a single point of contact for victims of identity theft
tax fraud.98 IPSU is not equipped to meet this goal, and further IRS
organizational changes have actually deviated from this vision for IPSU.
IPSU should act as a traffic-cop, ensuring that cases are processed
efficiently and coordinating the various IRS functions. However, following
IPSU’s formation, the IRS placed specialized agents in each relevant
95 Id.96 Identity Theft and Income Tax Preparation Fraud, at 15.97 Id.98 Id. at 19.
19
function to deal with identity theft.99 Instead of making these specialized
agents liaisons with the IPSU, these agents too often act independently
following separate and conflicting procedures to deal with identity theft
cases.100 IPSU may issue Identity Theft Assistant Requests (ITARs) to
request functions perform specific actions.101 However, ITARs are not
binding.102 IRS functions do not have procedures in place to ensure
compliance with ITARs.103 Therefore, IPSU does little to simplify the
resolution of identity-theft cases. Cases still get handled by multiple agents
across multiple functions with minimal coordination.104 In effect, IPSU often
merely monitors this bureaucratic mess.105 As for a single point of contact,
this has not occurred as discussed above. The IRS should have a program
to monitor and coordinate ID-theft cases, i.e. the IPSU, and a separate
program to provide a single point of contact for ID-theft victims.
D. Enforcement and Prosecution
In 2008, the IRS launched only 108 investigations into identity-theft
tax fraud.106 In 2011, the IRS launched 276 investigations.107 In 2012, the
IRS stepped up enforcement, launching 898 investigations.108 The IRS
99 Id. at 17.100 Identity Theft and Tax Fraud (statement by Nina E. Olsen), at 16.101 TIGTA 2012-40-050, at 20.102 Id.103 Id.104 Id. at 8.105 IPSU is mandated to monitor each case every 60 days. Identity Theft and Income Tax Preparation Fraud, at 19.106 Total Extent of Refund Fraud Using Stolen Identities is Unknown, at 7.107 Id.108 Id.
20
made headlines early in 2012 by executing a nationwide sweep to round up
perpetrators of identity-theft related tax fraud.109 During one week, the IRS
arrested 105 people in 23 states and filed 939 criminal charges.110
However, there has been no comprehensive study on the prevalence of
identity theft.111 Obviously the fact that 2.5 million fraudulent returns are
filed per year (almost 2% of all returns)112 indicates that the scale of this
crime is enormous. Considering that everyone from petty thieves to
criminal enterprises engage in ID-theft related tax fraud, it is impossible to
determine how many individuals are engaged in this activity, and therefore,
how much the IRS needs to improve enforcement measures. Without hard
figures, we might take the word of people on the ground. Detective Sal
Augeri from Tampa compared the prevalence of refund fraud to the crack
epidemic of the 1980s: "[I]t’s being done by anybody and everybody that
can get their hands on a computer. . . . It's just rock cocaine on a plastic
card.”113 If this is the case, 898 investigations do not seem nearly enough to
act as a meaningful deterrent to this crime.
109 See IRS, IR-2012-13, Identity Theft Crackdown Sweeps Across the Nation; More than 200 Actions Taken in Past Week in 23 States (Jan. 31, 2012).110 Id.111 See e.g. U.S. Gov't Accountability Office, GAO-02-363, Identity Theft Prevalence and Cost Appear to Growing (2002).112 Number of fraudulent returns (2.5 million) divided by 145 million annual returns. See Identity Theft and Income Tax Preparation Fraud, at 3.113 Tampa Bay Online, “Police: Tampa Street Criminals Steal Millions Filing Fraudulent Tax Returns,” at http://www2.tbo.com/news/politics/2011/sep/01/11/police-tampa-street-criminals-steal-millions-filin-ar-254724/.
21
The largest impediment to criminal enforcement of tax fraud is IRC
Section 6103(i)(2) which authorizes the IRS to disclose return information
to federal law enforcement for use exclusively in criminal investigations.114
This section does not allow disclosure to state and local law enforcement.115
While under 6103(c) a taxpayer may consent to the disclosure of return
information to any person designated by the taxpayer116, there are multiple
problems with the current code. First, 6103(c) assumes that the IRS can
contact the legitimate taxpayer, who may be dead or otherwise
unreachable. Second, the taxpayer may not consent to releasing
information to state and local law enforcement, especially considering
6103(c) does not allow the taxpayer to specifically limit the use of disclosed
information for law enforcement purposes.117 Therefore, the IRS could not
act independently to disclose information from such returns to state and
local law enforcement. Recently, the IRS implemented a pilot program with
the State of Florida (a haven of tax fraud) to facilitate consent-based
sharing of return information with state and local law enforcement
agencies.118 This program still does not allow the IRS to unilaterally
disclose return information with state and local agencies119, and will
therefore likely be only marginally successful. Unless Congress amends
these code provisions, most tax fraud enforcement must be done exclusively
114 Identity Theft and Income Tax Preparation Fraud, at 19.115 Id.116 Id.117 Id.118 Id.119 Id.
22
by federal law enforcement without assistance from state and local law
enforcement.
IV. Proposals to Combat to ID-Theft Refund Fraud
The IRS needs to enter the 21st century if it hopes to successfully
combat ID-theft refund fraud. For example, the IRS only stopped accepting
information returns in magnetic reel format in 2008.120 When fraudsters
can pretend to be both employer and employee121, no matter how much
technology improves it is likely impossible for the IRS to conclusively prove
an individual’s income. However, the IRS must make refund fraud more
difficult to commit, more risky, less profitable, and therefore, less attractive
to criminals.
A. Eliminate Refundable Credits
A simple, but radical, solution to stop refund fraud is to eliminate its
refundable credits. Congress could allow taxpayers to eliminate their tax
burden but not allow them to receive a refund. Every credit is subject to
some level of abuse.122 At the top of the list is the Earned Income Tax
Credit (EITC).123 The IRS believes that between 23% and 28% of EITC
120 Comments from the National Payroll Reporting Consortium, Internal Revenue Service Public Hearing on Proposed Real-Time Tax System 21 (January 25, 2012)121 See Other Business Identity Theft Schemes to Defraud, BusinessIDTheft.ORG, http://www.businessidtheft.org/Education/BusinessIDTheftScams/OtherSchemestoDefraud/tabid/177/Default.aspx (last available Jan. 9, 2012).122 Kelly Phillips, “A Simple Solution For Reducing Taxpayer Fraud,” Forbes (May 26, 2012) (http://www.forbes.com/sites/kellyphillipserb/2012/05/26/a-simple-solution-for-reducing-taxpayer-fraud/).123 Id.
23
claims are paid out in error, or approximately $10 billion annually.124 The
Child Tax Credit and First-Time Homebuyer Credit are also notorious for
abuse because of the lack of proof required to receive them.125
However, Congress will never take this route because refundable
credits are a popular socio-economic tool to combat poverty. Refundable
credits especially benefit working families with children.126 The Census
Bureau’s 2011 Supplemental Poverty Measure estimated that if these
credits were not refundable, the percentage of all people in poverty would
rise to 18.9 percent from 16.1 percent, and the percentage of children in
poverty would rise to 24.4 percent from 18.1 percent.127 To most, such a
result is not acceptable even if perhaps the IRS is not the best agency to
provide welfare services.128
B. Real-Time System
124 Id.125 See “First-Time Fraudsters – A Tax Credit So Silly Even a Four-Year-Old Can Do It,” The Wall Street Journal (October 29, 2009) (http://online.wsj.com/article/SB10001424052748703574604574501253942115922.html). See also “Investigators: Child Tax Credit Allows Fraudsters a Chance to Cheat”.126 See New Evidence That Refundable Credits Lift People Out of Poverty, Tax Credits for Working Families (November 14, 2012) (http://www.taxcreditsforworkingfamilies.org/2012/11/evidence-refundable-credits-lift-people-poverty/).127 Id.128 See Nick Timiraos, “Use of Refundable Tax Credits Has Grown in Recent Years,” The Wall Street Journal (October 21, 2008) (http://online.wsj.com/article/ SB122454768040352279.html) (explaining bi-partisan support for credit system).
24
In a real-time system, the IRS processes taxpayer returns
simultaneously with information returns.129 This would be done either by
delaying processing taxpayer returns until the IRS has received all
information returns, or by moving forward the filing deadline for
information returns. Given the American taxpayer culture of instant
gratification in which taxpayers expect their returns within days to weeks of
filing, the former suggestion is unpalatable. In early 2011, the IRS began
speaking publicly about its long-term goal to move to a real-time processing
system.130 The IRS’s goal has received powerful support.131 Currently,
employers must provide employees W-2s and 1099s by January 31, while the
deadline for reporting to the government is March 31.132 It is the view of
this paper that the benefits (reducing refund fraud and closing the tax gap)
of requiring reporting to the government by January 31st outweigh the costs
(potential for errors, employer and third party burden and IRS resource
drain).
129 Comments from the National Payroll Reporting Consortium, at 1.130 Id.131 TIGTA has stated: “Access to third-party income and withholding information at the time tax returns are processed is the single most important tool that the IRS could have to identify and prevent tax refund fraud.” TIGTA 2012-42-080, at 7. The Electronic Tax Administration Advisory Committee believes the benefits of a real-time system are “compelling and should be pursued.” Electronic Tax Administration Advisory Committee 2012 Annual Report to Congress, 12. The National Taxpayer Advocate has alternatively recommended delaying refund processing until after March 31st so that the IRS could investigate every suspicious return. Identity Theft and Income Tax Preparation Fraud, 4.132 Comments from the National Payroll Reporting Consortium, at 2.
25
A real-time system would prevent a vast portion of ID-theft related
refund fraud, but still could not eliminate some tax fraud schemes. A real-
time system would prevent the situation where the fraudster files before the
legitimate taxpayer files, thus preventing the legitimate taxpayer from
filing. In this situation, the IRS would discover the duplicate return
immediately, determine that one of them appears fraudulent because it
reports incorrect income and withholding, reject that return and process
the other return that contains information matching the IRS’s data. A real-
time system would also prevent identity-theft related refund fraud that
involves claiming credits that require earned income, as opposed to
unearned income reported on line 21 of 1040. For example, if an identity-
thief filed a return claiming the EITC, the fraudster’s reported
income/withholding would not match IRS records. However, a real-time
system would not prevent fraud if the legitimate holder does not have any
reported income or does not file a tax return, and the credits claimed do not
require earned income. For example, an identity thief could file a return on
behalf of a deceased person claiming the American Opportunity Credit,
which is a credit that does not require the taxpayer to have any earned
income. Further, assume the decedent taxpayer did not have any reported
income that year and no one else filed taxes on his behalf. If the IRS just
tried to match earned income reported on the return ($0), this figure would
be consistent with the IRS’s records showing no third party information
reported. The IRS would allow this fraudulent refund despite the
26
safeguards of real-time processing unless other filters blocked this request.
While there are undoubtedly other clever ways to commit fraud, a real-time
system would prevent the simplest forms of refund fraud and make identity-
theft related refund fraud more difficult and risky to perpetrate. An
identity-thief could rarely be absolutely certain that a taxpayer whose
information they have stolen will not also file or will not have reported
income.
Even if a real-time system only eliminated a portion of identity-theft
related refund fraud, the IRS can and should work rapidly to adopt such a
system. The IRS issues $5.2 billion in identity-theft related refunds per
year133, $10 billion falsely claimed EITC credits per year134, $7 billion falsely
reported credits to undocumented workers135, and the gross tax gap (the
difference between what Americans pay and should pay) is a whopping
$450 billion per year136. A real-time system would help close the tax gap
and eliminate falsely claimed EITC credits because the IRS would catch a
lot of income not reported.137
However, a real-time system is not without its costs. Advancing
reporting deadlines would impose higher compliance costs upon employers.
The National Payroll Reporting Consortium (NPRC), a non-profit trade
133 “IRS Pays Billions in Refunds to Identity Thieves”.134 Phillips.135 Id.136 IRS, IR-2012-4, IRS Releases New Tax Gap Estimates; Compliance Rates Remain Statistically Unchanged From Previous Study (Jan. 6, 2012).137 See U.S. Gov't Accountability Office, GAO-08-266, Costs and Uses of Third-Party Information Returns (2007).
27
association whose member organization provide payroll processing for one-
third of the private sector workforce, commissioned a study in 2011 in
response to the IRS’s desire to move to a real-time system.138 In addition to
the information provided to the employee on the W-2, employers must
report to the government up to 50 elements of compensation, such as health
and welfare benefits, equity compensation, non-cash fringe benefits, many
of which are administered by third parties and may not be determinable for
days to weeks after December 31st.139 However, by January 31st, generally
all information is available.140 In fact, six states and the District of
Columbia, already require information reporting by January 31st.141
Estimates on the cost on employers range from pennies to $1,000 per
employee.142 Given that technology is making it increasingly easy for small
and large businesses to electronically file their W-2s and 1099s, pennies
seems a more accurate estimate. A survey by the Government
Accountability Office (GAO) found that small business (5 employees and
under) filled out 1099s using accounting packages and spent from three to
five hours completing the tax process.143 The survey found that mid-sized
138 Comments from the National Payroll Reporting Consortium, 1.139 Id.140 Id.141 Id. at 2.142 The highest estimate pulls a random number ($1,000) from the air and multiplies it by the number of firms in the United States (5 million). See Joseph Cordes, Should the Government Prepare Individual Income Tax Returns?, Technology Policy Institute (Sept. 2010), at http://www.techpolicyinstitute.org/files/should%20the%20government %20prepare%20individual%20income%20tax%20returns.pdf.143 GAO-08-266, at 26.
28
employers (20-25 employees) spent just over an hour.144 Further, employers
already file 99.7% of W-2s and 90% of all other types of returns
electronically.145 The IRS should require all employers to file W-2s and
1099s electronically.146 The cost should be minimal.147 Some states already
require all employers to electronically file.148
In order to successfully implement a real-time processing system, the
IRS must be up for the task or be given the resources to get there.
Currently the IRS is overburdened and stretched too thin. Even though IRS
already has access to income and withholding information for individuals
who receive Social Security benefits at the end of December, the IRS has
not established a procedure to cross-check this information to identify
fraud.149 Nor does the IRS have a procedure to use prior-year third party
information to identify suspicious claims.150 AMTAP, the department that
verifies suspicious wage and withholding information, has a staff of only
336.151 The IRS is unable to keep up with all that it is tasked to do, and
144 Id.145 Electronic Tax Administration Advisory Committee 2012 Annual Report to Congress, 4. 146 Currently, employers with fewer than 250 employees may file paper returns. This threshold was established by Tax Equity and Fiscal Responsibility Act of 1982 (TEFRA) when electronic filing required expensive formatting, generating and shipping magnetic reel tapes. Comments from the National Payroll Reporting Consortium.147 For FY 2009, the IRS processed three billion information returns fewer than 2% of which were in paper format. Reducing that 2% to 0% should not impose as much burden on employers as keeping paper filing as an option imposes on the IRS. Id.148 Id.149 TIGTA 2012-42-080, at 13.150 Identity Theft and Income Tax Preparation Fraud, at 12-13.151 Id. at footnote 11.
29
Congress adds more duties each year without increasing the IRS’s budget
or mandating improvement in digital infrastructure.152 The IRS would need
a dramatic technological overhaul, consolidation of its various databases153,
streamlined and consistent procedures, and budgeting and staffing
necessary to achieve this. This would be an ambitious undertaking, but it
would be paid for quickly by eliminating fraud and reducing the tax gap,
and it could gain support from taxpayers anxious to curb identity theft.
C. Identity Ecosystem
Rather than imposing the burden upon employers, the IRS could
create a voluntary system whereby taxpayers can safeguard their identities
by providing the IRS with personal information that the IRS can cross-
reference with returns to verify their validity. For instance, imagine the
following system. The legitimate holder of a SSN logs into the IRS website.
He provides his SSN. The IRS requests that he verify his identity using
several secure credentials. The legitimate holder of the SSN inputs various
identifying information, such as dependents, banking accounts, employers,
etc. If a tax thief files a return that reports information that does not match
152 IRS has a lot of work already (the agency is tasked under health reform with implementing eligibility determination, documentation, and verification processes for premium and cost sharing credits, and with handling a greater reporting volume of 1099 Forms; also other credits) See Cordes, footnote 15. While the IRS had pushed last year to increase its 2012 budget by $1 billion, the 2012 budget that was ultimately passed by Congress cut the IRS's budget by about 3%, to $11.8 billion. “IRS Struggles To Keep Up Amid Surge In Tax Fraud”.153 The IRS records identity theft information manually on 22 separate databases. Identity Theft and Tax Fraud (statement by J. Russell George), at 12.
30
the information provided by the legitimate taxpayer, the IRS will reject the
return. While the system need not be as complex as this, there should be
some mechanism whereby a taxpayer may demand that a return filed on his
behalf contain additional security credentials. All taxpayers could have
access to a secure PIN, such as IP PIN. It would be a PIN that can only be
accessed by the legitimate taxpayer who alone has the knowledge to supply
the necessary security credentials.
D. Verify Refunds
The IRS could block many refunds to identity-thieves simply by
verifying the refund recipient’s identity. The average tax refund in 2011
was $2,993.154 This is a lot of money to the average person. When someone
tries to pick up an online order for a 60” television from BestBuy, customer
service will request a copy of the emailed receipt and proof of identification,
usually a photo ID and the credit card used to make the purchase. I have
tried to pick up a 24” monitor worth $300 for an elderly, vision-impaired
man unable to leave his house, and been rejected because I did not possess
the corresponding photo ID, and the store management would not accept
identification over the phone. The IRS, however, will mail or deposit this
significant sum to any address or account as long as the return has a valid
SSN and corresponding name. The IRS receives 109 million refund
requests.155 Understandably, verifying the identities of these recipients,
most of whom are legitimate taxpayers waiting for their refunds to pay bills,
154 Identity Theft and Income Tax Preparation Fraud, at 3.155 Id.
31
would be time-consuming and expensive; this does not make it any less
crazy that the IRS dispenses $3,000 in taxpayer dollars like it’s candy at a
parade. The IRS could set a dollar amount or a suspicion level set by filters
at which a manual review must occur. People requesting refunds could also
have the burden of providing sufficient credentials to prove identities. A
taxpayer requesting $10,000 should be required to provide at least two
forms of identification along with their tax return. Mandating that
taxpayers provide higher proof for refundable credits, not just in identity-
theft cases, is a practical solution that would curb abuse.
D. Miscellaneous Proposals
1. EFDS algorithms should be improved to block irrelevant taxpayer
accounts, such as decedent accounts that are up-to-date on taxes, flag for
scrutiny accounts belonging to previous ID-theft victims and prisoners,
factor into consideration locations in which a large number of fraud occurs
and utilize data from ongoing and prior ID-theft cases.
2. Congress should pass legislation to restrict access to the DMF.
DMF is available to the public under the Freedom of Information Act.156
Pension administrators sought access to SSA information in order to
prevent fraud by using the information in the file to verify when a
beneficiary died so they could stop benefit payments.157 The DMF’s other
legitimate use is genealogy. Congress could pass legislation to restrict
156 Id. at 15-22.157 Id.
32
access to the DMF to pension administrators and delay access to the public
for several years.
3. The IRS should mandate withholding for independent contractors.
Currently, there is no way to stop an individual from providing his or her
employer a fake or fraudulently acquired SSN. Undocumented workers
often use this technique because they do not have SSNs.158 An independent
contractor seeking to avoid taxation could also use this technique by
providing his employers a fake SSN. When the employer reports the
income to the IRS, the legitimate SSN holder may be liable for the taxes. To
discourage this type of identity-theft, the IRS should require withholding for
independent contractors so that they either have an incentive to file a
return or do not have as much incentive to avoid using their own SSN.
Conclusion
Nothing short of eliminating refunds will completely eradicate refund
fraud; however, the IRS has done too little to curb identity-theft related
refund fraud. As a result, criminals are taking advantage of this easy crime
to steal from legitimate taxpayers. This paper contains many common-
sense proposals that the IRS could implement with little difficulty and some
proposals that will require significant political resolve. Successfully
implemented, these proposals will pay for themselves and protect legitimate
taxpayers from the unscrupulous behavior of criminals and dishonest
taxpayers.
158 Cynthia Blum, Rethinking Tax Compliance of Unauthorized Workers After Immigration Reform, 21 Geo. Immigr. L.J. 595 (Summer 2007).
33
