IRS Has Implemented Initiatives to Prevent, Detect, and Resolve Identity Theft-Related Problems, but Needs to Assess Their Effectiveness
GAO-09-882, Sep 8, 2009
Identity thieves may use a taxpayer's name and social security number to fraudulently claim a refund or gain employment. This creates tax problems for the innocent taxpayer when the Internal Revenue Service (IRS) discovers a duplicate refund claim or unreported wage income. IRS is revising its strategy for preventing, detecting, and resolving identity theft-related tax problems. GAO was asked to (1) describe the extent of identity theft-related refund and employment fraud, (2) assess IRS's actions to prevent and resolve such problems, and (3) describe IRS's identity theft- related coordination with other agencies. GAO analyzed IRS data on identity theft cases, reviewed revisions to the Internal Revenue Manual and other agency documents, and interviewed IRS officials responsible for the new strategy
IRS's ability to detect identity theft-related refund and employment fraud is limited, but by the end of 2008, IRS had cataloged over 50,000 incidents. According to IRS, about 90 percent of fraudulently claimed refunds were stopped in 2008 with about $15 million issued before IRS became aware of the fraud. IRS does not know the amount of refund or employment fraud that goes undetected. In 2008, IRS began implementing four new initiatives in an effort to better detect and resolve identity theft cases. These include an identity theft indicator that IRS places on victims' accounts so that IRS personnel can more easily recognize and assist the legitimate taxpayer in case of future account problems. The indicator further enables IRS to screen returns to prevent fraudulent refunds from being issued to identity thieves. IRS also decided to resolve legitimate taxpayers' identity theft problems using a decentralized process--the activity that discovers a problem has the responsibility to resolve it. For the 2010 filing season, IRS is considering whether to expand its screening; however, IRS does not know how well its current strategy is working. IRS said it will develop performance measures, but it is not known whether the measures will be suitable for determining the effectiveness of the new initiatives, such as the number of false positives and negatives in the screening process or the success of the decentralized resolution process. Nor is it known when the new measures will be implemented. Measuring effectiveness matters because there have been glitches in implementing the initiatives. IRS is working to correct some discrepancies in the screening process and a GAO analysis of IRS data showed that some fraudulent refunds were issued even though taxpayers had indicators on their accounts. IRS's coordination with other agencies is limited. Statutory Provisions protecting the privacy of tax data prohibit IRS from sharing taxpayer information with other agencies in many cases. Nor does IRS routinely receive identity theft case data because of concerns with substantiation. IRS has coordinated with other agencies on how to manage identity theft programs.
- Closed - implemented
- Closed - not implemented
Recommendation for Executive Action
Recommendation: The Commissioner of Internal Revenue should ensure that performance measures suitable for assessing the effectiveness of its identity theft initiatives, and associated data collection procedures, are in place at the beginning of the 2010 filing season.
Agency Affected: Department of the Treasury: Internal Revenue Service
Status: Closed - Implemented
Comments: IRS developed and implemented data collection and reporting procedures to support its implementation of performance measures prior to the beginning of the 2010 filing season. These measures will allow IRS to analyze and evaluate more completely the effectiveness of its identity theft programs as well as identify opportunities for future program development and improvement.