By Martin H. Bosworth

April 11, 2008
With just a few days left to go in the tax season and filers frantically filling out forms and returns, the likelihood that their personal information could be stolen or misused increases dramatically -- and the Internal Revenue Service (IRS) has admitted that its efforts to protect personal data from identity theft and fraud could use some improvement.

In a new report, the Treasury Department's Inspector General (TIGTA) found that, "the IRS has not placed sufficient emphasis on employment-related and tax fraud identity theft strategies."

"Specifically, its prevention strategy does not include pursuing individuals using another person's identity, unless their cases directly relate to a substantive tax or conspiracy violation...the actual crime of identity theft will only be investigated...if it is committed in conjunction with other criminal offenses having a large tax effect," the auditors said.

According to the auditors' findings, although the IRS received over 92,000 complaints related to identity theft during 2005 and 2006, only 100 cases of criminal investigation recommended for prosecution over the two-year period contained a charge or count of identity theft.

The IRS told TIGTA that it lacked the resources to pursue enforcement of cases involving identity theft, and that "employment-related identity theft cases are not the responsibility of the IRS and that it would not be worthwhile to pursue [these] cases for unreported tax liabilities because the taxes owed on most of these cases are not significant."

Among the auditors' findings:

• The automatic system used to contact taxpayers for instances of underreporting of taxes contacted them multiple times for the same compliance issues, even though the taxpayers' cases were previously marked as closed for identity theft.

• Employers are notified of mismatches between names and Social Security numbers. But if a taxpayer's name and Social Security number are proven to be used by another person, the employer is not notified and the IRS takes no action.

• Although the IRS gathers the bulk of its identity theft-related data from the clearinghouse established by the Federal Trade Commission (FTC), the agency considers the data "unreliable" and does not use it to address cases of tax-related identity theft.

"The IRS has mainly focused on combating identity theft through public outreach...Nonetheless, its current processes and procedures have been inadequate in reducing burden for taxpayers victimized by identity theft," the Inspector General concluded.

'Taxpayer-Centric Approach'

That conclusion was bolstered by the findings of National Taxpayer Advocate Nina Olson, who testified before the Senate Finance Committee on the IRS' procedures for handling matters related to mismatched Social Security numbers and other potential causes of identity theft.

In outlining the procedure that both the IRS and the Social Security Administration (SSA) follow to determine the true owner of an SSN used by multiple parties, Olson said that the letters and identifying numbers provided to the taxpayer are very confusing, and may deter them from claiming credits they have earned.

"[B]ecause the IRS has not clearly alerted the taxpayer of potential identity theft and its related consequences, it is also possible that the taxpayer might not take these necessary steps to protect himself," Olson said.

"Meanwhile, the IRS has not called the taxpayer to discuss any of these developments. All communication is done by correspondence, which might be sent to someone who has low literacy. Such an approach to likely victims of identity theft is hardly reflective of world class customer service."

"For example, in several Taxpayer Advocate Service cases, including one I worked on, the owner of the Social Security number was a very young child," Olson said. "If the Social Security number of a very young child shows up on a Form W-2 reporting wages from a full-time job, it should be fairly clear that that child did not earn those wages and should be treated as the victim rather than the perpetrator."

Olson recommended a more "taxpayer-centric approach" to handing cases of tax-related identity theft, including developed centralized procedures for identifying indicators that a taxpayer's information may have been used for fraud, and a "casework" system to handle complaints from beginning to end across the agency's many divisions.

Both TIGTA and Olson praised the agency for the efforts it has undertaken to address the deficiencies in its handling of identity theft issues, including the creation of an Office of Privacy, Information Protection and Data Security that would automate and streamline the process for reporting and investigating identity theft complaints. But both said that the systems in place would require much more development and safeguards to be effective.

Numbers Game

Mismatched Social Security numbers and names are a leading symptom of identity theft, as they indicate a person's information has been stolen and combined with other people's information in the black market "underground economy" to create new identities, which are sold and resold -- often to undocumented immigrants looking for quick employment in the United States.

The earnings from the identities created from the stolen information are taxed as normal, but the Social Security earnings are not provided to the earners, and are shunted to the SSA's "earnings suspense file," a massive fund of unclaimed earnings that gathers as much as $6 billion a year.

The file represents a hotbed of political argument on everything from illegal immigration to privacy rights even as it continues to accrue untouched money.

The IRS' own practices often contribute to increased risk of identity theft for taxpayers as well. The agency has been the subject of multiple Congressional reports documenting its lack of implemented privacy practices agency-wide, and has been criticized for losing many computers and storage devices that contain sensitive personal data.

The IRS has also come under scrutiny for changes in its rules to enable outsourcing of tax collection operations to private agencies, and to let third-party tax preparers sell customer data to affiliates or partners, often without the customer's explicit consent.

A recent investigation of commercial tax preparers using undercover mystery shoppers found rampant abuse and deceit of low-income customers, many of whom were tricked into taking out costly "refund anticipation loans" offered by the preparers.