IRS beefed up ID theft filters for businesses, but still has work to do
The Internal Revenue Service is improving its filters for detecting identity theft in business tax returns, according to a new report, but it’s still letting many potentially fraudulent refund claims get through.
The report, released Monday by the Treasury Inspector General for Tax Administration, pointed out that new fraud patterns are constantly evolving, so the IRS has needed to adjust its existing ID theft filters and continue to expand its detection processes to include more types of business tax returns.
Identity theft is more commonly associated with individuals, but it can happen with businesses as well. For example, an identity thief may file a business tax return using the Employer Identification Number of an active or inactive business without the business owner’s permission or knowledge of the owner to obtain a fraudulent tax refund.
For its report, TIGTA found the IRS is continuing to take various actions to improve its detection of business identity theft, including expanding the number of identity theft filters from 35 in tax-processing year 2018 to 84 in 2020. However, TIGTA believes further expansion of detection capabilities to include other types of business tax returns is still needed. For example, TIGTA found that 36 business return types with refunds issued totaling $10.5 billion in processing year 2019 weren’t evaluated for potential identity theft.
In a partially redacted part of the report, TIGTA’s review identified 11,908 returns of a specific type with refunds totaling almost $63.2 million for which the amount reported on the tax return differed from the amount reported to the IRS by a third party. However, the agency’s existing ID filters don’t check for this characteristic.
In addition, TIGTA’s review identified 3,283 tax forms of a certain type with refunds totaling almost $21 million that should have been identified by the IRS’s business identity theft filters but instead were excluded from evaluation by the filters. The IRS is also continuing to use processes that don’t protect potentially fraudulent refunds from erroneous release. TIGTA found that 1,966 of the 6,110 returns that the IRS’s filters had selected as potentially fraudulent had their associated refunds, totaling almost $110.4 million, erroneously released before a tax examiner confirmed the validity of the refund. The mistaken release of the refunds stemmed from a process that allows other functions at the IRS to release refunds associated with returns that the service's return integrity and compliance services function has identified and selected for review as potentially fraudulent.
To cap it off, once the IRS determines that a tax refund claim isn’t a case of identity theft, the service isn’t releasing the refunds on a timely basis. TIGTA’s analysis identified 821 taxpayer accounts for which the associated refund freeze was released 21 or more days after a tax examiner determined that the return was valid. The delays led to additional interest being paid by the IRS, totaling more than $1.3 million.
TIGTA made four partially redacted recommendations in the report to the IRS’s Wage and Investment Division commissioner to improve the identification of business identity theft. Those include expanding the business identity theft filters, revising the filters to use some piece of information that’s posted to the taxpayer’s account, and setting up procedures to make sure that tax refunds are promptly released once the IRS has determined they are not the result of identity theft. IRS officials agreed with all four of TIGTA’s recommendations and plan to take action on them.
“The detection of business identity theft can be challenging in that it shares many characteristics of noncompliance or attempts to defraud by individuals with legitimate authorization to use the businesses’ information,” wrote Kenneth Corbin, commissioner of the IRS’s Wage and Investment Division, in response to the report. “Since 2015, we have improved and expanded our ability to detect both conventional fraud and identity theft fraud associated with the filing of business tax returns. As noted, the number of filters being used to detect business identity theft has expanded from 35 in 2018 to 84 in 2020. We also increased both the number of dynamic selection lists and our detection coverage to include additional business tax returns. The volume of filings for these business tax returns, processed in 2019, accounted for 82 percent of the refunds issued to businesses that year.”