Efforts by the Internal Revenue Service to curb wrongful refunds to identity thieves have shown progress, a watchdog said, but shaky methodology may be low-balling estimates of bad payments and a new risk management assessment is warranted.
The agency’s Taxpayer Protection Program to authenticate suspicious tax returns relies on posing questions that only the real taxpayer could answer, noted a Government Accountability Office report to a variety of members of Congress. But many fraudsters get around the filters by obtaining personally identifiable information. The agency estimates that of the 1.6 million returns selected for TPP, it potentially paid $30 million to identity thieves who filed 7,200 returns that passed the authentication process in the 2015 filing season.
“In response to past GAO recommendations, IRS adopted a new methodology in an effort to improve its 2014 [identity theft] refund fraud cost estimates,” auditors said. “However, the estimates do not include returns that fail to meet specific refund thresholds” or minimums, which can result in incomplete estimates. “Our analysis indicates that IRS underestimated how many fraudulent IDT returns passed TPP authentication,” GAO said.
GAO last year added identity theft tax refund fraud to its high-risk list after the “Get Transcript” Internet service was breached by fraudsters.
The IRS, for its part, has beefed up staff after estimating in 2014 overall that, while it prevented or recovered $22.5 billion in attempted identity theft refund fraud, it paid $3.1 billion in fraudulent refunds. In 2015 the agency—following a cash infusion of $290 million from Congress last fall-- staffed more than 4,000 full-time equivalents and spent about $470 million on all refund fraud and identity theft activities, GAO noted. IRS estimates that the additional $90 million it requested for fiscal 2017 (Congress so far has resisted) would thwart other identity thieves and bring in $612 million in new revenues.
Already, the agency had conducted research on the effectiveness of authentication procedures, including preparing a more challenging quiz for use in high-risk returns. “Given the challenges inherent in estimating fraudulent activity and the evolving nature of fraud schemes,” GAO said, “IRS’ efforts to improve taxonomy [methodology for producing] estimates are likely to be ongoing.”
GAO recommended that IRS update its risk assessment in the Taxpayer Protection Program and mitigate risks identified. GAO also recommended that IRS improve identity theft cost estimates by removing refund thresholds and using return-level data where available.
IRS managers agreed.