Identity Theft: Improved Collaboration Could Increase Success of IRS Initiatives to Prevent Refund Fraud
Fast Facts
The IRS estimates that would-be thieves used false identities to try to steal $14.5 billion in refunds in the 2015 tax year.
To address this high risk area, the IRS launched a pilot initiative in 2017 to help it, states, and tax industry members quickly share information. So far, 31 states and 17 industry groups are participating.
We reviewed this effort and assessed how well it aligned with 5 leading practices for pilot design. We recommended that the IRS and the initiative's Executive Board (1) take steps to improve the pilot's implementation, and (2) develop a plan to expand membership to more states and tax industry members.
Sizing Up the Information Sharing and Analysis Center (ISAC) Pilot's Alignment with Leading Practices
The graphic illustrates how well the initiative aligns with 5 leading practices for pilot design.
Highlights
What GAO Found
The Internal Revenue Service (IRS) launched an Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC) pilot for the 2017 filing season. It aims to allow IRS, states, and tax preparation industry partners to quickly share information on identity theft (IDT) refund fraud. The ISAC pilot includes two components: an online platform run by IRS to communicate data on suspected fraud, and an ISAC Partnership, a collaborative organization comprised of IRS, states, and industry, which is intended to be the governance structure. As of November 2017, the ISAC had 48 members: 31 states (including full members and those receiving alerts only), 14 tax preparation companies, and 3 financial institutions. In addition, IRS is using a Rapid Response Team (RRT) in partnership with states and industry members to coordinate responses to IDT refund fraud incidents that pose a significant threat within 24 to 72 hours of being discovered. IRS deployed the RRT for six incidents in 2016 and once in 2017.
GAO found that the ISAC pilot aligns with key aspects of all five leading practices for effective pilot design GAO previously identified, but none fully. For example, IRS has worked to incorporate stakeholder input, but its message about the ISAC's benefits has not fully reached states. Further, IRS does not have criteria for assessing whether the pilot's objectives have been met. Without this assessment and better alignment with leading practices, IRS, its partners, and Congress will have difficulty determining the effectiveness of the pilot and whether to implement it more broadly.
IRS has taken actions to improve the ISAC pilot, but the ISAC Partnership does not have an outreach plan. While the ISAC Senior Executive Board limited industry participation to partners who participated in its Security Summit, the ISAC has obtained support from trade organizations. However, officials from almost all states represented in our focus groups noted that they either had not used, or were unfamiliar with, the ISAC-specific resources. While the ISAC Board has taken steps to engage stakeholders, the ISAC Partnership does not have an outreach plan to increase membership and improve states' and industry partners' understanding of the ISAC's benefits. Without such a plan, less effective collaboration is likely among stakeholders and opportunities to prevent IDT refund fraud may be missed.
Why GAO Did This Study
IRS estimates that fraudsters attempted at least $14.5 billion in IDT tax refund fraud in tax year 2015. Since 2015, GAO's High-Risk List has included IRS's efforts to address IDT refund fraud. Starting with its March 2015 Security Summit, IRS has partnered with state tax administrators and tax preparation companies, among others, on initiatives aimed at better preventing and detecting IDT refund fraud.
GAO was asked to examine IRS's efforts to collaborate with these partners. This report, among other things, (1) describes actions taken to implement the ISAC and RRT, (2) evaluates the extent to which the ISAC pilot aligns with leading practices for pilot design, and (3) identifies actions, if any, that IRS could take to improve the ISAC pilot.
GAO reviewed planning and other documents on the initiatives. It interviewed IRS and state officials and industry and trade organization representatives, among others involved in the ISAC and RRT. GAO also conducted four non-generalizable focus groups with state and industry partners.
Recommendations
GAO recommends IRS ensure (1) the ISAC better aligns with leading practices for effective pilot design, and (2) the ISAC Partnership develops an outreach plan to expand membership and improve understanding of the ISAC's benefits. IRS and the ISAC Board state and industry co-chairs agreed with the recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Internal Revenue Service | The Acting Commissioner of Internal Revenue should ensure that the Information Sharing and Analysis Center (ISAC) pilot better aligns with leading practices for effective pilot design. This should include (1) establishing criteria for assessing whether the pilot's objectives have been met before making decisions about its scalability and whether, how, and when to when to proceed to full implementation; and (2) developing a data analysis plan that identifies data sources and criteria necessary for effectively evaluating the pilot. (Recommendation 1) |
Closed – Implemented
IRS transitioned the Information Sharing and Analysis Center (ISAC) from a pilot to full implementation in October 2018. Prior to making a decision about scaling the pilot, IRS identified criteria to evaluate the extent to which the pilot met its objectives that included both quantitative and qualitative measures and a specific target goal. Additionally, it developed a data analysis plan to monitor progress towards its goals. As noted in the ISAC 2020 Annual Report, the ISAC continued to monitor three key metrics: (1) levels of industry, state and IRS participation in the ISAC; (2) volume and quality of alert and information contributions that identify ecosystem threats; and (3) volume and quality of the ISAC's data analysis in identifying suspected identity theft tax refund fraud. These efforts improved IRS's ability to effectively evaluate the ISAC pilot and make informed decisions about how to most effectively collaborate with state and industry partners to prevent identity theft tax refund fraud.
|
| Internal Revenue Service | The Acting Commissioner of Internal Revenue should ensure that the ISAC Partnership develops an outreach plan to expand membership and improve states' and industry partners' understanding of the ISAC's benefits. (Recommendation 2) |
Closed – Implemented
The ISAC Partnership has improved outreach and participation among state and industry partners. For example, the ISAC 2019 Annual Report provided guidance to help member organizations more effectively and efficiently contribute to the ISAC. Additionally, the 2019-2021 ISAC Strategic Plan includes a goal to expand opportunities for partners to access, analyze, and share feedback on initial data provided by the Taxpayer First Act. Engagement has also increased among member organizations. In our November 2017 report, we noted one state contributed data to the ISAC in the 2017 filing season. According to the ISAC 2020 Annual Report, 44 organizations engaged with the ISAC, which the ISAC Partnership defined as contributing data, participating in committees and pilots, or providing feedback. These outreach efforts help improve the efficiency and effectiveness of collaboration among partner organizations to prevent identity theft tax refund fraud.
|