IRS needs to do more to fight income tax identity theft

Although the end of summer is not generally a time when people give much thought to income taxes, much has been happening on the income tax identity theft front during recent days. Income tax identity theft continues to be a major problem with the General Accountability Office (GAO) estimating annual losses due to income tax identity theft at close to 6 billion dollars annually.

The concept of income tax identity theft is simple. An identity thief obtains your name and Social Security number and files a phony income tax return, usually with a counterfeit W-2 and gets a large refund payment from the IRS.

Income tax identity theft is easy to do and everyone is getting in on the action. Recently 32 members of the Long Beach, Calif. Insane Crip gang were charged with stealing 3 million dollars through income tax identity theft while in Elizabeth, N.J., 14 gang members were arrested and charged with a range of offenses including income tax identity theft and counterfeiting W-2s. Earlier this Spring, a Florida grand jury indicted 23 members of the Latin Kings gang on various charges including identity theft, which they are accused of doing in at least 39 states.

Meanwhile the IRS recently announced that the hacking of its “Get Transcript” program which they had originally disclosed in May was far worse than originally reported. While originally, the IRS stated that 104,000 people were affected by the data breach, the IRS is now saying that the number of people affected is 330,000. As a result of the data breach, the IRS paid more than 50 million dollars in fraudulent returns filed using the stolen information.

The “Get Transcript” program enables taxpayers to get copies of their federal income tax returns from previous years. The IRS closed the online “Get Transcript” service when it became aware that vulnerabilities in the system resulted in hackers attacking the system from mid-February until May posing as legitimate taxpayers and getting copies of income tax returns which contained information that would enable the hacker to commit income tax identity theft.

The problem with the system was in the authentication process used by the IRS to limit access to this information to the taxpayer who is seeking his or her own income tax return. In many instances, the verification information could be gathered by a diligent hacker from public data bases, social media and data breaches.

In response to this data breach a proposed class action has been filed on behalf of the victims. According to Richard McCune, one of the lawyers who filed the lawsuit, “As custodians of taxpayer information, the IRS has failed in its obligation to protect the personal and sensitive information of hundreds of thousands of taxpayers, their spouses and families. Furthermore, the breach and theft occurred after repeated warnings over the course of several years regarding the lax computer security system.”

So what has the IRS been doing? The IRS has just issued final and temporary regulations that will go into effect two years from now that will remove the automatic thirty-day extension of time for employers to file W-2s in an effort to reduce income tax identity theft. Under the law, employers who file paper W-2s must file their W-2s on the last day of February and if they file electronically, they must file the W-2s on March 31st, so the new regulations will prevent employers from extending those deadlines automatically to the end of March and the end of April depending upon whether they employer is filing W-2s by paper or electronically.

However, the regulation is utterly useless and ineffective because under the present law, when an employer files W-2s, they are not filed with the IRS. They are filed with the Social Security Administration (SSA), which does not get around to forwarding them to the IRS for matching against submitted income tax returns to verify whether or not the W-2 filed with the individual’s income tax return is legitimate until July or August, which is long after the IRS has already sent out refunds without ever matching the W-2s filed by taxpayers with those filed by employers.

The new regulations do not improve this situation at all. A far better solution would be for Congress to merely enact legislation requiring employers to file their W-2s with the IRS at the same time they file them with the SSA and for the IRS to match the W-2s filed by employers with those filed by taxpayers before the IRS sends out refunds. This simple step would dramatically reduce the amount of income tax identity theft. The General Accountability Office (GAO) has been recommending this for years, but Congress still has not acted.

The best things you can do to protect yourself from becoming a victim of income tax identity theft are to maintain the privacy and security of your Social Security number and file your income tax return as early as possible in order to beat an income tax identity thief from filing an income tax return in your name before you do.

Steve Weisman is a lawyer, a professor at Bentley University and one of the country’s leading experts in scams and identity theft. He writes the blog scamicide.com, where he provides daily update information about the latest scams. His new book is Identity Theft Alert.

Article source: http://www.usatoday.com/story/money/personalfinance/2015/08/29/irs-income-tax-identity-theft/71325656/

Technorati Tags: ,

Tags: ,

Leave a Reply