IRS Could Improve Reponses to Identity Theft, Says GAO

Efforts by the Internal Revenue Service to curb wrongful refunds to identity thieves have shown progress, a watchdog said, but shaky methodology may be low-balling estimates of bad payments and a new risk management assessment is warranted.

The agency’s Taxpayer Protection Program to authenticate suspicious tax returns relies on posing questions that only the real taxpayer could answer, noted a Government Accountability Office report to a variety of members of Congress. But many fraudsters get around the filters by obtaining personally identifiable information. The agency estimates that of the 1.6 million returns selected for TPP, it potentially paid $30 million to identity thieves who filed 7,200 returns that passed the authentication process in the 2015 filing season.

“In response to past GAO recommendations, IRS adopted a new methodology in an effort to improve its 2014 [identity theft] refund fraud cost estimates,” auditors said. “However, the estimates do not include returns that fail to meet specific refund thresholds” or minimums, which can result in incomplete estimates. “Our analysis indicates that IRS underestimated how many fraudulent IDT returns passed TPP authentication,” GAO said.

GAO last year added identity theft tax refund fraud to its high-risk list after the “Get Transcript” Internet service was breached by fraudsters.

The IRS, for its part, has beefed up staff after estimating in 2014 overall that, while it prevented or recovered $22.5 billion in attempted identity theft refund fraud, it paid $3.1 billion in fraudulent refunds. In 2015 the agency—following a cash infusion of $290 million from Congress last fall-- staffed more than 4,000 full-time equivalents and spent about $470 million on all refund fraud and identity theft activities, GAO noted. IRS estimates that the additional $90 million it requested for fiscal 2017 (Congress so far has resisted) would thwart other identity thieves and bring in $612 million in new revenues.

Already, the agency had conducted research on the effectiveness of authentication procedures, including preparing a more challenging quiz for use in high-risk returns. “Given the challenges inherent in estimating fraudulent activity and the evolving nature of fraud schemes,” GAO said, “IRS’ efforts to improve taxonomy [methodology for producing] estimates are likely to be ongoing.”

GAO recommended that IRS update its risk assessment in the Taxpayer Protection Program and mitigate risks identified. GAO also recommended that IRS improve identity theft cost estimates by removing refund thresholds and using return-level data where available.

IRS managers agreed.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.