Why Stolen Identity Refund Fraud Is the IRS’s Biggest Problem, and What Can Be Done About It

October 18, 2014

By Daniel W. Layton[1]

The IRS’s tax return-related identity theft problem has officially crossed from item of interest to law enforcement and tax professionals to a disturbing problem worthy of the national primetime news.  On September 21, 2014, tax return-related identity theft (also known as “stolen identity refund fraud”) was the focus of a 15-minute segment on CBS’s 60 Minutes, Biggest IRS Scam Around: Identity Tax Refund Fraud.[2]  Among those interviewed in the segment were IRS Commissioner John Koskinen, Deputy IRS Commissioner Steve Miller, Southern Florida United States Attorney Wilfredo Ferrer, and Miami Field Office FBI Special Agent In Charge George Piro.

The seriousness of the matter certainly came through to anyone watching, with United States Attorney Ferrer using a geographically-appropriate water analogy to describe the situation as “a tsunami of fraud.”  Florida has been the hardest hit by these fraud schemes, and Ferrer was also refreshingly blunt on several key points: that the scheme is surprisingly simple and requires no more than a computer, a social security number, and a date of birth; that the IRS was not ready to deal with the large number of fraudulent returns; and that clearing up a victim’s identity theft refund claim with the IRS can be “a nightmarish process.”

A Digital-Age Crime

Stolen identity refund fraud has grown in large part due to the IRS’s, and then criminals’ move into the digital age.  Unfortunately for the IRS and many victims of stolen identity refund fraud, the IRS’s acceptance and use of technology has apparently been balanced too far on the side of taxpayer convenience, making it easy for criminals and honest taxpayers alike to receive a refund.

The IRS’s move to online return filing as we know it began in 2002, when the IRS allowed signing of e-file returns using a PIN, making the process entirely paperless.  By 2005, more than half of all returns were e-filed.[3]  The e-filing is only part of the paper-free process, which is completed by the ability to have a refund wired from the Treasury to a bank or even a pre-paid cash card.  Those accounts, too, can be opened online using essentially the same personally identifying information  (“PII”) appearing on a tax return – a social security number, a name, and a date of birth. One element does typically require a physical presence and access to a mail box, however: a prepaid cash card or a bank account still requires real-world interaction to receive the card and withdraw cash from an ATM.  The IRS’s online refund tracking system,[4] has also allowed taxpayers and criminals alike to monitor their anticipated payments.

A Tsunami of Fraud

Like a tsunami, the stolen identity fraud has swollen to epic proportions in a very short time.  Information from the Federal Trade Commission shows that complaints of tax or wage-related fraud[5] grew from 15.6% in 2010 to 24.3% in 2011, 43.4% in 2012, and 30% in 2013.[6]  Stolen identity refund fraud now sits at the top of the IRS’s “Dirty Dozen” tax scams.[7]

According to a Government Accountability Office report released on September 23, 2014, the IRS estimates that $29.4 billion in tax return-related identity theft was attempted in the 2013 filing season (which presumably includes mainly 2012 tax year returns).[8]  Of this amount, the IRS estimates it paid $5.2 billion, just less than 18 percent.[9]  This is particularly disappointing news given the headway the IRS appeared to be making in battling this type of refund fraud.  According to reports by the Treasury Inspector General’s Office (TIGTA), for tax year 2010, the IRS issued potentially fraudulent refunds of $5.2 billion as well, but that number diminished to $3.6 billion for the 2011 tax year returns (processed in 2012).[10]

Perhaps more troubling is that the IRS is doing a better job, at least percentage-wise.  TIGTA reported that the IRS prevented approximately $12.1 billion in fraudulent refunds for the 2012 processing year, allowing approximately 23% of the attempted fraudulent refunds (out of a total of $15.7 billion attempted).[11]  The current increase in fraudulent refunds issued is despite a 5% improvement in detection and prevention by the IRS.[12]  Assuming the statistics are reasonably accurate from year-to-year, the take-away is that the incidences of stolen identity refund fraud has almost doubled over a single year, completely mitigating any positive effects of the IRS’s improved detection.

The reason for the increase is fairly obvious.  Succinctly put by Corey Williams, a convicted perpetrator of stolen identity refund fraud who was interviewed as part of the 60 Minutes piece: “Anybody who knew about it, you’d be a fool to not try to get involved with making some money.  I could just wake up in the comfort of my own home, and just get on a laptop, do about 15 returns a day.  Fifteen time $3,000 a return, that’s $45,000 a day.”[13]  In other words, it became popular among criminals (or opportunists-cum-criminals) because it is easy and it works extremely well.

Williams was not exaggerating about how profitable the scheme can be for a criminal.  According to TIGTA, 355 undetected fraudulent 2011 tax returns were filed using a single address in Colorado as part of such a scheme, and the IRS issued more than $1 million in refunds to that address before it was detected.[14]

The $3,000 per return figure was also not randomly picked by Williams.  A common component to these schemes is that they rely on small refunds and filing high volumes of returns.  To obtain those small refunds, the false returns are accompanied by a fabricated Form W-2 or 1099 showing a small amount of withholding and a small amount of income.  The income is typically zeroed-out using the standard deduction, schedule A or dependents, and the return claims the modest refund of the false withholdings.  Although the IRS has matching programs that most tax practitioners are familiar with, the matching programs don’t operate in real-time.  During filing season, the IRS gives taxpayers the benefit of the doubt, assuming the information returns from the employers weren’t filed or processed yet.  Because the amount of the refunds claimed is small, the returns aren’t given much scrutiny before refunds are issued.

The Government’s Response

The government’s response comes from three angles: (1) law enforcement response, designed to effectively prosecute identity thieves; (2) taxpayer-victim response; and (3) preventative measures.

Law Enforcement Response

Perhaps the biggest tool the IRS has used to detect identity theft schemes is the Scheme Development Center.  By at least 2013, the IRS developed filtering tools that detect commonalities in returns, like the repeated use of the same address or bank accounts, and identity a scheme.  In February of 2014, the first month of the filing season, the IRS identified and confirmed 28,076 fraudulent tax returns involving ID theft.[15]  However, because this method of detection involves recognition of patterns, it will necessary only allow the IRS to respond to the scheme after several returns have already been processed.

Federal prosecutors now have more tools at their disposal as well.  In 2004, Congress enacted 18 U.S.C. § 1028A, which prohibits the knowing use, without authorization, of another’s PII in connection with certain predicate offenses, many of which are now routinely charged in stolen identity refund fraud cases, like mail, wire and bank fraud.  Although a similar statute with a wider range of predicate offenses, 18 U.S.C. § 1028(a)(7), had already been in the books in  since 1998, the “big A” statute has become the prosecutor’s preferred charge in order to deter would-be identity thieves due to the mandatory minimum 2-year sentence consecutive to the sentence for the underlying offense.

To expedite investigation and prosecution of these cases, D.O.J. Tax Division Directives 144 and 145 were enacted in 2012 and 2014, respectively.  These directives allow United States Attorney’s Offices to open stolen identity refund fraud grand jury investigations, to bring charges, and to obtain seizure warrants for forfeiture of criminally derived proceeds arising from such crimes, all without prior authorization from the Tax Division – so long as the United States Attorney’s Office has a designated in-house point of contact who reviews the cases and sends notice to the D.O.J. Tax Division.

In addition to IRS and federal law enforcement, local law enforcement is beginning to prosecute these cases more often.  Because these are not particularly sophisticated crimes, many of them are committed by street-level criminals, gangs, or others with histories with local, rather than federal, law enforcement.  The stolen identity refund fraud is often discovered as part of a larger criminal investigation or as part of a routine traffic or DUI stop.  To allow local law enforcement to keep their momentum and use their resources to prosecute these cases, the IRS has begun a pilot program to enable local law enforcement, with the taxpayer-victim’s consent, to access the tax records necessary to prove the criminal conduct.[16]

Response to Taxpayer-Victims of Identity Theft Refund Fraud

The IRS’s Identity Protection Program is outlined in section 10.5.3 of the Internal Revenue Manual.  Because, as tax practitioners know, talking to the right person and finding the right form are often half the battle, the two most important parts of that program are arguably the use of the Identity Theft Affidavit, IRS Form 14039,[17] and the IRS Identity Protection Specialized Unit, which may be called at 1 (800) 908-4490 for any ID theft related inquiries.  Although there have been some instances in the past where identity theft victims have had to wait as much as 18 months to have their tax accounts cleared, the IRS now touts an average processing time of 6 months.[18]

The IRS divides Identity theft issues into two categories: Identity theft that is affecting tax administration and identity theft theft at risk of (but not yet) affecting tax administration.[19]  Elsewhere in the IRM this is referred to as “tax-related” or “non-tax-related” identity theft.  The Form 14039 reflects this division, having different boxes to check depending on whether the taxpayer has reason to believe the identity theft has affected his or her return or has no reason to believe his or her returns have been affected yet.[20]  If the IRS has initiated and made a determination that the taxpayer was a victim of tax-related identity theft, it will systemically issue a notice CP 01A, We Have Assigned You an Identity Protection Personal Identification Number.[21]

To prove tax-related identity theft alleged by a taxpayer, the IRS will request supporting documentation, including:[22]

         Authentication of Identity – a copy of a valid U.S. federal or state government issued form of identification (examples include a driver’s license, state identification card, social security card, or passport); and

         Evidence of Identity Theft – a copy of a police report or Form 14039, IRS Identity Theft Affidavit.

Fortunately, supporting documentation can be accepted from someone who has power of attorney for the taxpayer (e.g., Form 2848, Power of Attorney and Declaration of Representative).  Form 14039 requires a signature of the taxpayer or representative of the taxpayer.

Once a positive identity theft determination is made, the IRS will correct their records based on information submitted and cause issuance of a refund.[23]  In addition, the IRS will also issue the taxpayer an IRS Identity Protection PIN.  The IRS Identity Protection PIN (IP PIN) is a unique six digit number that is assigned annually to victims of identity theft for use when filing their federal tax return that shows that a particular taxpayer is the rightful filer of the return. This is in addition to the e-filing PIN. The IP PIN will allow these individuals to avoid further delays in filing returns and receiving refunds.

Preventative Measures

The IRS has stated that it will continue expand the filters it uses to recognize schemes prior to processing and issuing refunds.[24]  In addition, although IP PINs are not ordinarily issued without a tax-related Identity theft determination, the IRS began a pilot plan in 2014 to issue IP PINs preemptively to some taxpayers in Florida. Georgia, and Washington DC, in addition to those who received a CP01A.[25]

Potential IRS and Legislative Fixes

In its last report, TIGTA suggested that Congress needs to allocate resources to fix the problems associated with these schemes, stating:[26]

“Once the IRS identifies a potential identity theft tax return, it must verify the identity of the individual filing the return. However, verifying whether the returns are fraudulent will require additional resources. Without the necessary resources, it is unlikely that the IRS will be able to work the entire inventory of potentially fraudulent tax returns that it identifies, thus resulting in the issuance of refunds for those returns. The net cost of failing to provide the necessary resources is substantial, given that the potential revenue loss to the Federal Government of these tax fraud-related identity theft cases is billions of dollars annually.”

Legislators are now paying attention to the stolen identity refund problem and have proposed some statutory fixes.  For example, one gap in the criminal code is that prosecutors have limited predicate charges available if they want to use 18 U.S.C. § 1028A and those charges aren’t always a perfect fit.  While 18 U.S.C. § 287 and 286 (submission of false claims to the government and conspiracy to defraud the government, respectively) are probably the most apt charges for the false returns themselves, and are the Title 18 charges prosecutors are most familiar with in tax cases, Sections 286 and 287 are not included in the predicate offenses for “big A.”[27]  To fill this gap, Representative Kenny Marchant introduced a bill to add Sections 286 and 287 to the list of predicate offenses on July 29, 2014.  The bill was last referred to subcommittee on September 26, 2014.[28]

In addition, recognizing that 18 U.S.C §§ 286 & 287 are not tax specific and that 18 USC § 1028A does not include any tax-specific frauds as predicate offenses, the Joint Committee on taxation has discussed adding revising 26 U.S.C. § 7206 to include a criminal penalty for misappropriating taxpayer identity in connection with tax fraud. [29]

However, while these additions may streamline the law and help prosecutors bring charges that apply more comprehensively to the crimes, prosecutors already charge these cases, juries are convicting on the current law, and courts are ordering substantial sentences.  With the submission of patently false returns, adequate means of deterrence is not the problem. Rather, the problems are detection and prevention, which take resources to address. Legislation is popular, of course, without appropriations, because it brings political capital and doesn’t cost the taxpayers anything.  However, there is no indication that making the criminal conduct even more criminal will have any net effect.  Thus, TIGTA’s suggestion at the start of this section should not be forgotten.

So long as appropriate funding follows, a bill introduced only a few days after Marchant’s stands a better chance of limiting the IRS’s blood loss to identity fraud schemes.  The Tax Refund Theft Prevention Act of 2014 was introduced on July 31, 2014, and, as of the date this article was drafted, has been referred to the Committee on Finance.[30]  That bill includes a fairly comprehensive list of changes to IRS procedures and potential changes to private-party information return filing requirements that would, at least until the schemes evolve again, make it more difficult for the current perpetrators to receive fraudulent refunds.  The bill would require the IRS to implement a password system for return filing, require the IRS to set up an online information return filing and distribution system, and require the Treasury to issue regulations restricting the delivery or deposit of multiple refunds to the same mailing address or bank account.  In addition, the Treasury (likely TIGTA) would be required to provide a recommendation to Congress on accelerating the schedule for filing information returns and improving the IRS’s information-return matching programs to pick up on the bogus forms W-2 and 1099 used in the schemes.[31]

Ultimately, loss prevention and asset protection would be wise investments for the government when it comes to stolen identity refund fraud.  If Congress does not act swiftly and give the IRS both the tools and the resources to take swift action, it stands to lose tens of billions of dollars over the next few years given the current trajectory.

[1] A version of this article was published in the California Journal of Tax Litigation, 2014 4th Quarter.

[2] Currently available at www.cbsnews.com/news/irs-scam-identity-tax-refund-fraud-60-minutes.

[3] IRS E-File: A History, available at https://www.irs.gov/uac/IRS-E-File:-A-History.

[4] Where Is My Refund?, available at https://www.irs.gov/Refunds.

[5] Where an undocumented worker uses false identity documents to obtain work, identity theft can result in a taxpayer having a Form 1099 or W-2 showing income they didn’t earn filed with the IRS.

[6] Consumer Sentinel Network Data Book for January-December 2011, Federal Trade Commission, available at https://www.ftc.gov/sites/default/files/documents/reports/consumer-sentinel-network-data-book-january-december-2011/sentinel-cy2011.pdf; Consumer Sentinel Network Data Book for January-December 2013, Federal Trade Commission, https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-january-december-2013/sentinel-cy2013.pdf.

[7] IRS Releases the “Dirty Dozen” Tax Scams for 2014; Identity Theft, Phone Scams Lead List, IR-2014-16 (Feb. 19, 2014), https://www.irs.gov/uac/Newsroom/IRS-Releases-the-%E2%80%9CDirty-Dozen%E2%80%9D-Tax-Scams-for-2014;-Identity-Theft,-Phone-Scams-Lead-List.

[8] Identity Theft – Additional Actions Could Help IRS Combat the Large, Evolving Threat of Refund Fraud, GAO-14-633, p. 10 (released Sept. 22, 2014), available at http://www.gao.gov/assets/670/665368.pdf.

[9] Id.

[10] Detection Has Improved, However Identity Theft Continues to Result in Billions of Dollars in Potentially Fraudulent Tax Refunds., TIGTA Report 2013-40-122 (September 20, 2013), available at   https://www.treasury.gov/tigta/auditreports/2013reports/201340122fr.pdf.

[11] Id.

[12] Of course, another explanation for the differences in the data could be different methods of identifying the potentially fraudulent returns.  E.g., the higher 2012 figures could be the result of better detection and, thus, more accurate inclusion in the data pool.

[13] Biggest IRS Scam Around: Identity Tax Refund Fraud, 60 Minutes, CBS (Sept. 21, 2014).

[14] Detection Has Improved, However Identity Theft Continues to Result in Billions of Dollars in Potentially Fraudulent Tax Refunds., TIGTA Report 2013-40-122 (September 20, 2013).

[15] Semiannual Report to Congress – October 1, 2013-March31,2014, TIGTA, available at https://www.treasury.gov/tigta/semiannual/semiannual_mar2014.pdf.

[16] http://www.irs.gov/uac/Law-Enforcement-Assistance-Pilot-Program-on-Identity-Theft-Activity-Involving-the-IRS

[17] Available at https://www.irs.gov/pub/irs-pdf/f14039.pdf.

[18]  IRS Combats Identity Theft and Refund Fraud on Many Fronts, FS-2014-1 (January 2014), https://www.irs.gov/uac/Newsroom/IRS-Combats-Identity-Theft-and-Refund-Fraud-on-Many-Fronts-2014; IRM  21.9.2.2.1  (05-29-2013), Identity Theft Time Frame.

[19] IRM 21.9.2.1  (10-01-2013).

[20] The process for non-tax related identity theft victims is not discussed here, but more information can be found in IRM 21.9.2.

[21] An example can be found at https://www.irs.gov/pub/notices/cp01a_english.pdf.

[22] IRM 10.5.3.2.5.3  (01-16-2014), Identity Theft Case Building.

[23] IRM 10.5.3.2.8  (01-16-2014), Closing Identity Theft Issues.

[24] IRS Combats Identity Theft and Refund Fraud on Many Fronts, FS-2014-1 (January 2014), https://www.irs.gov/uac/Newsroom/IRS-Combats-Identity-Theft-and-Refund-Fraud-on-Many-Fronts-2014.

[25]2014 Identity Protection PIN (IP PIN) Pilot, IRS (January 2014),  http://www.irs.gov/uac/Newsroom/2014-Identity-Protection-PIN-(IP-PIN)-Pilot.

[26] Semiannual Report to Congress – October 1, 2013-March31,2014, TIGTA, available at https://www.treasury.gov/tigta/semiannual/semiannual_mar2014.pdf.

[27] Instead, the underlying charges used are typically mail, wire, or bank fraud.

[28] Taxpayer Identity Theft Prevention and Enforcement Act of 2014, H.R. 5236 – 113th Cong. (2013-2014), available at https://www.congress.gov/bill/113th-congress/house-bill/5236/text?q=%7B%22search%22%3A%5B%22H.R.+5236%22%5D%7D.

[29] Technical Explanation of the Senate Committee on Finance Chairman’s Staff Discussion Draft of Provisions to Reform Tax Administration, Joint Committee on Taxation, (November 20, 2013)  https://www.finance.senate.gov/newsroom/chairman/download/?id=c6073d9e-0dc5-4a70-9208-ca1203ea9dc4.

[30] S.2736 (July 31, 2014), available at https://www.congress.gov/bill/113th-congress/senate-bill/2736/text.

[31] This recommendation is echoed in Identity Theft – Additional Actions Could Help IRS Combat the Large, Evolving Threat of Refund Fraud, GAO-14-633, p. 10 (released Sept. 22, 2014), available at https://www.gao.gov/assets/670/665368.pdf, and the Senate Finance Committee’s own press release on the GAO report, GAO: Action Needed to Combat $5 Billion Tax Refund Fraud, 2014ARD 182-2113th Congress (September 22, 2014).

Call Now Button