The IRS Fails At Job One

29 May 2015 | Author: | No comments yet »

How the breach of IRS tax returns is part of a much bigger problem facing taxpayers.

The highest priority the IRS has in doing its job is the protection of private and confidential taxpayer information. The data breach at the IRS that left the personal information of 104,000 taxpayers in the hands of thieves is the latest wrinkle in a mammoth problem faced by tax authorities: Identity theft and its crippling consequences.The 104,000 people who had their most sensitive tax information stolen by hackers as part of the latest attack on the Internal Revenue Service are getting free credit monitoring services, courtesy of the agency.

“We identified 787,343 Tax Year 2012 undetected potentially fraudulent tax returns with tax refunds totaling more than $2.1 billion,” the Treasury Inspector General for Tax Administration said in a report. An unprecedented surge in online tax scams by increasingly sophisticated criminals has challenged the IRS to respond quickly to get ahead of the fraudsters, especially during this year’s tax season after hackers targeted TurboTax, the country’s largest online filing service. However, there’s one major way that the protection might fall short: Much of the identity theft these consumers are vulnerable to now will not show up anywhere on their credit reports.

The IRS’ $2.2 million contract with big-money firm Quinn Emanuel has sparked a Senate Finance Committee investigation, with the committee’s chairman saying that the IRS “appears to violate federal law.” Senate Finance Committee chairman Sen. Armed with more sensitive information from the tax records, criminals can now attempt to fraudulently claim government benefits such as unemployment insurance, Medicare and food stamps, none of which are tracked in people’s credit histories, security experts say. “The big money to be made with that information is not in getting credit in your name or a car loan in your name,” says Frank Abagnale, who was convicted of fraud-related crimes when he was younger and now works as a security consultant. “The criminals have started to realize that where the big money is is the government — federal, county and state.” The criminals who stole old tax refunds through the “Get Transcript” tool on the IRS Web site already had personal information such as names, Social Security numbers, home addresses and birthdays. Orrin Hatch wrote a letter this month to IRS commissioner John Koskinen stating his concerns relating to the contact, which pays Quinn Emanuel $1,000 an hour to perform an audit of Microsoft. The $2.1 billion lost to fake returns was something of an improvement, having decreased by about $3.1 billion since 2010, with an estimated 700,000 fewer phony tax returns. Tax officials estimate that the government has lost billions of dollars in recent years to fraudulent refunds filed by hackers who steal personal information on tax returns, then use it to claim a refund in a taxpayer’s name before he or she files.

The report comes just days after the agency said that cyber-thieves had obtained prior-year tax return data for more than 100,000 U.S. households from an IRS website application. The temporary regulation was issued as a ‘clarification,’ despite the fact that it is an unprecedented expansion of the role of outside contractors in the examination process, and one that violates the IRC provisions…” The new IG report says the IRS took steps for the 2013 filing season that resulted in “increased detection and prevention of identity theft tax returns.” But it said the agency continued to be hampered by several factors, including its inability to look at employer income data during the early weeks of the annual filing season. This week we learned that criminals raided the IRS’s online Get Transcript service 200,000 times between mid-February and mid-May, gaining unauthorized access to about 104,000 taxpayers’ accounts. Credit monitoring, a solution commonly turned to by companies and health-care providers that have experienced a security hack, can help consumers look out for identity thieves attempting to open credit cards, take out loans or apply for jobs in their name.

Victims need to guard their identities for the rest of their lives. “There’s not too much they can do,” says Gavin Reid, vice president of threat intelligence for Lancope, a firm that helps companies detect hacks. “They can’t change who they’ve been. They can’t change their Social Security numbers.” The IRS is flagging the identities of the people whose transcripts were stolen so that it can be extra cautious when processing their returns at tax time. An analysis shows that of the top 10 addresses where the IRS sent multiple fraudulent refunds, three were in Bulgaria, one in Ireland and one in Lithuania.

It must be noted that Tax Analysts has never sought private confidential information — it has sought only information that belonged in the public’s hands to begin with so that everyone had the same information to comply with the law. In Dallas a few weeks before tax filing day last month for example, the taxpayer assistance center downtown was overwhelmed with customers who had waited hours to see a specialist. But the best thing agencies and companies with access to personal information can do to protect consumers is to reduce the chances that personal information can get stolen in the first place.

Investigators previously found 1.5 million tax returns worth $5.2 billion likely filed by fakers in 2010, and another 1.1 million worth $3.6 billion in 2011. Over the years, as the fight for transparency continues, I’ve marveled that while the IRS was willing to waste hundreds of thousands of dollars to hide information the courts eventually would force it to turn over to the public, it never shirked from its responsibility to protect the truly private information it was entrusted with. The IRS said in response that it recently has put a limit of three on the number of direct deposit refunds to a single financial account or pre-paid debit card. I’ve always admired the IRS for its unflinching diligence in putting that job well ahead of its paranoia of public scrutiny regarding how it operates. The rise of sharing on social media sites, combined with a proliferation of Web sites that make it easier for people to look up records that may contain sensitive information, is making it easier for criminals to overcome those security measures and access accounts, security pros say. “They’ve really got to consider are those types of questions enough?” Reid says.

The IRS might consider using some of the fraud detection programs being used by some banks and retailers, which study consumers’ behavior to notice activity that seems out of the ordinary, says Michael Sussmann, a partner in the privacy and data security practice at Perkins Coie. In fiscal year 2014, 1,063 identity theft-related investigations were initiated and criminal enforcement efforts resulted in 748 sentencings, compared to 438 a year earlier, according to agency statistics. For instance, some banks will text consumers when they make a purchase that seems larger than usual or from a location they haven’t been to before. “A company may scrutinize more about where you’re logging in, how you’re logging in,” Sussmann says. Require the Service to account for how it applies those resources — which might have the added benefit of providing a template for future oversight — but do it now. A spokesperson pointed out that this year the agency requested an additional $82 million to improve its identity-theft efforts, deal with a backlog of cases and invest in technology that can help it protect taxpayer information.

But victims of tax identity fraud have complained about delayed refunds and bureaucratic hassles to set their financies straight: The problem is compounded by politics.

Here you can write a commentary on the recording "The IRS Fails At Job One".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

About this site