Fast Facts

Employment-related identity fraud occurs when people use a name or Social Security number (SSN) other than their own to get a job. This fraud makes it harder for IRS to collect taxes and harder for the Social Security Administration to manage benefits.

Though the true scope of this fraud is unknown, we identified 1.3 million SSNs from 2016 that were associated with both signs of potential fraud (e.g., wages reported for the SSNs of children or the elderly), and underreported wages to IRS by the taxpayer.

Our recommendations include improving how both agencies share wage data to better detect this type of fraud.

Employment-related identity fraudsters use identities other than their own to gain employment

Resume

Resume

Skip to Highlights
Highlights

What GAO Found

Employment-related identity fraud occurs when people use a name or Social Security number (SSN) other than their own to get a job. People may do this if they are not authorized to work in the United States or are trying to avoid child support payments, among other reasons. Victims may face Internal Revenue Service (IRS) enforcement actions based on wages earned by fraudsters. IRS identified more than 818,000 cases in 2018, but this included only one form of employment-related identity fraud—mismatches between the identity listed on the Form W-2, Wage and Tax Statement (W-2) and the identity on the tax return. The true scope of employment-related identity fraud is unknown.

GAO reviewed additional forms of this fraud and identified 1.3 million SSNs that for 2016 had both (1) characteristics associated with employment-related identity fraud; and (2) wages reported by the employer on a W-2, but not reported by the employee on a tax return. This includes about 9,000 individuals whose employers reported W-2s in five or more states, but who did not include them all on their tax return (see figure).

Example of a Social Security Number Potentially Used for Employment-Related Identity Fraud

Example of a Social Security Number Potentially Used for Employment-Related Identity Fraud

The Social Security Administration (SSA) processes W-2s before sending W-2 data to IRS for enforcement purposes. SSA has developed processes to detect some inaccurate W-2s and notify potential fraud victims. IRS uses W-2 information to deter some potential fraudsters, but has not assessed the costs and benefits of expanding its enforcement efforts to include certain individuals who may underwithhold taxes or not file returns. Doing so could help IRS determine if such an effort would enable the agency to collect additional revenue.

SSA and IRS entered into a memorandum of understanding (MOU) to collaborate to exchange wage data. However, they have not established performance goals and measures for the MOU, implemented the MOU's monitoring provisions, or clearly defined the data elements they exchange.

Why GAO Did This Study

Employment-related identity fraud poses risks to IRS's ability to collect taxes owed on wages and to SSA's ability to correctly calculate and manage Social Security benefits.

GAO was asked to review employment-related identity fraud. This report examines (1) the potential scope of employment-related identity fraud, including what IRS knows about this type of fraud and what GAO could determine by analyzing Department of Health and Human Services' National Directory of New Hires (NDNH) and IRS data; (2) SSA and IRS actions to detect and deter this fraud as well as notify victims; and (3) SSA and IRS's collaboration on the issue.

GAO analyzed 3 months of 2016 NDNH wage data and 2016 IRS taxpayer data to identify potential employment-related identity fraud. GAO also reviewed relevant IRS and SSA documentation and interviewed agency officials.

This is a public version of a sensitive report that GAO issued in January 2020. Information that SSA deemed sensitive has been omitted.

Skip to Recommendations

Recommendations

GAO is making 12 recommendations to IRS and SSA, including that IRS assess the feasibility of adding checks to its review of employment-related identity fraud, and assess the costs and benefits of expanding enforcement; and that both agencies improve the implementation of their MOU. SSA agreed and IRS neither agreed nor disagreed with the recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Internal Revenue Service The Commissioner of Internal Revenue should modify the title of IRS's employment-related identity theft action code 525 to reflect the type of employment-related identity fraud encompassed by this action code. (Recommendation 1)
Open
IRS partially agreed with this recommendation. As of February 2021, officials said that IRS is in the process of updating an internal policy document to change the definition of the indicator, but IRS does not plan to change the title of the indicator. Our analysis of SSNs at risk of employment-related identify fraud indicates that the count of cases that IRS identifies under Action Code 525 likely understates the universe of employment-related identity fraud. By modifying the title of its employment-related IDT action code to more accurately reflect the data covered by the code, IRS could ensure that the agency is appropriately conveying the risk this specific type of employment-related identity fraud poses both to victims and tax administration without suggesting its statistics cover other types of employment-related identity fraud.
Internal Revenue Service The Commissioner of Internal Revenue should assess and document the feasibility of incorporating additional checks into its automated checks of employment-related identity fraud for populations at risk of employment-related identity fraud, such as children, elderly, deceased persons, and individuals associated with multiple wage records. (Recommendation 2)
Open
IRS agreed with this recommendation. As of February 2021, IRS now reviews all W-2s, not just the first two, when identifying mismatches in returns filed with an Individual Taxpayer Identification Number. However, IRS does not consider other characteristics, such as individuals with multiple wage records, in its checks for employment-related identity fraud. Doing so would require the development of new codes or the modifications of existing ones. By assessing and documenting the feasibility of incorporating additional checks--such as multiple wage records or wage records for children under 14--into its checks of employment-related identity fraud, IRS may be able to develop a method for identifying additional taxpayers at risk of this type of fraud.
Internal Revenue Service The Commissioner of Internal Revenue should assess and document the costs and benefits of using the Withholding Compliance Program (WHC) to address compliance risks posed by potential employment-related identity fraudsters who owe taxes and take appropriate action, as needed. (Recommendation 3)
Open
The Internal Revenue Service (IRS) did not agree with this recommendation and told us that expanding the Withholding Compliance Program (WHC) would not be effective. According to IRS, if a fraudster using someone else's SSN underwithholds, then the true SSN owner would also have to be either a non-filer or have an unpaid balance due for the fraudster's W-2 to be assessed by WHC. As a result, IRS excludes millions of W-2s with mismatched names and SSNs from WHC's underwithholding checks each year, creating an enforcement gap for fraudsters who underwithhold. As of April 2021, IRS has not yet provided us with information about the costs and benefits of modifying WHC to assess and follow up on W-2s with mismatching names and SSNs independently from W-2s with matching names and SSNs. Until IRS assesses these costs and benefits, IRS may be missing an opportunity to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should modify Automated Underreporter (AUR) to include wage discrepancy checks for victims of employment-related identity fraud once IRS has updated AUR's legacy programming code. (Recommendation 4)
Open
The Internal Revenue Service (IRS) did not agree with this recommendation. While IRS has acknowledged that excluding victims of employment-related identity fraud from checks made by the Automated Underreporter (AUR) program creates an enforcement gap, IRS has said that the agency does not know when or if it will be able to update AUR's legacy programming code to include wage discrepancy checks for these taxpayers. We maintain that IRS should make such updates when feasible. Until IRS modifies AUR to include checks for these individuals, IRS may be missing an opportunity to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, develop and document a plan for updating future Combined Annual Wage Reporting (CAWR) MOUs. The plan should identify actions, time frames, and responsible parties, including executive leadership. (Recommendation 5)
Closed - Implemented
The Internal Revenue Service (IRS) agreed with this recommendation and in November 2020 finalized a joint strategy with the Social Security Administration for the continued maintenance of the Combined Annual Wage Reporting (CAWR) Memorandums of Understanding (MOU), as GAO recommended in May 2020. This strategy includes an agreement to review and update the MOU every two years beginning in fiscal year 2022. It also specifies how the MOU will be reviewed, and identifies parties responsible for conducting these reviews. IRS's actions will better position IRS to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, develop and implement goals and performance measures for the CAWR MOU. (Recommendation 6)
Open
The Internal Revenue Service (IRS) agreed with this recommendation. In November 2020, IRS and the Social Security Administration (SSA) finalized a joint update to the Combined Annual Wage Reporting (CAWR) Memorandum of Understanding (MOU). However, the updated MOU did not identify goals and performance measures that IRS and SSA can use to monitor their efforts to implement the MOU. In April 2021, IRS officials told us they will work with SSA to develop goals and performance measures for the MOU. Doing so would provide IRS greater assurance that it is periodically assessing the CAWR process and identifying opportunities for improvement.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, develop and document a strategy for assuring that the reviews required by the updated MOU are completed within the specified time frames. (Recommendation 7)
Closed - Implemented
The Internal Revenue Service (IRS) agreed with this recommendation and in November 2020 finalized a joint strategy with the Social Security Administration for the continued maintenance of the Memorandum of Understanding (MOU). This strategy includes an agreement to review specific aspects of the MOU, such as the continued relevance of different data exchanges, every two years beginning in fiscal year 2022. It also identifies parties responsible for conducting these reviews and establishes deadlines for completing them, steps that will help assure reviews are completed within the specified timeframes, as GAO recommended in May 2020. IRS's actions will better position IRS to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, clearly define data elements they exchange with SSA. (Recommendation 8)
Open
The Internal Revenue Service (IRS) neither agreed nor disagreed with this recommendation. In November 2020, IRS and the Social Security Administration (SSA) finalized a joint update to the Combined Annual Wage Reporting (CAWR) Memorandum of Understanding (MOU) that included an exhibit that defines some data elements exchanged between the agencies as part of the CAWR process, including agency personnel responsible for overseeing these transfers. However, this exhibit does not define all codes used by SSA and IRS to mark wages as potentially invalid, such as wages that SSA identifies as having the same name, Social Security number, and employer identification number as wages disclaimed in prior years. In April 2021, IRS officials told us they will work with SSA to clearly define these codes. Until IRS does so, the agency will be missing an opportunity to more effectively use wage information to identify potentially fraudulent or inaccurate earnings.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, develop and document a plan for updating future CAWR MOUs. The plan should identify actions, time frames, and responsible parties, including executive leadership. (Recommendation 9)
Closed - Implemented
The Social Security Administration (SSA) agreed with this recommendation and in November 2020 finalized a joint strategy with the Internal Revenue Service for the continued maintenance of the Combined Annual Wage Reporting (CAWR) Memorandums of Understanding (MOU), as GAO recommended in May 2020. This strategy includes an agreement to review and update the MOU every two years beginning in fiscal year 2022. It also specifies how the MOU will be reviewed, and identifies parties responsible for conducting these reviews. SSA's actions will better position SSA to more effectively manage its benefits programs.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, develop and implement goals and performance measures for the CAWR MOU. (Recommendation 10)
Open
The Social Security Administration (SSA) agreed with this recommendation. In November 2020, SSA and the Internal Revenue Service (IRS) finalized a joint update to the Combined Annual Wage Reporting (CAWR) Memorandum of Understanding (MOU). However, the updated MOU did not identify goals and performance measures that SSA and IRS can use to monitor their efforts to implement the MOU. In April 2021, SSA officials told us they will work with IRS to develop goals and performance measures for the MOU. Doing so would provide SSA greater assurance that it is periodically assessing the CAWR process and identifying opportunities for improvement.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, develop and document a strategy for assuring that the reviews required by the updated MOU are completed within the specified time frames. (Recommendation 11)
Closed - Implemented
The Social Security Administration (SSA) agreed with this recommendation and in November 2020 finalized a joint strategy with the Internal Revenue Service for the continued maintenance of the Memorandum of Understanding (MOU). This strategy includes an agreement to review specific aspects of the MOU, such as the continued relevance of different data exchanges, on a biennial basis starting in fiscal year 2022. It also identifies parties responsible for conducting these reviews and establishes deadlines for completing them, steps that will help assure reviews are completed within the specified timeframes, as GAO recommended in May 2020. SSA's actions will better position SSA to more effectively manage its benefits programs.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, clearly define the data elements they exchange with IRS. (Recommendation 12)
Open
The Social Security Administration (SSA) agreed with this recommendation. In November 2020, SSA and the Internal Revenue Service (IRS) finalized a joint update to the Combined Annual Wage Reporting (CAWR) Memorandum of Understanding (MOU) that included an exhibit that defines some data elements exchanged between the agencies as part of the CAWR process, including agency personnel responsible for overseeing these transfers. However, this exhibit does not define all codes used by SSA and IRS to mark wages as potentially invalid, such as wages that SSA identifies as having the same name, Social Security number, and employer identification number as wages disclaimed in prior years. In April 2021, SSA officials told us they will work with IRS to clearly define these codes. Until SSA does so, the agency will be missing an opportunity to more effectively use wage information to identify potentially fraudulent or inaccurate earnings.

Full Report

GAO Contacts