The Internal Revenue Service apparently is taking a hint from a Hollywood classic. It's thinking like identity thieves to catch identity thieves.
That was among the messages from IRS Commissioner John Koskinen in July 25 media teleconference.
Cybercriminals are showing increasing savvy and tax expertise, particularly in the business filing area, according to the IRS. The crooks are using stolen data, sometimes from tax practitioners, to file fake business, partnership and trust returns in an effort to pocket fraudulent refunds.
"It's especially difficult to identify any tax return as fraudulent when criminals are using information stolen from tax preparers," Koskinen said. "The stolen data allows criminals to better impersonate the legitimate taxpayers."
"The IRS, state tax agencies and the tax community have worked hard to turn the tide against tax-related identity theft," added Koskinen. "We're making progress in protecting individuals but we still have more work to do, especially in the business tax area and involving tax professionals."
Thinking like the bad tax guys: To that end, the commissioner said his agency and its Security Summit partners are beginning to "think like a criminal."
This approach should help them anticipate the tax and ID thieves' actions and employ safeguards to beat them to that next step.
"My ultimate goal was after we anticipate where the criminals are going, make this so unattractive and so difficult that criminals go somewhere else," Koskinen said.
"I don't think we're going to put them out of business, they've got too much data and they're too sophisticated and they have too much money," he added. "But if they want to go bother somebody else for a while that would be fine. I think we’re making progress moving in that direction."
And some progress has been made.
Fewer individual, growing business tax fraud: So far in 2017, the IRS announced, individuals reporting identity theft have declined sharply compared to the same time in 2016 and 2015.
In the first five months of 2017, about 107,000 taxpayers reported being victims of identity theft, compared to the same period in 2016, when 204,000 filed victim reports.
That’s about 97,000 fewer victims – representing a drop of 47 percent. For comparison, there were nearly 297,000 identity theft victims during the first five months of 2015.
Those drops, notes the IRS, correspond to Security Summit identity theft and tax fraud safeguards that were put in place in 2016.
But — and there's always a "but" in taxes, isn't there? — tax officials are not having as much success in the business tax area.
While tax ID theft and refund fraud was falling, the IRS saw an increase in identity theft involving business-related tax returns. Through June 1, the IRS has identified approximately 10,000 business returns as potential identity theft filings, compared to about 4,000 for calendar year 2016 and 350 for calendar year 2015.
True, the number of businesses affected was relatively low, but the potential dollar amounts were significant. The IRS says the fraudulent filings accounted for $137 million for 2017, $268 million for 2016 and $122 million for 2015.
The affected returns included corporate returns, filed on Forms 1120 and 1120S, and Form 1041-filed estate and trust returns. The IRS also saw an increase in identity theft related to the Schedule K-1 filings made by partnerships.
More ID theft protections in 2018: To continue winning the individual taxpayer ID theft battle and make progress on the business side, the IRS and its Security Summit partners plan to share even more info during next year's filing season.
The data collection helps the IRS authenticate that the tax return being submitted is legitimate and not an identity theft return.
For 2018, the number of data elements from tax returns shared between the IRS and state tax department will increase. Also next filing season, the IRS will be asking tax professionals to gather more information on their business clients.
Some of the new information people may be asked to provide when filing their business, trust or estate client returns includes:
- The name and Social Security number of the company individual authorized to sign the business return: Is the person signing the return authorized to do so?
- Payment history: Were estimated tax payments made? If yes, when were they made, how were they made, and how much was paid?
- Parent company information: Is there a parent company? If yes who?
- Filing history: Has the business filed Form(s) 940, 941 or other business related tax forms?
- Additional information: This would be based on deductions claimed.
The commissioner and Security Summit partners also warn tax professionals to be wary of any potential business clients who claim they do not currently have an Employer Identification Number (EIN).
And all tax professionals, whether they do just individual or business returns or a mix of clients, must protect their data and systems against the sophisticated, well-funded and technologically adept criminal syndicates around the world that are behind much of the organized tax ID theft and refund fraud schemes.
Do you feel confident the IRS, working with state tax offices and the tax industry, is making sufficient progress in fighting identity theft and tax return fraud?
Will added safeguards pose more problems for you as a tax preparer and/or your clients? Or are y'all willing to endure more checkpoints to prevent ID theft and tax fraud?
You also might find these items of interest:
- Cyber crooks are looking to make tax fools out of us all
- Tax professionals are target of yet another ID theft scam
- 5 ways to protect your identity (and money!) during National Tax Security Awareness Week (and year-round!)