By Laura Saunders
Joe Garrett's personal and professional lives converged last
month when the Alabama state tax official discovered he had become
one of the millions of victims of taxpayer-identity theft.
On March 16, Mr. Garrett, a deputy commissioner at the Alabama
Department of Revenue in charge of income-tax fraud prevention,
returned home to find a form letter in the mail, from his own
agency, asking him to confirm his identity information so the state
could release his refund.
He hadn't filed yet, so Mr. Garrett knew the letter was bad
news. As it turned out, a thief had stolen his personal information
and filed tax returns in his name, claiming thousands of dollars in
refunds.
"It seemed like a bad joke," said Mr. Garrett.
Then, Mr. Garrett, 44 years old, realized the crime presented an
unusual opportunity. "I wanted to understand what happened to me so
I could better protect Alabama taxpayers," he said.
His experience provides a glimpse at the inner workings of the
multipronged systems used to handle electronic filings hidden from
most taxpayers. Because Alabama requires federal returns to be
filed along with state returns--and allows taxpayers access to
them--he could obtain information that many victims of tax-ID theft
can't. Mr. Garrett's job has also given him contacts at firms
involved in the tax-preparation process and the Internal Revenue
Service.
He immediately made inquiries and provided the information he
obtained to The Wall Street Journal, which made further queries. "I
was surprised by what we learned and how many different businesses
were involved," Mr. Garrett said.
Tax-ID theft has plagued both federal and state governments in
recent years, costing an estimated $5.8 billion in federal revenue
in 2013, according to the Government Accountability Office. Intuit
Inc., the maker of TurboTax tax-preparation products, had to shut
down its e-filing of all state tax returns for 24 hours in February
because of a surge in fraudulent filings.
The IRS assisted 875,000 victims of tax-ID theft in fiscal 2014,
according to IRS Commissioner John Koskinen.
Like other tax-ID theft victims, Mr. Garrett had to scramble to
report the crime to the IRS and to place a fraud alert with
credit-reporting companies. And like others, he had to file his
federal and state returns on paper and wait months for his federal
refund, hoping the fraud doesn't spread to other areas of his
financial life.
The day after receiving the letter, Mr. Garrett discovered that
federal and state returns with his name and address were e-filed
through TurboTax, the service he uses.
Mr. Garrett alerted contacts at Intuit of the fraud, and they
told him someone had opened a second account in his name using his
Social Security number. "They send me emails all the time," he
said. "Why didn't I get one about this?"
A spokeswoman for Intuit, which is based in Mountain View,
Calif., said federal and state laws prevent the company from
discussing individual accounts. She said Intuit is working to
strengthen protocols to address the types of issues in Mr.
Garrett's case.
The thief requested a federal refund of $7,568 and a state
refund of $1,044. The Alabama Department of Revenue held the state
refund because the direct-deposit information on the return had
changed and then blocked it after learning the return was
fraudulent.
Mr. Garrett said an IRS representative told him on March 17 that
the agency had just released the federal refund. A spokeswoman for
the IRS said it is prohibited by law from discussing such taxpayer
issues.
Like many swindlers--and millions of honest taxpayers--the thief
had asked that TurboTax's prep fee be deducted from the refund so
as to avoid a cash outlay. The federal refund was then routed
through Santa Barbara Tax Products Group, a unit of Green Dot
Corp., an issuer of prepaid debit cards based in Pasadena,
Calif.
Mr. Garrett said Intuit, based on the alert it got from him,
notified Tax Products Group that the federal refund was fraudulent.
A spokesman for Tax Products Group said the firm then turned to
J.P. Morgan Chase & Co., one of whose routing numbers was used
by the bogus filer as the destination for the refund.
According to a J.P. Morgan spokesman, the bank served only as a
clearinghouse, and the thief's account was with RushCard, a vendor
of prepaid debit cards launched by hip-hop entrepreneur Russell
Simmons in 2003.
A spokesman for RushCard said the thief tried to load a refund
of $5,657.43 associated with Mr. Garrett's tax return onto one of
its cards issued by MetaBank of Sioux Falls, S.D., in March. But
the ploy didn't work because of fraud controls.
When J.P. Morgan learned the RushCard number wasn't a valid
account, the bank returned the net refund of $5,657.43 to a Tax
Products Group bank account, a J.P. Morgan spokesman said. A
spokesman for Tax Products Group said the funds were then returned
to the IRS.
Still, there was a discrepancy of more than $1,900 between the
fraudulent refund claim of $7,568 and the amount returned to the
IRS. Spokesmen for Tax Products Group and Intuit said it couldn't
be recovered because the thief diverted it to Intuit's Amazon.com
Gift Card "refund bonus" program.
The Intuit spokeswoman declined to discuss details about the
Amazon.com Inc. program. Amazon didn't return requests for
comment.
Mr. Garrett also wanted to know what happened to the tax-prep
fees that were deducted from the refund. A spokeswoman for Tax
Products Group said it returns its fees to the IRS in such cases.
The Intuit spokeswoman said "aside from the Amazon.com gift card,
the U.S. Treasury was made whole."
Mr. Garrett has never learned the identity of the perpetrator in
his case or how his personal information was obtained. The thief
appears to have gotten away with more than $1,900.
Mr. Garrett said efforts to speed and automate the tax-refund
process have made it far easier for criminals to commit quick,
anonymous fraud. "We have to emphasize security more," he said.
He has also taken away a more personal lesson.
"I deal with trying to prevent tax-ID theft every day at my
job," Mr. Garrett said. "But now that I've been a victim, I have
even more sympathy for all the people who have to deal with
it."
Write to Laura Saunders at laura.saunders@wsj.com
Access Investor Kit for Amazon.com, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US0231351067
Access Investor Kit for Green Dot Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US39304D1028
Access Investor Kit for Intuit, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US4612021034
Access Investor Kit for JPMorgan Chase & Co.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US46625H1005