A GAO report indicates that crooks attempted to get $25.6 billion from bogus refunds in 2014. The IRS beat them most of the time, stopping or recovering the theft of $22.5 billion, 88 percent of the attempted pillage.
 
Federal Insider
  
 
$3.1 billion – at least — lost in bogus tax refunds to ID thieves in 2014
By Joe Davidson

The Internal Revenue Service headquarters in Washington. (Photo by Bill O’Leary/The Washington Post)

Even during this era of cyber-insecurity, here’s a chilling figure: 3.1 billion.

That’s the number of dollars the Internal Revenue Service (IRS) paid in bogus tax refunds in 2014 because of identity theft refund fraud, according to the Government Accountability Office.

The IRS has a Taxpayer Protection Program (TPP) that sounds like it should provide security. It does, but not enough to prevent IRS from paying $30 million to identity theft fraudsters in 2014, based on the 1.6 million screened by the program.  That’s just one of the ways Uncle Sam fights identity theft fraud. About 7,200 of them were bogus. In total, IRS processed more than 150 million individual tax returns in 2015.

Overall, the GAO report indicates the IRS does a decent job of detecting and stopping ID fraud, which is a big business. Crooks attempted to get $25.6 billion from bogus refunds in 2014. The IRS beat them most of the time, stopping or recovering the theft of $22.5 billion, 88 percent of the attempted pillage. But in the remaining cases, crooks got the $3.1 billion.

That could be a low-ball estimate, however. GAO says the IRS might have been beaten an unknown number of times for an undetermined amount of money by undetected cheating.

Regarding TPP authentication, IRS likely underestimated how many fraudulent returns it passed “because the agency did not include potential IDT (identity theft) returns that closely matched information returns provided by third parties, such as W-2s” said James R. McTigue, Jr., GAO’s director of strategic issues.

ADVERTISEMENT
 

TPP is designed to reduce identity theft fraud by verifying the identities of suspicious tax filers. But it has some holes.

“TPP uses single-factor authentication procedures that incorporate one of the following authentication elements: ‘something you know,’ ‘something you have,’ or ‘something you are,’” GAO said. “TPP’s single-factor authentication procedures are at risk of exploitation because some fraudsters obtain the PII (personally identifiable information) necessary to pass the questions asked during authentication.”

Criminals can find answers to at least one of those “somethings” by searching the web or even purchasing information from vendors.

IRS did a risk assessment in 2012 and “determined that improper authentication through TPP posed low or moderate risks to both the agency and taxpayers, and therefore required no more than single-factor authentication.”

But things move quickly in the world of cybersecurity and that 2012 assessment is out of date. It “may not reflect the threat that IDT (identity theft) refund fraud currently poses,” according to GAO. Multi-factor authentication would require knowledge of at least two “somethings.”

“Strengthening TPP authentication could help IRS prevent millions of dollars from being paid to IDT fraudsters each filing season,” GAO said. IRS officials agreed with GAO’s recommendations for improvements to the Taxpayer Protection Program.

“We realize more work needs to be done regarding taxpayer authentication and agree an updated risk assessment should be conducted for the TPP,” John M. Dalrymple, a deputy IRS commissioner, wrote in the agency’s response to the report. IRS recently created a new position, he added, “to lead in the development of our service-wide approach to authentication.”

The GAO report was requested by four members of Congress, including Sen. Susan Collins (R-Maine), chairwoman of the Special Committee on Aging. “While the IRS has developed tools and programs to detect and prevent refund fraud due to identity theft,” she said in a statement, “GAO’s report shows that substantial improvement is still needed.”

 
More from Federal Insider
Federal agents, prosecutors to be trained on recognizing implicit bias
The Justice Department on Monday said it will train its law enforcement agents and prosecutors to recognize and address how their own implicit bias affects their workplace decisions.
By Eric Yoder  •  Read more »
  
Many victims of OPM background investigation files theft still not notified
Letters to a tenth of those whose personal information was stolen never reached them.
By Eric Yoder  •  Read more »
  
Veteran preference in federal hiring: The ‘third rail of civil service reform,’ expert says
A federal personnel expert says a Senate plan to limit veterans preference could be improved.
By Lisa Rein  •  Read more »
  
Lawmakers ask: Did the framers lay the groundwork for the IRS chief’s impeachment?
Impeaching John Koskinen, an executive branch official who is not a cabinet member, would set a precedent for Congress.
By Lisa Rein  •  Read more »
  
DoD opens door for its employees to phase into retirement
The Defense Department on Tuesday opened the door for allowing its civilian employees to phase into retirement, potentially jump-starting a government-wide program announced to much fanfare several years ago but little used since.
By Eric Yoder  •  Read more »
  
ADVERTISEMENT
 
Recommended for you
 
Wonkbook
Your daily cheat sheet on economic and domestic policy from Wonkblog.
Sign Up »
 
     
 
Share Federal Insider:       Twitter      Facebook
Trouble reading? Click here to view in your browser.
You received this email because you signed up for Federal Insider or because it is included in your subscription. For additional free newsletters or to manage your newsletters, click here.
We respect your privacy. If you believe that this email has been sent to you in error or you no longer wish to receive email from The Washington Post, click here. Contact us for help.
©2016 The Washington Post, 1301 K St NW, Washington DC 20071