WASHINGTON – Leaders from the IRS and state tax agencies along with executives from the private-sector tax industry marked the first year of their ground-breaking Security Summit partnership to combat identity theft tax fraud by recapping 2016 accomplishments and turning toward 2017 efforts.
Following the 2016 initiative and cooperative efforts, Summit partners protected more taxpayers from tax-related identity theft, stopped more suspicious tax returns and prevented more fraudulent refunds from getting into criminals’ hands. Because of the safeguards enacted by this partnership, fewer people became victims of tax-related identity theft during the 2016 filing season.
“This unique collaboration between the private sector, the states and the IRS has provided new defenses and protections for taxpayers and the tax system,” said IRS Commissioner John Koskinen. “We have made significant progress in this effort over the last year, but much more work remains. The Summit group will expand our efforts in the coming year, and we will work hard to take new steps to combat the rapidly evolving identity theft and refund fraud schemes.”
The public-private tax administration leaders met in Washington on June 28 to review the 2016 successes and finalize the 2017 efforts. The Security Summit first gathered in 2015 as the IRS, state tax agencies and tax industry sought to counter increasingly sophisticated criminal enterprises that were amassing massive amounts of personal data stolen elsewhere and using more elaborate schemes in an effort to defeat efforts to identify fraudulent returns.
The Summit priorities remain focused on enhanced authentication procedures, improved information sharing, heightened cybersecurity and greater education and outreach to the public.
A few of the 2016 Security Summit highlights include:
- New protocols required all individual tax software customers to update their security credentials to a minimum eight-digit password and establish security questions.
- Software providers shared approximately 20 data elements from tax returns with the IRS and states to help identify possible fraud. These elements are confidential but include information to identify returns prepared quickly by automated programs.
- Industry partners performed regular reviews to identify possible identity theft schemes and report them to the IRS and state partners to help stay on top of emerging schemes.
- Summit partners launched a “Taxes. Security. Together” campaign to increase public awareness about the need for computer security and provide people with tips on how to protect their personal information.
Commissioner Koskinen noted these accomplishments had real and substantial impact on curbing stolen identity refund fraud:
- From January through April 2016, the IRS stopped $1.1 billion in fraudulent refunds claimed by identity thieves on more than 171,000 tax returns; compared to $754 million in fraudulent refunds claimed on 141,000 returns for the same period in 2015. Better data from returns and information about schemes meant better internal processing filters to identify identity theft tax returns.
- Thanks to leads reported from industry partners, the IRS suspended for further review 36,000 suspicious returns January through May 8, 2016, and $148 million in claimed refunds. This was twice the amount of the same period in 2015 of 15,000 returns claiming $98 million. Had industry not flagged these returns, these returns would have passed through IRS processing filters.
- Because of Summit efforts, the number of anticipated taxpayer victims fell between 2015 and 2016. Since January, the IRS Identity Theft Victim Assistance function experienced a marked drop of 48 percent in receipts, which includes Identity Theft Affidavits (Form 14039) filed by victims and other identity theft related correspondence.
- The number of refunds that banks and financial institutions returned to the IRS because they appear suspicious dropped by 66 percent. This is another indication that improved data led to better filters, which reduced the number of bad refunds being issued.
- The Rapid Response Team tackled emerging issues. This team, working together, was able to shut down one scheme in which a criminal stole client data from a tax preparer.
- Working together, Summit partners were able to warn the public – including the payroll industry, human resources and tax preparers – of emerging scams in which criminals either posed as company executives to steal employee Form W-2 information or instances where criminals used technology to gain remote control of preparers’ office computers.
The 2017 initiatives, like those before it, generally will be invisible to taxpayers. A few 2017 initiatives include:
- Expanding a W-2 Verification Code test to cover approximately 50 million forms in 2017. The selected forms contain a 16-digit code that taxpayers and tax preparers enter when prompted by software. The code helps validate not only the taxpayer’s identity but also the information on the form. This pilot is among the most visible Summit action for 2017.
- Identifying additional data elements from tax returns that will help improve authentication of the taxpayer and identify possible identity theft scams and sharing data elements from corporate tax returns.
- Launching the Identity Theft Tax Refund Fraud Information Sharing & Analysis Center (IDTTRF-ISAC) in 2017. This will serve as the early warning system for partners, collecting and analyzing tax-related identity theft schemes.
- Expanding the Security Summit’s “Taxes. Security. Together.” awareness campaign to tax return preparers to ensure they have the information they need to protect themselves from cyberattacks and to safeguard taxpayer data.
- Creating a process for financial institutions to identify questionable state tax refunds and return them to states for validation. Twenty-three states have signed on.
The partners also ensured that the Security Summit’s work will be ongoing. Effective July 1, the Summit will work under the auspices of the Electronic Tax Administration Advisory Council (ETAAC.) The ETAAC charter was changed to expand to identity theft.