Yesterday, 60 Minutes ran a terrific segment on “stolen identity tax fraud,” a fast-growing scam whereby fraudsters use stolen identities to file fake tax returns, then have the refunds sent to them, instead of the real person.
The scam has tripled in the past three years, because it is surprisingly easy: personal data can be purchased online or from corrupt office clerks relatively cheaply, and the fraud scheme only requires basic details — a social security number and the date of birth.
The IRS has trouble dealing with this problem because its hands are tied: by law, it is obliged to send back refunds shortly after taxes are filed, which can often be before all companies have sent out W-2 forms to employees. This means IRS staff need to decide on tax refunds "in the dark," without other data to cross-reference against.
The tax authorities are also overly dependent on social security numbers being kept private, which has become much rarer now that the internet has proliferated personal details to hundreds of data silos, with access available to many more people, including some who are crooked.
Moves by the IRS to be more inclusive of the “unbanked” — people, usually poorer, without bank accounts — have also aided thieves. By allowing refunds to prepaid Visa cards, rather than via checks which low-income recipients must then pay substantial fees to cash, the IRS has also given thieves an easy and hard-to-track “escape route” to retrieve their fraudulent refunds.
Finally, the technology is also out of date. The IRS is not able to flag, for instance, many refund checks being sent to the same address, and it is also unable, most of the time, to tell whether a return has been submitted by the actual taxpayer, or by someone else entirely.
So what’s the solution?
Of course, there’s no overnight fix, but here’s an idea: take the “data fingerprinting” approach to anti-fraud technology that we at Trustev sell to financial institutions and e-commerce merchants, and use it to identify the tax return fraudsters at the moment they submit the tax returns online.
It could work something like this: the "transaction” (i.e. the tax return submissions) would be analyzed as they are sent to the IRS, including an examination of IP addresses and of transaction velocity. So if one computer were sending multiple returns, that would be flagged.
Unlike in e-commerce or finance, a tax return can’t be “declined” per se, but the suspicious submissions could at least be flagged at the time they’re sent to the IRS, and added to a queue for further review. By automating the data fingerprinting analysis, most genuine returns would go through without flagging, and the IRS could focus its resources on the small subset of fishy tax returns.
This could go a long way to reducing what is currently a $5 billion or higher loss for US taxpayers. For more on "data fingerprinting" antifraud software, you can read www.trustev.com.