IRS needs to address its insider tax ID theft risks
Tuesday, April 26, 2016
Trust no one.
That X-Files admonition has been co-opted for just about everything, but it's particularly appropriate in this time of increasing tax identity theft and refund fraud.
It also apparently is taken to heart by the federal office that keeps an eye on the Internal Revenue Service's operations. The Treasury Inspector General for Tax Administration (TIGTA) says its Office of Investigations (OI) examines not only outside threats to the tax collecting agency, but also internal issues.
"Specifically, OI investigates misconduct by IRS employees which manifests itself in many ways," said Timothy Camus, a Deputy Inspector General with TIGTA.
Insider tax ID theft: Those IRS staff transgressions include, among other things, unauthorized access to taxpayer information and the use of that improperly obtained info to commit identity theft.
"Unfortunately, tax refund fraud and identity theft is not limited to unscrupulous individuals operating from outside of the IRS," Camus told House Ways and Means Oversight Subcommittee members at an April 19 hearing. "There is also an insider threat posed by IRS employees who use their official positions and access to IRS information in furtherance of these schemes.
Camus cited "one of the most significant recent cases" in which an IRS employee stole the tax agency's information on hundreds of taxpayers, and then used it to try to get between $550,000 and $1.5 million in fraudulent refunds.
That now former-IRS employee was able to successfully steal over $438,000 in fraudulent refunds.
Catching in-house crooks: "We detected this criminal activity through our ability to review the audit trails of accesses made by IRS employees to the IRS computer systems," said Camus.
But, he told the Oversight Subcommittee members, TIGTA still is "very concerned" that the IRS' systems' modernization efforts over the last several years have not included adequate audit trails that would allow TIGTA to detect an IRS employee's unauthorized access to taxpayer information.
"Although we are discussing this vulnerability with the IRS Information Technology leadership, the pace of progress is not acceptable," said Camus. "For example, currently only 12 of the 82 applications subject to the risk of unauthorized access and theft of taxpayer information are currently transmitting accurate and complete audit trail data. The IRS estimates that it will have this vulnerability addressed between FY 2021 and FY 2027."
So for now and the next five to 11 years, we taxpayers need to keep the X-File adage in mind, even -- or maybe especially -- when it comes to the data we send each year to the IRS.
Small percentage, big PR problem: Camus later in his testimony also told the Representatives of some of TIGTA's success against criminal IRS agents.
In the past six months, he said, TIGTA investigations resulted in federal prosecution of six IRS employees whose criminal activity affected more than 240 taxpayers and cost the government hundreds of thousands of dollars in fraudulent refunds.
OK, six IRS workers out of around 70,000 full-time employees is a tiny fraction. So are the 240 out of an estimated 150 million taxpayers.
But the problem is that we must submit our personal tax data to the IRS. And that annual task is part of an implied contract under which the agency trusts us to honestly report our income and tax due amount and we trust it to handle that information properly and keep it safe.
"Although the six IRS employees involved in this criminal activity represent a very small percentage of the total IRS employee population, their actions negatively impacted the public's perception of the integrity of the federal tax system," said Camus.
That's why, the TIGTA official told the Congressional panel, allegations of IRS employee misconduct will remain one of the oversight agency's primary investigative priorities.
One Representative's ID theft tale: Anyone and everyone is a potential tax identity theft victim.
That also was illustrated during the Oversight Subcommittee's hearing when Ways and Means member Rep. Jim Renacci (R-Ohio) told his colleagues about having his identity stolen and a fake tax return filed last year in his name.
I elaborated on Renacci's testimony, as well as what IRS Commissioner John Koskinen (that's him there next to Renacci in the video) had to say about the just-completed tax filing season in one of my posts last week at my other tax blog.
Also over at Bankrate last week, I looked at the last tax return the Obamas will file from the White House … unless Michelle decides to one day run for president.
I usually post my additional tax thoughts at Bankrate on Tuesdays and Thursdays and then provide highlights and links here the following weekend. Obviously that did not happen this past weekend, so ... but better late than never, at least when it comes to tax news.
And yes, this being Tuesday there's a new item over at Bankrate Taxes Blog today. And yes again, it's on tax scams again. You can check it out now, or wait until the weekend for a reminder. Or both!
You also might find these items of interest:
Comments