Tax Policy Seminar
Curbing the Identity-theft Refund Fraud Epidemic with Technology
and Common Sense
Christopher J. Sleeper
Identity-theft related refund fraud is the crime du jour.1Defrauding taxpayers
through the Internal Revenue Service does not require superior intelligence,
sophisticated tools or any specialized subset of knowledge. Street criminals do it2;
nurses do it3; undocumented workers do it4; people behind bars do it5; geeks do it6; even
Floridians do it (a lot)7; and you can do it too. In hotel conference rooms, perpetrators
teach groups of 50 to 100 how to commit refund fraud.8They call these gatherings “drop
1SeeIdentity Theft and Income Tax Preparation Fraud: Hearing Before the Subcomm.
on Crime, Terrorism and Homeland Security of the H. Comm. on the Judiciary, 112th
Cong. 14 (statement of Nina E. Olsen, National Taxpayer Advocate).
2 In Tampa, detectives investigating drug dealers seized $600,000 in preloaded debit
cards, $32,000 in fraudulent return checks, $15,000 in cash and ledgers with stolen
personal information in suspects‟ car following a high-speed chase. See Tampa Bay
Online, “Drug Sting Leads Police to $600,000 in Tax Refund Debit Cards,”
3 Many of the 19 suspects arrested in a Florida sting used their positions in nursing
homes to steal elderly people‟s information. See Press Release, Polk County Sheriff‟s
Office, “PCSO Tax Fraud Investigation „Stop the Drop‟ Nets 19 Suspects” (May, 8 2012),
at http://www.polksheriff.org/NewsRoom/News %20Releases/Pages/05-08-2012.aspx.
4See WRAL.com, “Investigators: Child Tax Credit Allows Fraudsters a Chance to Cheat,”
5 In TIGTA‟s sample, 48,887 prisoners fraudulently claimed refunds totaling more than
$130 million. See TIGTA, TIGTA 2010-40-129, Expanded Access to Wage and
Withholding Information Can Improve Identification of Fraudulent Tax Returns,
September 30, 2010.
6See IRS, IR-2012-23, IRS Releases the Dirty Dozen Tax Scams for 2012 (Feb. 16, 2012)
(warning taxpayers about phishing).
7 Tampa is the capital of refund fraud. See CNN Money, “IRS Pays Billions in Refunds to
Identity Thieves,” at http://money.cnn.com/2012/08/02/pf/taxes/irs-identity-
8See Tampa Bay Times, “49 Accused of Tax Fraud and Identity Theft,” at
parties” because the easy money is dropped onto prepaid debit cards right into your
Jokes aside, refund fraud is a serious issue that burdens the treasury, individual
taxpayers whose identities are stolen and the integrity of the tax system. The Treasury
Inspector General for Tax Administration (TIGTA) estimated that in 2011 1.5 million
returns involving ID theft went undetected, representing a loss to the treasury of $5.2
billion.10TIGTA estimates that the IRS will issue $21 to $26 billion in fraudulent returns
over the next five years.11
Despite efforts to curb refund fraud, the government has unintentionally
encouraged its growth by making it more lucrative and convenient. The government
increasingly uses refundable credits for socio-economic purposes.12 Tax filers may earn
a negative income tax through claiming a myriad of refundable credits, such as the
Earned Income Credit, Additional Child Tax Credit, Adoption Tax Credit, First-Time
Homebuyer Credit, Work Opportunity Credit, Making Work Pay Credit, Qualified
Hybrid Credit, and Health Coverage Tax Credit.13 Defrauders can manipulate figures on
returns through consumer-friendly software, such as TurboTax, to maximize their
refunds. Then they can bypass the IRS‟s flimsy electronic signature, electronically file,
and receive their fraudulent refund in one to two weeks via direct deposit or prepaid
debit card.14 Due to poor detection and prevention and lax enforcement and
10See TIGTA, TIGTA 2012-42-080, There Are Billions of Dollars in Undetected Tax
Refund Fraud Resulting From Identity Theft, July 19, 2012.
12See Identity Theft and Income Tax Preparation Fraud, 4.
13Id., 3-4; See also, Tax Credits, 1040.com, http://www.1040.com/federal-
taxes/credits/ (last visited Jan. 9, 2012).
14See Identity Theft and Income Tax Preparation Fraud, 3.
prosecution, fraudsters are unlikely to face justice.15 Given the current state of affairs,
refund fraud is surely one of the most attractive crimes in the United States.
This paper will address identity-theft related refund fraud in four parts. Part I
will take the reader step-by-step through how fraudsters commonly perpetrate refund
fraud. Part II will explain how the IRS‟s current procedure is largely ineffective and, in
fact, victimizes the injured taxpayer. Part III will discuss the government‟s attempts to
minimize refund fraud and analyze its failures and, if applicable, successes. Part IV will
recommend comprehensive solutions, including a real-time processing system, which
will greatly reduce this type of fraud. While some of my recommendations are
applicable to other types of refund fraud, such as legitimate taxpayers abusing
refundable credits to fraudulently inflate their refunds, this paper will exclusively deal
with identity-theft related refund fraud.
I. Identity-theft Related Refund Fraudfor Dummies
Step one: steal an identity. For tax purposes, this is a lot easier than it sounds.
Indeed, for any purpose it is a lot easier than most people probably think.16 To file
someone else‟s tax return, all a defrauder needs is that person‟s social security number,
name and last-known address.17 Employees in health, finance or insurance have ready
access to this information.18 Prisoners can “borrow” this information from their fellow
15 Nationwide IRS launched only 898 refund fraud investigations in 2012. See Total
Extent of Refund Fraud Using Stolen Identities is Unknown: Hearing Before the
Subcomm. on Gov’t. Org., Efficiency and Fin. Mgmt. of the H. Comm. on Oversight and
Gov’t. Reform, 112th Cong. 7 (statement of James R. White, Director, Strategic Issues).
16See e.g. Charlotte Johnson. Why is Identity Theft So Easy?, eHow,
http://www.ehow.com/ about_5434049_identity-theft-easy.html (last visited Jan. 9,
17Accord PCSO Tax Fraud Investigation „Stop the Drop‟ Nets 19 Suspects.
inmates.19Criminals can create phishing websites or phony official emails to
fraudulently obtain this information.20IRS agents of course have access to this
information, and because the IRS prints this information on the front of its notices, so
would anyone who intercepts IRS documents.21 The absolute best way to get this
information, however, is to gain access to the Death Master File (DMF).22
The DMF is a list of recently deceased individuals that includes their full names,
social security numbers, dates of birth, dates of death, and county, state and zip code of
their last-known addresses.23 The Social Security Administration (SSA) publishes this
document online through the Department of Commerce‟s National Technological
Information Service (NTIS) and updates the information weekly.24 Unlimited access is
19 Identity-theft related refund fraud occurs in prisons in all 50 states and is increasingly
popular. The number of fraudulent prisoner returns doubled between 2009 and 2010
with an attending 153% increase in fraudulent refunds issued. The scheme works by
incarcerated individuals giving their information to a co-conspirator outside of prison,
often a recent parolee. The co-conspirator files returns on their behalf, receives the
refunds and shares a portion with the incarcerated prisoners. The incarcerated
fraudsters have plausible deniability by claiming that they could not have filed since
they were in prison. SeeIRS Prisoner Tax Compliance Program: IRS, American
Correctional Association Conference, 5-22 (January, 2012) (available at
21See TIGTA, TIGTA 2012-40-050, Most Taxpayers Whose Identities Have Been Stolen
to Commit Refund Fraud Do Not Receive Quality Customer Service, May, 3 2012, 10.
22 In United States v. Serge St-Vil, et al., Case No. 12-20768-CR-Scola, three defendants
were charged with filing 5,000 decedent returns. The IRS blocked $14 million in
refund, but still issued $6 million to the defendants. Press Release, United States
Attorney‟s Office Southern District of Florida, “Forty Defendants Charged In Separate
Schemes That Resulted In Thousands Of Identities Stolen And Millions Of Dollars In
Identity Theft Tax Filings,” (Oct. 10, 2012)
23Identity Theft and Income Tax Preparation Fraud, 15.
24 National Taxpayer Advocate 2011 Annual Report to Congress 519.
available through the NTIS website for $995 per year.25 It is also commonly available
through genealogical websites for a nominal sum.26 While originally intended to be
used by financial and credit agencies to prevent identity fraud, the DMF is a cheap way
to gain another identity.27For refund fraud purposes, a decedent identity is just as useful
as a living person‟s identity because the fiduciary of a decedent‟s estate must file the
decedent‟s final income tax return for the year of death and any returns not filed for
Step two: fill out return using TurboTax29. The identity thief must file the return
before the legitimate taxpayer does, or else the thief‟s return will be rejected as a
duplicate.30 Therefore, the identity thief should file the return early in January before
the legitimate taxpayer has likely filed his or her return or even received his or her W-2s
and 1099s. The identity thief fills out a fraudulent tax return using the stolen identity.
He then fabricates data, manipulates wage and deduction figures, and claims credits to
maximize the refund without triggering too much suspicion. Usually, the identity thief
uses TurboTax‟s built-in refund calculator to generate a refund of just under $10,000.31
25 CNN Money, “Buy A Dead Person‟s Identity From Social Security For $10, ” at
26 National Taxpayer Advocate 2011 Annual Report to Congress 519.
27Id. at 519-522.
28 IRM 22.214.171.124 (March, 26 2010).
29 “TurboTax” is street parlance for this type of crime. Tampa Bay Online, “Drug Sting
Leads Police to $600,000 in Tax Refund Debit Cards.”
30 TIGTA 2012-40-050, 6.
31 Tampa Bay Times, “49 Accused of Tax Fraud and Identity Theft.” While $10,000 is a
good rule of thumb, thieves can get away with requesting significantly larger refunds.
For example, Krystle Marie Reyes falsely reported income of $3 million and received a
$2.1 million prepaid visa debit card. The state approved this gigantic refund even after
several manual reviews. She was only caught when she lost the debit card and then
asked for a replacement. See Huffington Post, “Krstle Marie Reyes Gets 5 ½ Years For
$2.1 Million Bogus Tax Refund,” at
The last step before filing is determining how to get the refund – cash or check. The
identity thief could simply have the IRS deposit the refund directly into his or her bank
account, but should the IRS detect the fraud it is better to avoid leaving such an obvious
trace. Instead, refund fraudsters have refund checks or prepaid debit cards mailed to
vacant homes, co-conspirators or even, brazenly, to the legitimate taxpayer‟s own
address where they can just intercept the refund before the taxpayer checks the mail.32
Step three: e-file. In order to e-file, the fraudster must “prove” that he is the
legitimate taxpayer by providing the IRS with his electronic signature.33 The electronic
signature may be either the taxpayer‟s prior year‟s adjusted gross income or self-created
PIN.34 For the elderly, prior year adjusted gross income is often just zero, making their
electronic signature effectively useless as a security measure. The fraudster will have a
high rate of success filing on behalf of an elderly or deceased individual by just entering
zero as the electronic signature. Therefore identity thieves frequently target such
individuals (See table 1).
32See CNN Money, “IRS Pays Billions in Refunds to Identity Thieves.”
33 Signing Your Electronic Signature, IRS, http://www.irs.gov/uac/Signing-Your-
Electronic-Tax-Return (last visited Jan. 9, 2012).
Table 1: Number of Returns Involving Identity-Theft by Category FY 201035
Deceased 104, 950
Citizens of U.S. Possessions 67,789
Income level does not require tax return 952,612
However, should the identity thief need or desire to verify the taxpayer‟s PIN, the
IRS has set up a mechanism for the thief to easily obtain it. He merely needs to call 1-
800-829-1040, provide the taxpayer‟s social security number, name and address (which
he has already stolen and used to fill out the return), and the IRS will give the thief the
legitimate taxpayer‟s prior year original AGI amount or prior year PIN right over the
As the above demonstrates, committing identity-theft related refund fraud is
relatively simple. There is very little risk inherent in any step. To limit risk, one could
steal identities from the DMF using a library computer and use a payphone or prepaid
cellphone to obtain PINs. Then one can purchase a cheap laptop with cash and use it to
file returns at Starbucks. Send the prepaid debit cards to a vacant home. Then, prepaid
debit cards in-hand, either launder themor turn them into cash at various gas station
ATMs. As will be explainedin Part II, the IRS response to identity-theft related refund
35 TIGTA 2012-42-080.
36 Free Tax USA, http://www.freetaxusa.com/display_faq.jsp?faq_id=86, (last visited
Jan. 9, 2012).
fraud does little to hinder this criminal scheme, and in fact harms the real taxpayer in
II. The IRS‟s Current Procedure for Handling Identity Theft
Assuming a fraudulent return is not blocked by the IRS‟s fraud detection filter
(discussed in Part III), it may not be detected until the legitimate taxpayer attempts to
file, if ever, or until the IRS discovers the fraud by matching income and withholding
information to individual tax returns.37 Instances of refund fraud may go undetected for
years.38 If the legitimate taxpayer is not required to file, he may only become aware that
his identity has been fraudulently used when the IRS attempts to recover the deficiency
from him through liens, levies and other enforcement mechanisms.39 This breakdown
in communication occurs because the IRS uses the address from the most current tax
return (the fraudulent one) for all correspondence.40 Therefore, the IRS will send the
deficiency notice to the identity thief‟s address rather than the previous, and probably
If the legitimate taxpayer attempts to electronically file her return subsequent to
the fraudster, she will receive an error code that indicates that her social security
number has already been used to file a return. Then she must contact the IRS and
37Identity Theft: Who’s Got Your Number, Hearing before S. Comm. on Finance, 110th
Cong. (statement of Max Baucus, Chairman, Committee of Finance.
39Identity Theft and Income Tax Preparation Fraud, 9; See also CNN Money, “IRS
Struggles To Keep Up Amid Surge In Tax Fraud,” at
40Identity Theft-Related Tax Fraud: Hearing Before the Subcomm. on Gov’t. Org.,
Efficiency and Fin. Mgmt. of the H. Comm. on Oversight and Gov’t. Reform, 112th
Cong. 10 (statement of Nina E. Olsen, National Taxpayer Advocate).
attempt to resolve the matter, a process that on average takes 414 days, but may take
twice as long.42
A second return using the same social security number is considered a duplicate
return.43 If an individual attempts to submit a duplicate return electronically, it will be
rejected immediately.44 Unable to file electronically, the taxpayer will either call the IRS
hotline or look online for guidance. If the taxpayer calls the IRS‟s toll-free hotline, the
IRS customer service agent will not immediately flag the social security number or open
a case, but will merely request that the taxpayer file a paper return with an attached
Form 14039, Identity Theft Affidavit, or a police report and a valid government issued
If the taxpayer elects to seek help online, she may face another problem. The
taxpayer may believe that she needs to file Form 3949-A, Information Referral, which is
intended to allow taxpayers to report certain types of fraud, specifically tax fraud and
tax law violations.46 It is not clear from the form‟s directions that identity-theft is not
one of those types of fraud.47 In 2011, over 3,000 victims of identity-theft related refund
fraud filed Form 3949-A.48Because the IRS lacks a procedure on how to process Form
3949-A when it contains a claim of identity-theft, all of these forms were destroyed
without the IRS recording any of the dataor notifying the victims.49 Hopefully for these
42 TIGTA 2012-40-050, at 8.
43Id. at 6-9.
45See TIGTA, TIGTA 2012-40-106, The Process For Individuals To Report Suspected
Tax Law Violations Is Not Efficient Or Effective, September 10, 2012, at 5.
46Id. at 7.
taxpayers, they also called the IRS hotline and discovered that they needed to file a
Form 14039 instead.
When the IRS receives the taxpayer‟s paper return and Form 14039, it is sent to
the Duplicate Function of the IRS.50 The return sits in the Duplicate Function, along
with other identity-theft related returns, until after the April 15th filing deadline.51 Only
then does an IRS assistor in the Duplicate Function flag the return as a possible case of
identity-theft.52 Even at this point, the IRS does not notify the legitimate taxpayer, who
may have been waiting to hear from the IRS about his identity being stolen since
January, that an identity-theft investigation has been opened.53 Next the Duplicate
Function transfers the case to one of twenty-four other IRS functions.54 If the case
involves multiple issues, it will be transferred between functions.55 Despite the
establishment of the Identity Prosecution Specialized Unit (IPSU) in 2008 to act as
“traffic-cop” (discussed more in Part III) and placement of identity-theft specialists in
each function, the procedure is inefficient and confusing for the taxpayer.56
TIGTA performed a case study on seventeen identity-theft related refund cases
and discovered the following:(1) Case resolution averaged 414 days; cases were opened
from three to 917 days; (2) Inactivity on cases averaged a staggering 86 days; inactivity
ranged from 0 to 431 days; (3) The 17 taxpayers had 58 different cases opened and
multiple assistors workers their cases;57and (4) The victims were asked multiple times to
50 TIGTA 2012-40-050, 6-12.
54Id. See alsoIdentity Theft-Related Tax Fraud,8;
55Identity Theft-Related Tax Fraud,9.
56SeeIdentity Theft and Income Tax Preparation Fraud, at 5.
57 TIGTA 2012-40-050, at 9.
substantiate their identities.58 While it can be difficult to determine who the legitimate
taxpayer is, clearly the IRS was not expediently making this determination.
Resolving who is the legitimate taxpayer is complicated by the IRS‟s poor
communication with the taxpayer.59 The IPSU was intended to provide the taxpayer
with single point of contact.60 However, a taxpayer whose identity has been stolen does
not receive the contact information of one agent, but instead deals with multiple agents,
whom are rarely on the same page, and, worse, relies primarily on the IRS‟s paper
notices.61 Even if the IRS is aware that the current address is fraudulent, the IRS does
not update the taxpayer‟s official address until the identity theft is fully resolved.62
Therefore, the IRS will send many important notices to the wrong address. These
notices may disclose personal information to the identity thief.63 Further, TIGTA found
that because multiple departments with conflicting procedures handle the taxpayer‟s
case, the taxpayer receives redundant and sometimes contradictory notices from the
IRS, which serve to just confuse the victim.64
III. The IRS‟s Response to ID-Theft Related Tax Fraud
The IRS has responded to the boom in identity-theft related refund fraud
predictably by stepping up prevention, detection, enforcement and prosecution, but it
has done nothing particularly meaningful.
58Id. at 5.
59See TIGTA 2012-40-050.
60Id. at 20.
61Id. at 10.
62Identity Theft-Related Tax Fraud, at 10.
63See TIGTA 2012-40-050, at 10.
A. Prevention – Electronic Signature, IP PIN and Deceased Lock
The figures indicate that the IRS is unable to prevent the vast majority of
identity-theft related refund fraud. TIGTA estimates that in 2011 the IRS successfully
blocked 938,664 identity-theft related returns but failed to detect 1.5 million.65 The first
line of defense is the electronic signature. As discussed above, this defense is effectively
useless because it will not stop an identity thief who already has the victim‟s social
security number, name and address.
In 2012, the IRS implemented an additional PIN, the Identity Protection (IP)
PIN, for taxpayers who are confirmed victims of identity theft.66 The IP PIN is a unique
code that the taxpayer must use to electronically file.67Failure to provide the code during
e-filing will result in the return‟s immediate rejection by IRS filters.68 So far, the IRS
has issued 250,000 IP PINs to victims whose addresses and identities have been
verified.69 While this additional security credential will effectively prevent identity-theft
related refund fraud for these 250,000, it is inherently limited to this small class of
taxpayers. For IP PIN to be helpful for the larger class of taxpayers who have not yet
been victimized, the IRS would need to allow all taxpayers to receive a unique identifier.
For the credential to be effective, the taxpayer must only be able to receive this PIN after
the IRS has verified his or her identity. Allowing an identity thief to receive this number
via a toll-free call to the IRS would completely undermine the program‟s effectiveness.
In 2011, the IRS has sought to curb the theft of deceased identities by placing a
lock on a small portion of accountswhere both the IRS Master File and the DMF show a
65 TIGTA 2012-42-080, at 2.
66Identity Theft and Income Tax Preparation Fraud, at 11.
date of death.70 As of March 2012, the IRS had locked 164,000 decedent accounts,
preventing $1.8 million in fraudulent refunds.71 This program will probably not be
successful. Because the fiduciary of a decedent‟s estate must still file taxes on behalf of
the decedent for many prior tax years, the IRS will prevent legitimate tax returns by
merely locking an account where the social security appears on the DMF. Blocking
164,000 accounts for a savings of $1.8 million is negligible considering the legitimate
need for decedent accounts to stay open and that the payoff per account here was just
over $10 ($1.8 million divided by 164,000).
B. EFDS Filter
The IRS‟s Electronic Fraud Detection System (EFDS) is the most critical element
of the IRS‟s efforts to prevent refund fraud. EFDS is a “mission critical, stand-alone
automated system” that detects “reliable indicators of taxpayer fraud.”72 Once EFDS
flags a return as suspicious, the IRS can delay processing the refund for up to 14 days in
order to identify questionable claims.73 If the IRS determines it needs more time to
review the claim, it may place the account in a temporary lock for up to 70 days.74 At the
end of the 70 days, the IRS must release the refund, disallow the claim or refer the case
to another function of the IRS for further (more serious) investigation.75 During this
process, agents in the Account Management Taxpayer Assurance Program (AMTAP)
70Identity Theft and Tax Fraud: Hearing before Subcomm. on Oversight and
Subcomm. on Soc. Sec. of H. Comm. on Ways & Means, 112th Cong. 2 (statement of J.
Russell George, Treasury Inspector General for Tax Administration).
71 TIGTA 2012-42-080, at 4.
72Electronic Fraud Detection System (EFDS) – Privacy Impact Assessment, IRS (Dec.
17, 2010), http://www.irs.gov/pub//irs-pia/efds-pia.pdf.
73 National Taxpayer Advocate 2011 Annual Report to Congress 31
attempt to verify wage and withholding information.76 Typically, due to resource
constraints or lack of information, AMTAP must place an account at least in temporary
lockdown because it is unable to verify wage and withholding information.77 While this
screening prevents fraudulent returns, it also burdens innocent taxpayers whose refunds
are mistakenly delayed.78When a taxpayer wants to inquire with the IRS why his refund
has been blocked by EFDS, the IRS refers his call to the Taxpayer Protection Unit.79
During peak filing season in 2011, the Taxpayer Protection Unit could only field 11.7% of
its phone calls.80 Callers who did get through to the Taxpayer Protection Unit waited an
average of one hour six minutes.81 Overall, the IRS is unable to field about 30% of its
calls.82 These figures about poor communication with the IRS indicate not just the
burden that EFDS imposes on taxpayers but also casts doubt upon any figure the IRS
releases regarding the accuracy of EFDS.83
In 2011, EFDS identified 1,054,704 suspicious returns, up from 611,845 in
2010.84 The IRS estimates that EFDS is 89% accurate, i.e. 89% of flagged returns are
fraudulent.85 TIGTA and others question the IRS‟s estimate.86 In addition to
mistakenly delaying at least 100,000 legitimate taxpayer‟s returns87, EFDS fails to
77See National Taxpayer Advocate 2011 Annual Report to Congress 32-35.
79Identity Theft and Tax Fraud: Hearing before Subcomm. on Oversight and
Subcomm. on Soc. Sec. of H. Comm. on Ways & Means, 112th Cong. 13 (statement of
Nina E. Olsen, National Taxpayer Advocate).
80Id. at 14.
82 “IRS Struggles To Keep Up Amid Surge In Tax Fraud”.
83Identity Theft and Tax Fraud (statement by Nina E. Olsen), at 14.
84Identity Theft and Income Tax Preparation Fraud, at footnote 9.
85Id. at 8.
86Id. See also TIGTA 2012-40-050.
identify the majority of fraudulent returns (1.5 million fraudulent returns in 2011).88
TIGTA examined a sample of 60 fraudulent returns and found that 49 did not score high
enough on EFDS‟s filters to merit further review.89
While no filter is perfect, EFDS glaringly omits a number of factors that would
significantly increase detection of refund fraud. First, EFDS should consider the
address given on the return because a large portion of fraudulent returns comes from
one of five cities: Lansing, Chicago, Belle Glade, Orlando and Tampa.90 2,137 fraudulent
returns came from one address in Lansing, MI.91 Second, EFDS does not look at
whether or not the tax filer is incarcerated. TIGTA discovered that 88% of returns filed
by prisoners were not screened by EFDS.92 Further, TIGTA found that 17% of prisoner
returns (48,887) were fraudulent and falsely claimed $130 million in refunds.93 Lastly,
the IRS does not retain data from previous identity theft cases.94 The IRS should retain
and factor into EFDS the following info: (1) how the return was filed, (2) income
information, (3) the amount of the refund, (4) how the refund was issued and (5) the
account or debit number issued.95
Until the IRS implements more comprehensive reform, such as that suggested in
Part IV of this paper, the IRS should continue to improve EFDS‟s algorithms to reduce
the number of false positives and improve detection of fraudulent returns. EFDS is not
88 TIGTA 2012-42-080, at 2.
89Id. at 3-4.
90Id. at 9.
92 TIGTA 2010-40-129, at 22.
94 TIGTA 2012-42-080, at 9.
nearly as sophisticated as it could and should be. Also, the IRS must do a better job at
vetting out legitimate taxpayers caught in the EFDS filter.
C. Organizational Improvements – IPSU and Specialization
There are currently 660,000 identity-theft related tax cases in the IRS inventory
servicewide.96Due to the tremendous growth of identity-theft related refund fraud, the
IRS has only responded with meager organizational improvements. In 2008, the IRS
established the Identity Prosecution Specialized Unit (IPSU).97 IPSU‟s goal was to
provide end-to-end case resolution and a single point of contact for victims of identity
theft tax fraud.98 IPSU is not equipped to meet this goal, and further IRS organizational
changes have actually deviated from this vision for IPSU. IPSU should act as a traffic-
cop, ensuring that cases are processed efficiently and coordinating the various IRS
functions. However, following IPSU‟s formation, the IRS placed specialized agents in
each relevant function to deal with identity theft.99 Instead of making these specialized
agents liaisons with the IPSU, these agents too often act independently following
separate and conflicting procedures to deal with identity theft cases.100 IPSU may issue
Identity Theft Assistant Requests (ITARs) to request functions perform specific
actions.101 However, ITARs are not binding.102 IRS functions do not have procedures in
place to ensure compliance with ITARs.103 Therefore, IPSU does little to simplify the
resolution of identity-theft cases. Cases still get handled by multiple agents across
96Identity Theft and Income Tax Preparation Fraud, at 15.
98Id. at 19.
99Id. at 17.
100Identity Theft and Tax Fraud (statement by Nina E. Olsen), at 16.
101 TIGTA 2012-40-050, at 20.
multiple functions with minimal coordination.104 In effect, IPSU often merely monitors
this bureaucratic mess.105 As for a single point of contact, this has not occurred as
discussed above. The IRS should have a program to monitor and coordinate ID-theft
cases, i.e. the IPSU, and a separate program to provide a single point of contact for ID-
D. Enforcement and Prosecution
In 2008, the IRS launched only 108 investigations into identity-theft tax fraud.106
In 2011, the IRS launched 276 investigations.107 In 2012, the IRS stepped up
enforcement, launching 898 investigations.108 The IRS made headlines early in 2012 by
executing a nationwide sweep to round up perpetrators of identity-theft related tax
fraud.109 During one week, the IRS arrested 105 people in 23 states and filed 939
criminal charges.110 However, there has been no comprehensive study on the prevalence
of identity theft.111 Obviously the fact that 2.5 million fraudulent returns are filed per
year (almost 2% of all returns)112 indicates that the scale of this crime is enormous.
Considering that everyone from petty thieves to criminal enterprises engage in ID-theft
related tax fraud, it is impossible to determine how many individuals are engaged in this
activity, and therefore, how much the IRS needs to improve enforcement
104Id. at 8.
105 IPSU is mandated to monitor each case every 60 days. Identity Theft and Income
Tax Preparation Fraud, at 19.
106Total Extent of Refund Fraud Using Stolen Identities is Unknown, at 7.
109See IRS, IR-2012-13, Identity Theft Crackdown Sweeps Across the Nation; More than
200 Actions Taken in Past Week in 23 States (Jan. 31, 2012).
111 See e.g. U.S. Gov't Accountability Office, GAO-02-363, Identity Theft Prevalence and
Cost Appear to Growing (2002).
112 Number of fraudulent returns (2.5 million) divided by 145 million annual returns.
SeeIdentity Theft and Income Tax Preparation Fraud, at 3.
measures.Without hard figures, we might take the word of people on the ground.
Detective Sal Augeri from Tampa compared the prevalence of refund fraud to the crack
epidemic of the 1980s: "[I]t‟s being done by anybody and everybody that can get their
hands on a computer. . . . It's just rock cocaine on a plastic card.”113 If this is the case,
898 investigations do not seem nearly enough to act as a meaningful deterrent to this
The largest impediment to criminal enforcement of tax fraud is IRC Section
6103(i)(2) which authorizes the IRS to disclose return information to federal law
enforcement for use exclusively in criminal investigations.114 This section does not allow
disclosure to state and local law enforcement.115 While under 6103(c) a taxpayer may
consent to the disclosure of return information to any person designated by the
taxpayer116, there are multiple problems with the current code. First, 6103(c) assumes
that the IRS can contact the legitimate taxpayer, who may be dead or otherwise
unreachable. Second, the taxpayer may not consent to releasing information to state
and local law enforcement, especially considering 6103(c) does not allow the taxpayer to
specifically limit the use of disclosed information for law enforcement
purposes.117Therefore, the IRS could not act independently to disclose information from
such returns to state and local law enforcement. Recently, the IRS implemented a pilot
program with the State of Florida (a haven of tax fraud) to facilitate consent-based
113 Tampa Bay Online, “Police: Tampa Street Criminals Steal Millions Filing Fraudulent
Tax Returns,” at http://www2.tbo.com/news/politics/2011/sep/01/11/police-tampa-
114Identity Theft and Income Tax Preparation Fraud, at 19.
sharing of return information with state and local law enforcement agencies.118 This
program still does not allow the IRS to unilaterally disclose return information with
state and local agencies119, and will therefore likely be only marginally successful.
Unless Congress amends these code provisions, most tax fraud enforcement must be
done exclusively by federal law enforcement without assistance from state and local law
IV. Proposals to Combat to ID-Theft Refund Fraud
The IRS needs to enter the 21st century if it hopes to successfully combat ID-theft
refund fraud. For example, the IRS only stopped accepting information returns in
magnetic reel format in 2008.120When fraudsters can pretend to be both employer and
employee121, no matter how much technology improves it is likely impossible for the IRS
to conclusively prove an individual‟s income. However, the IRS must make refund fraud
more difficult to commit, more risky, less profitable, and therefore, less attractive to
A. Eliminate Refundable Credits
A simple, but radical, solution to stop refund fraud is to eliminate its refundable
credits. Congress could allow taxpayers to eliminate their tax burden but not allow
them to receive a refund. Every credit is subject to some level of abuse.122 At the top of
120 Comments from the National Payroll Reporting Consortium, Internal Revenue
Service Public Hearing on Proposed Real-Time Tax System 21 (January 25, 2012)
121SeeOther Business Identity Theft Schemes to Defraud, BusinessIDTheft.ORG,
fraud/tabid/177/Default.aspx (last available Jan. 9, 2012).
122 Kelly Phillips, “A Simple Solution For Reducing Taxpayer Fraud,” Forbes (May 26,
the list is the Earned Income Tax Credit (EITC).123 The IRS believes that between 23%
and 28% of EITC claims are paid out in error, or approximately $10 billion
annually.124The Child Tax Credit and First-Time Homebuyer Credit are also notorious
for abuse because of the lack of proof required to receive them.125
However, Congress will never take this route because refundable credits are a
popular socio-economic tool to combat poverty. Refundable credits especially benefit
working families with children.126 The Census Bureau‟s 2011 Supplemental Poverty
Measure estimated that if these credits were not refundable, the percentage of all people
in poverty would rise to 18.9 percent from 16.1 percent, and the percentage of children
in poverty would rise to 24.4 percent from 18.1 percent.127 To most, such a result is not
acceptable even if perhaps the IRS is not the best agency to provide welfare services.128
B. Real-Time System
In a real-time system, the IRS processes taxpayer returns simultaneously with
information returns.129 This would be done either by delaying processing taxpayer
returns until the IRS has received all information returns, or by moving forward the
filing deadline for information returns. Given the American taxpayer culture of instant
125See “First-Time Fraudsters – A Tax Credit So Silly Even a Four-Year-Old Can Do It,”
The Wall Street Journal (October 29, 2009)
ml).See also “Investigators: Child Tax Credit Allows Fraudsters a Chance to Cheat”.
126See New Evidence That Refundable Credits Lift People Out of Poverty, Tax Credits
for Working Families (November 14, 2012)
128See Nick Timiraos, “Use of Refundable Tax Credits Has Grown in Recent Years,” The
Wall Street Journal (October 21, 2008) (http://online.wsj.com/article/
SB122454768040352279.html) (explaining bi-partisan support for credit system).
129 Comments from the National Payroll Reporting Consortium, at 1.
gratification in which taxpayers expect their returns within days to weeks of filing, the
former suggestion is unpalatable. In early 2011, the IRS began speaking publicly about
its long-term goal to move to a real-time processing system.130 The IRS‟s goal has
received powerful support.131 Currently, employers must provide employees W-2s and
1099s by January 31, while the deadline for reporting to the government is March 31.132
It is the view of this paper that the benefits (reducing refund fraud and closing the tax
gap) of requiring reporting to the government by January 31st outweigh the costs
(potential for errors, employer and third party burden and IRS resource drain).
A real-time system would prevent a vast portion of ID-theft related refund fraud,
but still could not eliminate some tax fraud schemes. A real-time system would prevent
the situation where the fraudster files before the legitimate taxpayer files, thus
preventing the legitimate taxpayer from filing. In this situation, the IRS would discover
the duplicate return immediately, determine that one of them appears fraudulent
because it reports incorrect income and withholding, reject that return and process the
other return that contains information matching the IRS‟s data. A real-time system
would also prevent identity-theft related refund fraud that involves claiming credits that
require earned income, as opposed to unearned income reported on line 21 of 1040. For
example, if an identity-thief filed a return claiming the EITC, the fraudster‟s reported
131 TIGTA has stated: “Access to third-party income and withholding information at the
time tax returns are processed is the single most important tool that the IRS could have
to identify and prevent tax refund fraud.” TIGTA 2012-42-080, at 7. The Electronic Tax
Administration Advisory Committee believes the benefits of a real-time system are
“compelling and should be pursued.” Electronic Tax Administration Advisory
Committee 2012 Annual Report to Congress, 12. The National Taxpayer Advocate has
alternatively recommended delaying refund processing until after March 31st so that the
IRS could investigate every suspicious return. Identity Theft and Income Tax
Preparation Fraud, 4.
132 Comments from the National Payroll Reporting Consortium, at 2.
income/withholding would not match IRS records.However, a real-time system would
not prevent fraud if the legitimate holder does not have any reported income or does not
file a tax return, and the credits claimed do not require earned income. For example, an
identity thief could file a return on behalf of a deceased person claiming the American
Opportunity Credit, which is a credit that does not require the taxpayer to have any
earned income. Further, assume the decedent taxpayer did not have any reported
income that year and no one else filed taxes on his behalf. If the IRS just tried to match
earned income reported on the return ($0), this figure would be consistent with the
IRS‟s records showing no third party information reported. The IRS would allow this
fraudulent refund despite the safeguards of real-time processing unless other filters
blocked this request. While there are undoubtedly other clever ways to commit fraud, a
real-time system would prevent the simplest forms of refund fraud and make identity-
theft related refund fraud more difficult and risky to perpetrate. An identity-thief could
rarely be absolutely certain that a taxpayer whose information they have stolen will not
also file or will not have reported income.
Even if a real-time system only eliminated a portion of identity-theft related
refund fraud, the IRS can and should work rapidly to adopt such a system. The IRS
issues $5.2 billion in identity-theft related refunds per year133, $10 billion falsely
claimed EITC credits per year134, $7 billion falsely reported credits to undocumented
workers135, and the gross tax gap (the difference between what Americans pay and
133 “IRS Pays Billions in Refunds to Identity Thieves”.
should pay) is a whopping $450 billion per year136. A real-time system would help close
the tax gap and eliminate falsely claimed EITC credits because the IRS would catch a lot
of income not reported.137
However, a real-time system is not without its costs. Advancing reporting
deadlines would impose higher compliance costs upon employers. The National Payroll
Reporting Consortium (NPRC), a non-profit trade association whose member
organization provide payroll processing for one-third of the private sector workforce,
commissioned a study in 2011 in response to the IRS‟s desire to move to a real-time
system.138 In addition to the information provided to the employee on the W-2,
employers must report to the government up to 50 elements of compensation, such as
health and welfare benefits, equity compensation, non-cash fringe benefits, many of
which are administered by third parties and may not be determinable for days to weeks
after December 31st.139 However, by January 31st, generally all information is
available.140 In fact, six states and the District of Columbia, already require information
reporting by January 31st.141 Estimates on the cost on employers range from pennies to
$1,000 per employee.142 Given that technology is making it increasingly easy for small
136 IRS, IR-2012-4, IRS Releases New Tax Gap Estimates; Compliance Rates Remain
Statistically Unchanged From Previous Study (Jan. 6, 2012).
137See U.S. Gov't Accountability Office, GAO-08-266, Costs and Uses of Third-Party
Information Returns (2007).
138 Comments from the National Payroll Reporting Consortium, 1.
141Id. at 2.
142 The highest estimate pulls a random number ($1,000) from the air and multiplies it
by the number of firms in the United States (5 million). See Joseph Cordes, Should the
Government Prepare Individual Income Tax Returns?, Technology Policy Institute
(Sept. 2010), at
and large businesses to electronically file their W-2s and 1099s, pennies seems a more
accurate estimate. A survey by the Government Accountability Office (GAO) found that
small business (5 employees and under) filled out 1099s using accounting packages and
spent from three to five hours completing the tax process.143 The survey found that mid-
sized employers (20-25 employees) spent just over an hour.144 Further, employers
already file 99.7% of W-2s and 90% of all other types of returns electronically.145 The
IRS should require all employers to file W-2s and 1099s electronically.146 The cost
should be minimal.147 Some states already require all employers to electronically file.148
In order to successfully implement a real-time processing system, the IRS must
be up for the task or be given the resources to get there. Currently the IRS is
overburdened and stretched too thin. Even though IRS already has access to income
and withholding information for individuals who receive Social Security benefits at the
end of December, the IRS has not established a procedure to cross-check this
information to identify fraud.149 Nor does the IRS have a procedure to use prior-year
third party information to identify suspicious claims.150 AMTAP, the department that
143 GAO-08-266, at 26.
145Electronic Tax Administration Advisory Committee 2012 Annual Report to
146 Currently, employers with fewer than 250 employees may file paper returns. This
threshold was established by Tax Equity and Fiscal Responsibility Act of 1982 (TEFRA)
when electronic filing required expensive formatting, generating and shipping magnetic
reel tapes. Comments from the National Payroll Reporting Consortium.
147 For FY 2009, the IRS processed three billion information returns fewer than 2% of
which were in paper format. Reducing that 2% to 0% should not impose as much
burden on employers as keeping paper filing as an option imposes on the IRS. Id.
149 TIGTA 2012-42-080, at 13.
150Identity Theft and Income Tax Preparation Fraud, at 12-13.
verifies suspicious wage and withholding information, has a staff of only 336.151 The IRS
is unable to keep up with all that it is tasked to do, and Congress adds more duties each
year without increasing the IRS‟s budget or mandating improvement in digital
infrastructure.152 The IRS would need a dramatic technological overhaul, consolidation
of its various databases153, streamlined and consistent procedures, and budgeting and
staffing necessary to achieve this. This would be an ambitious undertaking, but it would
be paid for quickly by eliminating fraud and reducing the tax gap, and it could gain
support from taxpayers anxious to curb identity theft.
C. Identity Ecosystem
Rather than imposing the burden upon employers, the IRS could create a
voluntary system whereby taxpayers can safeguard their identities by providing the IRS
with personal information that the IRS can cross-reference with returns to verify their
validity. For instance, imagine the following system. The legitimate holder of a SSN
logs into the IRS website. He provides his SSN. The IRS requests that he verify his
identity using several secure credentials. The legitimate holder of the SSN inputs
various identifying information, such as dependents, banking accounts, employers, etc.
If a tax thief files a return that reports information that does not match the information
provided by the legitimate taxpayer, the IRS will reject the return. While the system
151Id. at footnote 11.
152 IRS has a lot of work already (the agency is tasked under health reform with
implementing eligibility determination, documentation, and verification processes for
premium and cost sharing credits, and with handling a greater reporting volume of 1099
Forms; also other credits) See Cordes, footnote 15. While the IRS had pushed last year
to increase its 2012 budget by $1 billion, the 2012 budget that was ultimately passed by
Congress cut the IRS's budget by about 3%, to $11.8 billion. “IRS Struggles To Keep Up
Amid Surge In Tax Fraud”.
153 The IRS records identity theft information manually on 22 separate databases.
Identity Theft and Tax Fraud (statement by J. Russell George), at 12.
need not be as complex as this, there should be some mechanism whereby a taxpayer
may demand that a return filed on his behalf contain additional security credentials. All
taxpayers could have access to a secure PIN, such as IP PIN. It would be a PIN that can
only be accessed by the legitimate taxpayer who alone has the knowledge to supply the
necessary security credentials.
D. Verify Refunds
The IRS could block many refunds to identity-thieves simply by verifying the
refund recipient‟s identity. The average tax refund in 2011 was $2,993.154 This is a lot of
money to the average person. When someone tries to pick up an online order for a 60”
television from BestBuy, customer service will request a copy of the emailed receipt and
proof of identification, usually a photo ID and the credit card used to make the
purchase. I have tried to pick up a 24” monitor worth $300 for an elderly, vision-
impaired man unable to leave his house, and been rejected because I did not possess the
corresponding photo ID, and the store management would not accept identification over
the phone. The IRS, however, will mail or deposit this significant sum to any address or
account as long as the return has a valid SSN and corresponding name. The IRS
receives 109 million refund requests.155 Understandably, verifying the identities of these
recipients, most of whom are legitimate taxpayers waiting for their refunds to pay bills,
would be time-consuming and expensive; this does not make it any less crazy that the
IRS dispenses $3,000 in taxpayer dollars like it‟s candy at a parade. The IRS could set a
dollar amount or a suspicion level set by filters at which a manual review must occur.
People requesting refunds could also have the burden of providing sufficient credentials
154Identity Theft and Income Tax Preparation Fraud, at 3.
to prove identities. A taxpayer requesting $10,000 should be required to provide at
least two forms of identification along with their tax return. Mandating that taxpayers
provide higher proof for refundable credits, not just in identity-theft cases, is a practical
solution that would curb abuse.
D. Miscellaneous Proposals
1. EFDS algorithms should be improved to block irrelevant taxpayer accounts,
such as decedent accounts that are up-to-date on taxes, flag for scrutiny accounts
belonging to previous ID-theft victims and prisoners, factor into consideration locations
in which a large number of fraud occurs and utilize data from ongoing and prior ID-theft
2. Congress should pass legislation to restrict access to the DMF. DMF is
available to the public under the Freedom of Information Act.156 Pension administrators
sought access to SSA information in order to prevent fraud by using the information in
the file to verify when a beneficiary died so they could stop benefit payments.157 The
DMF‟s other legitimate use is genealogy. Congress could pass legislation to restrict
access to the DMF to pension administrators and delay access to the public for several
3. The IRS should mandate withholding for independent contractors. Currently,
there is no way to stop an individual from providing his or her employer a fake or
fraudulently acquired SSN. Undocumented workers often use this technique because
they do not have SSNs.158 An independent contractor seeking to avoid taxation could
156Id. at 15-22.
158 Cynthia Blum, Rethinking Tax Compliance of Unauthorized Workers After
Immigration Reform, 21 Geo. Immigr. L.J. 595 (Summer 2007).
also use this technique by providing his employers a fake SSN. When the employer
reports the income to the IRS, the legitimate SSN holder may be liable for the taxes. To
discourage this type of identity-theft, the IRS should require withholding for
independent contractors so that they either have an incentive to file a return or do not
have as much incentive to avoid using their own SSN.
Nothing short of eliminating refunds will completely eradicate refund fraud;
however, the IRS has done too little to curb identity-theft related refund fraud. As a
result, criminals are taking advantage of this easy crime to steal from legitimate
taxpayers. This paper contains many common-sense proposals that the IRS could
implement with little difficulty and some proposals that will require significant political
resolve. Successfully implemented, these proposals will pay for themselves and protect
legitimate taxpayers from the unscrupulous behavior of criminals and dishonest