With less than a month before the April 15 federal tax-filing deadline, tax season is in full swing, and state governments have been ramping up their efforts to root out and stop tax fraud.
Verenda Smith, deputy director of the nonprofit Federation of Tax Administrators, told StateTech that states have been forced to ramp up their efforts because fraud has become more technologically complex.
“As fraud has become more prevalent and sophisticated, every time you try to…improve your ability to find it, the criminals are constantly looking for new ways to get around” the defenses, she said.
State tax agencies have instituted new verification mechanisms to detect potentially fraudulent returns and are working with the IRS to set up an Information Sharing and Analysis Center (ISAC) so that state and federal officials can collaborate more closely.
According to the IRS, the proposed ISAC “will centralize, standardize, and enhance data compilation and analysis to facilitate sharing actionable data and information.” The IRS hopes to have the ISAC up and running for the 2017 tax filing season, but Smith said that depends on whether Congress provides the IRS with the funding to do so.
Smith said there has never been an ISAC for sharing tax data between the IRS and state tax agencies. An ISAC will let the states and IRS share “much more data than we used to and in different combinations than we used to.” She noted that currently there are several legal restrictions on which entities can talk to others about data and that an ISAC will make it easier for different tax entities to communicate with one another.
ISAC will also let the IRS and states handle much larger volumes of data. “It’s designed for information to come in from multiple sources and be shared to multiple sources,” Smith said. “You would just have more data in one place at the same time.”
In the meantime, state tax agencies, the IRS and tax-preparation firms have been sharing more information than they have in the past, Smith said, and will continue to do so. “Instead of, for the most part, each of us fighting fraud on our own, we started looking at how our pieces fit together.”
The different players looked at “where we had information or knowledge of anything that happened in the filing process that could be approved, or that could be shared with one of the working partners, or where you had a trend you wanted to pass along.”
The IRS, state tax administrators and CEO) of the leading tax preparation firms first gathered in March 2015 for a “Security Summit,” which focused on methods to fight tax-return identity theft, and produced new guidelines last year for combating fraud. In June 2015 they agreed “on a series of recommendations to protect taxpayers and protect the integrity of the federal and state tax systems.”
Smith said there is a spectrum of tax fraud. There are the small-time swindlers, who set up shop in a brick-and-mortar location and lure people in with the promise of a larger or more immediate tax refund and then steal their identities. Once they have a person’s Social Security number and other personal information, they are able to generate bogus tax returns. Other scams are more sophisticated and larger in scale and involve the theft of numerous individuals’ identities.
According to a Stateline report, in 2015 “Utah discovered that about 8,000 state income tax returns were filed with fake IDs, which could have cost the state $11 million in bogus refunds. The fraud discovery precipitated a weekslong halt to processing taxpayers’ returns and an intense investigation that stopped all but $17,000 in false refunds.”
Tax fraud is big business. Last year the Government Accountability Office issued a report in which it stated that the IRS estimated it prevented $24.2 billion in fraudulent identity-theft refunds in 2013 but wound up paying $5.8 billion in refunds that were later determined to be fraudulent.
On its website, the IRS says that in 2015, through November, it “rejected or suspended the processing of 4.8 million suspicious returns.” The agency also revealed, “So far, we stopped 1.4 million confirmed identity theft returns, totaling $8 billion.” What’s more, during that same period, the IRS “stopped $2.9 billion worth of refunds in other types of fraud.”
Seeking to reassure Americans that it’s on top of this growing problem, the agency states on its website that new security safeguards are being put in place to prevent tax-refund fraud. “Many changes are designed to better authenticate the taxpayer’s identity and the validity of the tax return at the time of filing. The most visible change will be new password protections for private-sector tax software accounts. New standards require a minimum 8-digit password using a combination of letters, numbers and special characters.”
Additionally, according to the IRS, this year brings “new security questions, new lock-out features and new ways to verify emails. The password standards are intended to help protect taxpayers from identity thieves who take over their software accounts and file fraudulent tax returns using their names and Social Security numbers.”
Some states are requesting taxpayers’ driver’s license numbers and will confirm information before sending refunds. Others may opt to issue paper refunds. (Taxpayers do not need a driver’s license to file their federal return.)
As Stateline notes, certain states are taking drastic steps, as well, to fight fraud. As Stateline reported, Peter Franchot, the comptroller of Maryland, in February “suspended processing of both electronic and paper returns from almost 30 preparers and services because of the ‘high volume of questionable returns’ received from those locations.”
The IRS, states and many in the tax industry currently operate under the National Institute of Standards and Technology’s (NIST) cybersecurity framework to protect IT infrastructure. According to the IRS, as part of the Security Summit, the Strategic Threat Assessment & Response (STAR) Work Group last year held a preliminary meeting with NIST to develop strategy for a larger working group audience, and conducted a NIST information session on the cybersecurity framework as well as follow-up sessions to “develop strategy for how the NIST cybersecurity framework will be applied for all organizations within the tax industry.”
The goal is to get the entire tax industry operating under one cybersecurity framework so that protections for taxpayers are more uniform.
Additionally, a working group at the Security Summit focused on authentication “identified and successfully tested inclusion of more than 20 new data elements from tax return submissions that will be shared with the IRS and the states and will assist in detecting and preventing identity theft returns.” Some of those elements include “reviewing computer device identification data tied to the return’s origin” as well as “the time it takes to complete a tax return, so computer mechanized fraud can be detected.”
To combat subtler and sophisticated types of tax fraud, state agencies need more data and tools for analyzing that information, Smith said. “There was a time that most of your effort was just looking at four corners of a [tax] return,” she said, adding that it might be a math error that tipped a state investigator off. “Now we have to be looking beyond the four corners of the return.”