Laura Saunders
A spate of tax-refund thefts is bringing changes for taxpayers
who file more than 200 million federal and state returns.
Officials from the Internal Revenue Service, state tax
departments, tax-preparation firms and financial-products firms
recently announced new efforts to prevent cybercriminals from using
stolen information to file for billions of dollars in fraudulent
tax refunds--and, in the process, disrupting the lives of millions
of American taxpayers.
The degree of cooperation among these groups is unprecedented.
While past coordination was limited by legal and other barriers,
"now we've had to join forces to deal with this epic wave of
fraud," says Julie Magee, Alabama's revenue commissioner and a
board member of the Federation of Tax Administrators, a group of
state tax officials.
IRS Commissioner John Koskinen said the agency doesn't yet know
how much in bogus refunds thieves stole or tried to steal this
year. But the problem seems to be growing. The IRS has stopped
three million such fraudulent filings so far this year, up about
30% from this time last year. According to the latest data
available, which come from a U.S. Government Accountability Office
study, the IRS lost more than $5.8 billion to stolen-identity
refund theft in 2013.
State tax officials also have been grappling with growing refund
fraud. Demesia Padilla, who heads New Mexico's revenue department,
says her agency already has blocked $9 million in fraudulent
refunds this year, compared with $4 million in 2012. Utah had more
than 37,000 suspicious filings this year, up from 1,200 last
year.
The new joint efforts follow highly public incidents earlier
this year. In early February, Intuit suspended the e-filing of
state tax returns for 24 hours after state tax authorities detected
a surge in fraudulent refund claims using its TurboTax
product--some with information apparently drawn from victims' 2013
tax returns.
In May, the IRS shut down its online "Get Transcript" function
after learning that cyberthieves had penetrated the site and
collected personal data on more than 100,000 households. Although
the agency's main database wasn't hacked, Get Transcript was a rich
target because it provided taxpayers with access to several years
of their return data. That made it a useful tool for loan
applicants and others needing such information--and for refund
thieves.
Making matters worse, cyberthieves are getting smarter. The IRS
is "dealing more and more with organized-crime syndicates here and
around the world," Mr. Koskinen said in Senate testimony earlier
this month. He noted that the hack of Get Transcript was
particularly "complex and sophisticated."
The IRS has assigned special ID numbers to more than 1.5 million
households that have been actual or potential victims of
tax-related identity theft, and the agency has offered them to 1.7
million more. Victims often are shocked when they learn that a
fraudster has filed in their name. They face a list of onerous
tasks: Typically, they must file affidavits with law-enforcement
agencies and the IRS, monitor their credit, submit their tax
returns on paper--and wait months to receive tax refunds.
Officials are rushing to put changes in place before the 2016
filing season. At least 12 states--including Alabama, Virginia,
Pennsylvania and Kentucky--will be asking employers to submit W-2
and similar forms for 2015 much earlier next year, often by Jan.
31, in an effort to spot fraudsters, according to the Federation of
Tax Administrators. (Congress would have to act in order for the
IRS to speed up the federal deadline for employers.)
Other changes in the works, such as added fraud filters or
information exchanges among states, tax-prep firms and the IRS,
will be largely invisible. Here is the upshot for concerned
taxpayers:
Expect heightened security. You may be asked to change your
password for tax sites several times a year. Multifactor
authentication also is likely--that is, you may have to enter a
code sent to your email or phone after you log in to obtain access.
"Out of wallet" questions, such as where you went to high school,
will become more sophisticated.
Guard your personal information. While much personal data
already is for sale on the "dark web," try to avoid providing more.
Ask to have your Social Security number masked when possible, be
careful with postings on social media and don't discard financial
information in ways thieves could make use of.
File for an Identity Protection PIN. The IRS gives special ID
numbers to victims of ID theft, but also to potential victims--such
as people whose personal information may have been exposed in the
Anthem health-insurance breach last year, which may have affected
nearly 80 million people, or the recent one affecting nearly every
federal employee. To apply as a potential victim, check Box 2 of
Form 14039, "Identity Theft Affidavit."
There also is a special IRS program that gives such PINs to many
people who have filed federal returns in Georgia, Florida and the
District of Columbia, locales with the highest rate of tax ID
theft.
Minimize your tax refunds. This move doesn't thwart swindlers,
because they don't steal actual tax refunds. Instead, they file for
a refund in the victim's name.
But victims who owe on April 15 or have small refunds do have an
advantage: While these taxpayers must still file affidavits and
monitor their credit like other victims, they don't have to wait
months to receive a large check from the IRS. It is another good
reason not to make an interest-free loan to Uncle Sam.
Email: taxreport@wsj.com
Access Investor Kit for Intuit, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US4612021034