WASHINGTON — The Internal Revenue Service and the Security Summit partners today announced new results from 2018 that show major progress in the fight against tax-related identity theft and added protection for thousands of taxpayers and billions of dollars.
Since forming the Security Summit in 2015, the IRS, state tax agencies and the private-sector tax industry enacted joint initiatives, many invisible to taxpayers, that have resulted in fewer fraudulent tax returns entering tax processing systems, fewer confirmed identity theft returns being stopped, fewer bad refunds being issued and fewer Americans identifying themselves as victims of tax-related identity theft.
“The IRS and the Security Summit continue to make tremendous inroads in the battle against identity theft,” said IRS Commissioner Chuck Rettig. “In 2018, our partnership protected more taxpayers and more tax dollars from tax-related identity theft. At a time when many in the private sector continue to struggle with these issues, the tax community has made major progress working together to stop identity theft and refund fraud.”
Key annual indicators mark major progress
The Security Summit held its first meetings in 2015 and enacted its first round of initiatives in 2016. The Summit partners shared dozens of elements from tax returns that could be indicators of fraud such as the length of time to prepare the return. The IRS enhanced and expanded its fraud filters and added protections to business as well as individual tax returns. States requested more information such as driver’s license numbers. Software providers strengthened password requirements to protect accounts and added multi-factor identity authentication. Debit card companies tightened their practices, and more financial institutions helped recover fraudulent refunds.
As part of this team effort, the Summit partners established the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (IDTTRF-ISAC) to detect and prevent identity theft tax refund fraud. There are now 65 groups participating in the ISAC, able to react and respond quickly as scams arise.
As the Summit partners made these and other changes, the overall results improved immediately as fewer fraudulent returns entered IRS processing systems. Here are key, calendar-year 2018 indicators and how they compare to the 2015 base year:
- Between 2015 and 2018, the number of taxpayers reporting they were identity theft victims fell 71 percent. These are taxpayers who file identity theft affidavits. In 2018, the IRS received 199,000 reports from taxpayers compared to 677,000 in 2015. This was the third consecutive year this number declined. There were 242,000 identity theft reports in 2017 and 401,000 in 2016.
- Between 2015 and 2018, the number of confirmed identity theft returns stopped by the IRS declined by 54 percent. For 2018, there was a slight, 9 percent uptick in the number of confirmed identity theft returns, 649,000 compared to 597,000 in 2017. But the 2018 count is still significantly below the 883,000 in 2016 and the 1.4 million in 2015.
- Between 2015 and 2018, the IRS protected a combined $24 billion in fraudulent refunds by stopping the confirmed identity theft returns. In 2018, the 649,000 confirmed fraudulent returns tried to obtain $3.1 billion in refunds. The IRS protected $6 billion in 2017, $6.4 billion in 2016 and $8.7 billion in 2015.
- Between 2015 and 2018, financial industry partners recovered an additional $1.4 billion in fraudulent refunds. The financial industry is a key partner in fighting identity theft, helping the IRS and states recover fraudulent refunds that may have been issued. But as fewer fraudulent tax returns enter the system, fewer fraudulent refunds are being issued. In 2018, financial institutions recovered 84,000 federal refunds totaling $112 million for the IRS. Institutions recovered 144,000 refunds worth $204 million in 2017, 124,000 refunds worth $281 million in 2016 and 249,000 refunds totaling $852 million in 2015.
“Despite these major successes, more work remains,” Rettig said. “Identity thieves are often members of sophisticated criminal syndicates, based here and abroad. They have the resources, the technology and the skills to carry on this fight. The IRS and the Summit partners must continue to work together to protect taxpayers as cyberthieves continue to evolve and adjust their tactics.”
Identity thieves adjust; take aim at businesses, tax professionals
As the Security Summit partners make progress, identity thieves continue to change their targets and tactics. Two areas of concern are business identity theft and data theft from tax professionals.
The number of businesses reporting they are victims of tax-related identity theft increased by 10 percent for 2018, with 2,450 reports compared to 2,233 reports in 2017. Following in the footsteps of successful work protecting individual taxpayers, the Security Summit partners have enacted similar protections for business tax returns given that business identity theft is a relatively new area.
Identity thieves use several different tactics with businesses. They may file a fraudulent tax return, a fraudulent quarterly tax payment or use stolen Employer Identification Numbers (EINs) to create fraudulent Forms W-2. Thieves also may impersonate business executives to convince payroll or finance employees to disclose employee W-2 information or make wire transfers. Partnerships, trusts and estates also can be at risk for tax-related identity theft.
Because of Security Summit efforts, criminals need more personal data details to impersonate taxpayers, so they have targeted tax professionals and their information. Theft of taxpayer information held by tax professionals remains a major issue. Thieves can breach practitioners’ computer systems, steal client data and file fraudulent tax returns before a preparer may even know they have been victimized.
Thieves may also steal the tax practitioners Electronic Filing Identification Number (EFIN) or Preparer Tax Identification Number (PTIN) to help with identity theft and filing false returns. Tax professionals who experience a data theft should contact their IRS stakeholder liaison immediately for assistance.
Individuals, businesses and tax professionals can find more information about identity theft, how to identify it, how to prevent it and how to report it at IRS.gov/identitytheft.