A Corporate
Strategy Is Key to Addressing the Growing Challenge of Identity Theft
July 2005
Reference Number: 2005-40-106
This report has cleared the Treasury
Inspector General for Tax Administration disclosure review process and
information determined to be restricted from public release has been redacted
from this document.
Freedom of Information Act (FOIA) Redaction Legend:
FOIA exemption (b)(3), in conjunction with I.R.C. § 6103, prohibits the disclosure of return and return information unless authorized.
FOIA exemption (b)(7)(C) permits an agency to withhold information that could reasonably be expected to constitute an unwarranted invasion of a third party’s or parties’ personal privacy.
FOIA exemption (b)(7)(E) permits an agency to withhold information that could disclose techniques and/or procedures used in law enforcement investigations and release of such information could reasonably be expected to circumvent the law.
July
22, 2005
MEMORANDUM FOR
DEPUTY COMMISSIONER FOR SERVICES AND ENFORCEMENT
FROM: Pamela J. Gardiner /s/ Pamela J. Gardiner
Deputy Inspector General for
Audit
SUBJECT: Final Audit Report - A Corporate Strategy Is
Key to Addressing the Growing Challenge of Identity Theft (Audit # 200440043)
This
report presents the results of our review to determine whether the Internal Revenue Service
(IRS) has an effective process to educate and assist taxpayers that are victims
of identity theft.
Identity theft is one of the
fastest growing crimes in the United States (U.S.). It occurs when someone uses another individual’s personal
information, such as his or her name, Social Security Number (SSN), credit card
number, or other identifying information, without permission, to commit fraud
or other crimes. People whose identities
have been stolen can spend months or years and considerable money repairing the
harm identity thieves have done to their good names and credit records. The reports of fraudulent tax returns as a
percentage of the type of fraud committed by identity thieves almost doubled
from Calendar Years 2002 (1.9 percent) to 2003 (3.7 percent).
There are two primary types
of identity theft that relate to tax administration. The first type involves an individual using
another person’s identity (name and SSN) to file a fraudulent tax return to
steal a tax refund. The second type
involves using another person’s identity (name, SSN, or both) to obtain
employment. This frequently involves
undocumented workers.
The IRS recognizes the growing challenge of identity
theft and its effect
on tax administration. Existing
processes and functions already deal
with aspects of identity theft. For
example, the IRS conducts routine verifications when
processing tax returns and conducting compliance checks that may identify
instances of potential identity theft. In
addition, depending on the specifics of a potential identity theft issue, the
tax return/case may be forwarded to various IRS functions for additional
actions. Furthermore, the IRS has recently designated a senior executive to head an
Identity Theft Task Force, a key goal of which is to develop an Enterprise
Identity Theft Strategy. During the
course of this review, we discussed various concerns with IRS management. In response, the IRS has begun to address
some of these concerns as part of its Identity Theft Task Force.
However, the IRS currently has no corporate strategy to address
identity theft issues. It does not have a
consistent process to educate and assist taxpayers and does not always take
additional actions to deal with the individuals that have used another’s name
and/or SSN to file fraudulent tax returns or obtain employment. In addition, the IRS does not have
comprehensive or centralized data on identity theft
and as a result is unable to determine the effect identity theft has on tax
administration. Until the IRS develops an
agency-wide strategy, it will be unable to help taxpayers and the Federal
Government combat the growing threat of identity theft and assist
criminal law enforcement’s efforts to prosecute offenders.
We recognize that identity theft presents
significant challenges to Federal and State Governments. We understand the unique and significant
challenges the IRS faces when dealing with issues of identity theft and tax
administration. To meet these challenges
and balance customer service with enforcement, we recommended the Deputy Commissioner
for Services and Enforcement (1) ensure agency-wide communication tools are updated to include information about
identity theft, (2) ensure information provided by the IRS to taxpayers or for
use by other Federal Government agencies when referring individuals to the IRS is
complete and accurate, (3) develop agency-wide standards to ensure consistency when
requiring taxpayers to substantiate claims and when allowing taxpayers future
exemptions and credits, (4) develop specific closing codes for cases involving identity
theft, and (5) develop an Enterprise Identity Theft Strategy that includes
processes to proactively
identify instances of identity theft and to resolve identification number
discrepancies, while protecting tax revenue and enforcing the law.
Management’s Response: The
IRS agreed with our recommendations and has developed an Enterprise Identity
Theft Strategy. A primary component of
this Strategy is outreach, and the IRS has made substantial progress in
developing communication vehicles and making them available to the public. Specifically, the IRS has established a web
site on IRS.gov and provided updated information and contacts to the Federal Trade
Commission. It has also updated
correspondence used to communicate with identity theft victims, finalized a
plan to update major publications, and updated correspondence used to provide
information to taxpayers who have duplicate returns.
The IRS has
established the Multi-Agency Identity Theft Working Group and initiated a
multiagency panel discussion with representatives from the Social Security
Administration and the Department of the Treasury. A key feature of its Victim Assistance Strategy
is to develop consistency among processes to ensure taxpayers receive equitable
treatment. The IRS has modernized its
process to dramatically reduce the time needed to resolve cases, thus reducing
the need to suspend refunds or credits while cases are being resolved.
The IRS developed standards for documentation to be used to
validate the identity of the taxpayer, the taxpayer’s address, and the fact of
the theft in cases of identity theft.
The documentation required by the IRS is consistent with that required
by the Federal Trade Commission and the Social Security Administration.
The IRS has refined its closing codes to include identity
theft. The Identity Theft Program Office
will accumulate these data from the IRS and other sources, such as the Federal
Trade Commission, to determine trends.
These trends will be used to develop or enhance outreach activities and
communication vehicles and to focus resources on enforcement initiatives.
Prevention is the final part of the IRS Enterprise Identity
Theft Strategy. The Strategy outlines
several options for initiatives targeted at preventing or deterring identity theft. These activities will be monitored and
coordinated through the Identity Theft Program Office.
The IRS did not
agree with the amount of the first outcome measure (a potential $8.5 million in
inefficient use of resources), stating it should be revised from $8.5 million
to $676,000 because the IRS believes we made an incorrect assumption. The IRS also did not agree with the second
outcome measure (a potential $9 billion in increased revenue over 5 years),
stating it was based on a recommendation in the report to expand a current IRS tax
withholding compliance program. Management’s complete response to the draft
report is included as Appendix V.
Office of Audit Comment: We disagree with the IRS’ assertion that the outcome measure should be revised from $8.5 million to $676,000. In addition, we did not recommend the IRS expand a current tax withholding compliance project; therefore, the second outcome measure is not directly related to the IRS’ current tax withholding compliance program.
Outcome Measure One: Management
stated that, in five of eight cases we reviewed, the IRS Individual Taxpayer Identification
Number (ITIN) on the tax return was also used as the Taxpayer Identification Number
(TIN) on the associated Wage and Tax Statement (Form W-2). We agree that for the five cases there was a
match between the ITIN used on the tax return and the TIN used on the Form W-2
and, in the situation where an ITIN was used on both the tax return and the
Form W-2, no identity theft victim would result. However, for the remaining three cases, the
ITINs on the tax returns did not match the TINs on the associated Forms
W-2. For these three cases, the
associated Forms W-2 contained SSNs.
The figures
supporting our outcome measure did not include situations relating to the five
cases. The figures included in our
report involved only those occurrences in which an ITIN was used to file a tax
return that claimed wages and no corresponding Form W-2 was located with this
ITIN. Therefore, the assumption is wages
were earned and reported under another TIN.
If the characteristics relative to the underreporting meet the Automated
Underreporter (AUR) Program criteria, these cases could be selected and
ultimately closed as identity theft.
This would result in the inefficient use of resources. The IRS has the ability to proactively
eliminate these cases from AUR Program inventory if it captured this
information. Taking this action would be
in line with its Enterprise Identity Theft Strategy of balancing service with enforcement
by focusing on victim assistance, outreach, and prevention.
Outcome Measure Two:
Although our outcome measure is calculated using the same withholding
rate used in the IRS’ tax withholding compliance program, in neither our report
nor discussions with management did we recommend the IRS expand its current tax
withholding compliance project [W-4 withholding compliance program]. As our report states, we believe Form W-2
mismatches provide yet another data source for the IRS to analyze and begin to
measure the impact that identity theft has on tax administration. The mismatch file could be used by the IRS to
develop compliance initiatives to address the identification number mismatches
and to protect any tax revenue associated.
We recognize that working these cases on a case‑by‑case
basis is probably not cost effective.
However, analyzing the data to develop initiatives may result in both
resolving the mismatches and protecting tax revenue.
Further,
management indicates that the recommendation focuses limited compliance
resources on a low-income population and that the outcome measure calculates
tax withholding, not tax liability.
Management indicated it is likely that the $9 billion withheld on low-income
taxpayers would be refunded. We have
recognized (as footnoted in Appendix IV) that individuals’ actual tax liabilities could
be different once they file tax returns.
The actual tax liabilities could be more or less than the amounts
withheld based on the exemptions, credits, and deductions the individuals claim
on their tax returns. However, until the
individuals file tax returns, the actual tax liabilities are unknown to us as
well as to the IRS.
We continue to recommend the IRS Enterprise Identity Theft
Strategy include processes to begin to resolve the identification number
discrepancies that totaled 7.9 million for Forms W-2 in Tax Year
2002. The IRS does not currently have a
program that attempts to resolve the 7.9 million identification number
mismatches or enforce tax laws relating to withholding and filing issues.
Copies of this
report are also being sent to the IRS managers affected by the report
recommendations. Please contact me at
(202) 622-6510 if you have questions or Michael R. Phillips, Assistant
Inspector General for Audit (Wage and Investment Income Programs), at (202)
927-0597.
Current Processes Help Address
Identity Theft Issues
Appendix
I – Detailed Objective, Scope, and Methodology
Appendix
II – Major Contributors to This Report
Appendix
III – Report Distribution List
Appendix IV
– Outcome Measures
Appendix V –
Management’s Response to the Draft Report
The Social Security
Administration (SSA) and law enforcement officials cite identity theft as one
of the fastest growing crimes in the United States (U.S.). The 1990s spawned a new variety of criminal
called identity thieves. Identity theft
occurs when someone uses another individual’s personal information, such as his
or her name, Social Security Number (SSN), credit card number, or other
identifying information, without permission, to commit fraud or other crimes. Once identity thieves have an individual’s
personal information, they can open new credit card accounts. They can also file a fraudulent tax return to
obtain an illegal tax credit or refund.
People whose
identities have been stolen can spend months or years and considerable money repairing
the harm identity thieves have done to their good names and credit records. In the meantime, victims may lose job
opportunities; be refused loans, education, housing, or cars; or may even be
arrested for crimes they did not commit.
Two studies
completed in July 2003 by Gartner, Incorporated, and Harris Interactive reported
that there were approximately 7 million victims of identity theft in the prior
12 months. That equaled an average of
19,178 victims per day. For Calendar
Year (CY) 2003, the majority of identity theft victims reported losses due to
credit card fraud (33 percent). Although
only a small percentage of the total reported identity thefts related to
fraudulent tax returns, the Federal Trade Commission (FTC) reported that the
percentage of fraudulent tax returns filed by identity thieves almost doubled
from CYs 2002 to 2003.
A picture was removed due to its size. To see the picture, please go to the Adobe
PDF version of the report on the TIGTA Public Web Page.
Federal
laws have been enacted making identity theft a crime
In October 1998, the Identity Theft and Assumption Deterrence Act made identity theft a crime. The law defines identity theft as when someone “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable state or local law.” Violations of the law are investigated by Federal law enforcement agencies, including the U.S. Secret Service, the Federal Bureau of Investigation, the U.S. Postal Inspection Service, the SSA Office of the Inspector General, and the Internal Revenue Service (IRS) Criminal Investigation (CI) Division.
Two additional laws reinforce the importance of identity theft. The Fair and Accurate Transactions Act, signed into law in December 2003, establishes a national system of fraud detection so victims can alert all three major credit bureaus with a single telephone call. The Identity Theft Penalty Enhancement Act was signed into law in July 2004 and adds an extra 2 years to a prison sentence if a criminal knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person in addition to committing another offense. An additional 5 years will be added to a sentence related to a terrorism offense if identity theft is involved.
The FTC is the Federal Government agency responsible for compiling identity theft complaint information
The FTC has been established as the Federal Government’s central repository for identity theft complaints. It provides victim assistance and consumer education. Although the FTC does not have the authority to bring criminal cases against identity thieves, it helps victims of identity theft by providing the victims with educational information in print, through its toll‑free hotline, and on its web site, consumer.gov/idtheft/. The FTC’s goal is to provide information to assist victims in resolving problems that can result from identity theft. The web site and hotline give individuals a single place to report identity theft to the Federal Government and receive helpful information.
Counselors at the FTC take complaints and advise individuals on how to deal with the problems that can result from identity theft. In addition, the FTC, in conjunction with other organizations, has developed the ID Theft Affidavit to help victims of identity theft restore their good names. The Affidavit can be used to report information to many organizations.
The FTC also serves as a central point for law enforcement agencies nationwide to research identity theft cases. The FTC enters complaints into a secure database, the Identity Theft Data Clearinghouse. The database contains identifying information of the victim, such as name, address, SSN, and date of birth. The database also includes the type of identity theft; a description of the complaint; details of the identity theft (dates and the amount of money involved); other problems incurred by the victim as a result of the identity theft; identifying information on the identity thief, if known; and any companies or credit bureaus creating identity theft problems for the victim.
Access to this database is limited to law enforcement authorities to assist them in their investigations. Complaints may also be shared with some private companies, such as credit bureaus and other appropriate entities, to help them in their investigations and victim assistance.
The SSN is the most widely used identifier for Federal and State Governments and the private sector
An SSN is needed to get a job in the
To obtain an SSN for a child at birth, the parent completes an Application for a Social Security Card (Form SS‑5). If the parent does not apply for the SSN at
the same time he or she applies for the birth certificate, the parent will have
to provide proof of age, identity, and
The Internal Revenue Code requires the SSN to be used as an identifying number
A picture was removed due to its size. To see the picture, please go to the Adobe PDF version of the report on the TIGTA Public Web Page
The Internal Revenue Code provides that any person filing a tax return, statement, or other document shall include an identifying number for securing proper identification for this purpose. The SSN shall be used as the identifying number for individuals for this purpose, except as otherwise specified under regulations.
In 1996, Treasury Regulations were issued to create an IRS Individual
Taxpayer Identification Number (ITIN) that would provide alien individuals an
identifying number to use to meet
Each year, the SSA receives wage reporting information from
employers, including income reported on the Wage and Tax Statement (Form
W-2). The
SSA processes about 240 million Forms W-2 from about 6.5 million
employers. These Forms W-2 record the
wages earned by about 145 million workers annually.
The chart was
removed due to its size. To see the
chart, please go to the Adobe PDF version of the report on the TIGTA Public Web
Page.
The IRS Information Reporting Program (IRP) is used to match taxpayer income and deduction information submitted by third parties to amounts reported on individual income tax returns. The Internal Revenue Code, via the IRP, is the cornerstone of voluntary compliance and affects compliance and revenue across every taxpayer and market segment. The IRP helps ensure a high level of compliance by requiring third parties, such as employers, banks, brokerage firms, and others, to file information returns reporting taxpayer income and certain deductions to the IRS.
Two primary types of identity theft relate to tax administration
The first type involves an individual using another person’s identity (name and SSN) to file a fraudulent tax return to steal a tax refund. The individual committing this type of fraud frequently files the fictitious tax return electronically, early in the filing season. The individual whose identity was stolen later files his or her tax return and the IRS identifies it as a duplicate tax return. When this happens, the IRS freezes the second tax return, including any tax refunds due, and begins a process of corresponding with the individuals involved in the duplicate filing. This requires considerable time and effort by the legitimate taxpayer to prove he or she is a victim of identity theft. The victim’s tax refund, if frozen, will not be issued until the matter is resolved.
The second type of identity theft related to tax administration involves using another person’s identity (name, SSN, or both) to obtain employment. This frequently involves undocumented workers. The wage information is reported to the SSA by the employer (on the Form W-2) under the stolen identification information.
In the case of identity theft, the person who stole the identity may use the SSN of another person but still use his or her own name. When the Form W-2 information is received from the SSA, the IRS performs a match of the SSN and name on the Form W-2 to IRS records. If the SSN and name on the Form W-2 do not match IRS records, the Form W-2 is considered invalid.
The IRS uses the Form W-2 information during the IRP process of matching wages to tax returns. In the case of identity theft, the IRS identifies a mismatch or underreporting of income, when in fact the identity theft victim did not underreport his or her income. If a mismatch is identified, the IRS will issue a notice to the individual involved in the mismatch (the victim) and propose an assessment of additional taxes owed relating to the underreported wages. The victim must then work with the IRS to resolve the mismatch of wages, including trying to prove that he or she may be a victim of identity theft.
This review was performed at the IRS National Headquarters in the Wage and Investment Division Compliance and Accounts Management (AM) functions in Atlanta, Georgia; the CI Division, Taxpayer Advocate Service, and FTC offices in Washington, D.C.; the Andover, Massachusetts, Atlanta, Georgia, and Brookhaven, New York, Campuses; and the SSA office in Baltimore, Maryland, during the period June 2004 through January 2005. The audit was conducted in accordance with Government Auditing Standards. Detailed information on our audit objective, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
The IRS recognizes the growing challenge of identity theft and its effect on tax administration. Existing processes and functions already deal
with certain aspects of identity theft.
For example, the IRS conducts routine verifications and checks when
processing tax returns and conducting compliance checks that may identify instances
of potential identity theft. In
addition, depending on the specifics of a potential identity theft issue, the tax
return/case may be forwarded to various IRS functions for additional actions.
The IRS uses individuals’ names and SSNs as the primary identifiers when performing its routine verifications and checks. For example:
· When processing a tax return, the IRS checks its records to ensure another tax return has not been previously filed for that tax year using the same primary taxpayer’s SSN listed on the tax return being processed. This ensures there is not a duplicate tax return situation.
If the IRS identifies that a tax
return was previously filed under the same primary SSN, the AM function will
attempt to resolve the duplicate tax return situation internally by researching IRS records to determine if the taxpayer
or the IRS made an error entering the SSN on the tax return. For example, it might compare the SSN on the
tax return to the one on the attached Form W‑2.
If the IRS is unsuccessful in resolving the duplicate tax return situation, it sends correspondence to both individuals that used the SSN. This correspondence advises both individuals that duplicate tax returns have been filed under the same SSN. This might be the first indication of a potential identity theft for both the IRS and the taxpayers. The IRS requests specific identifying documentation from the taxpayers and forwards it to the SSA, which will attempt to resolve the SSN discrepancy (i.e., identify which individual is the rightful owner of the SSN).
· Each year the IRS receives tax documents, called information returns, which are used to conduct compliance checks. Information returns include the Form W-2 as well as other IRS forms used to report, for example, interest income, miscellaneous income, gambling winnings, and pensions. Once the IRS receives the information returns, it performs computer verifications based on the taxpayers’ SSNs to match the information reported on the information returns to that reported on the tax returns.
If income (including wages) reported on an information return is not included in the income reported on the tax return, the IRS considers it an underreporter situation. If there is no tax return filed for the income reported, the IRS considers it a nonfiler situation or Taxpayer Delinquency Investigation (TDI).
Depending on specific criteria and resources available, either the IRS Automated Underreporter (AUR) function or TDI function will work selected underreporter and nonfiler cases to determine the correct amount of income that should have been reported. The functions will issue correspondence to the underreporting taxpayer asking him or her to resolve the discrepancy. The taxpayer may respond that the income is not his or her income.
These routine verifications and checks are an integral part of the IRS’ tax administration and may serve as a first indication to the IRS and taxpayers of a potential identity theft. However, neither the duplicate tax return nor underreporter process is designed to identify and deal with the issues and challenges of identity theft.
In addition to the IRS functions detailed above, the IRS has a CI Division that deals with tax schemes that could include identity theft issues. The CI Division investigates potential criminal violations of the Internal Revenue Code and related financial crimes. It has investigative authority and usually works tax schemes involving multiple taxpayers or individual cases involving large amounts of taxes/money. The CI Division has developed a Compliance Strategy to assist in identifying, developing, and investigating cases that foster confidence in the tax system and compliance with the law.
The IRS’ growing awareness of the effect identity theft has on tax administration has resulted in
the IRS recently designating a senior executive to head an Identity Theft Task
Force, a key goal of which is to develop an Enterprise Identity Theft Strategy. During the course of this review, we
discussed various concerns with IRS management.
In response, the IRS has begun to address some of these concerns as part
of its Identity Theft Task Force, including meeting with the SSA in an attempt
to reduce the time needed to determine the owner of an SSN.
The IRS does not have a consistent process to educate and assist taxpayers, and, although the IRS works toward resolving duplicate tax return and underreporting situations, it does not always take additional actions to deal with the individuals that have used another’s name or SSN to file fraudulent tax returns or obtain employment. In addition, the IRS does not have comprehensive or centralized data on identity theft to determine the effect identity theft has on tax administration.
This happened because the IRS has not developed a corporate
strategy to address the growing significance of identity theft and its effect
on tax administration. Until the IRS
develops an agency-wide strategy, it will be unable to help taxpayers and the
Federal Government combat the growing threat of identity theft and assist
criminal law enforcement’s efforts to prosecute offenders. Furthermore, one of the IRS’ strategic goals
is to improve taxpayer service. The IRS
will be unable to meet this goal if an agency-wide strategy for handling
identity theft issues is not developed.
In recent years, the IRS has developed a corporate strategy and agency‑wide approach to combat another issue that significantly affects tax administration, the Earned Income Tax Credit (EITC). The IRS recognized that numerous functions dealt with different aspects of the EITC, a credit the IRS had identified as having a significant rate of noncompliance. To better understand the causes and develop solutions, the IRS formed a Project Office to develop policy and procedures in an attempt to consistently deal with the issue. The IRS continues to centralize many of the EITC processes.
The IRS does not have a consistent process to educate taxpayers
Information on identity theft and the problems it presents
with tax administration is not available to taxpayers using the communication
methods the IRS normally promotes, such as key publications and the IRS
Internet site (IRS.gov). Key instructions and publications, including the U.S.
Individual Income Tax Return (Form 1040) instruction booklet and Your Federal Income Tax (Publication 17),
do not provide taxpayers with information on what they should do if they
believe they are victims of identity theft.
The IRS also does not use its Internet site or its publications to refer
taxpayers to the FTC. However, IRS.gov does
provide taxpayers with alerts on tax schemes that involve stolen identities.
Information provided by the IRS through its toll-free customer service telephone line, for use by other Federal Government agencies when referring taxpayers to the IRS, and correspondence sent to taxpayers does not adequately provide individuals with the information they need to resolve their issues. For example:
· When taxpayers contact the IRS toll-free telephone line, no general information is available on what they should do if they believe they are victims of identity theft. The information available is limited to only those taxpayers that call and inquire about what to do if someone has filed a tax return using their SSN (duplicate tax return situations). IRS procedures require the telephone assistors to advise taxpayers to contact the FTC. Although the IRS does not have general information available through its toll-free telephone number, referral procedures provided by the IRS to the SSA instruct the SSA to refer individuals that report an identity theft involving a tax matter to the IRS toll-free customer service telephone number.
· When individuals contact the FTC, referral procedures provided by the IRS instruct the FTC to refer these individuals to either the Office of the National Taxpayer Advocate (the IRS Taxpayer Advocate Service (TAS)) or the CI Hotline (the IRS Fraud and Abuse Hotline). However:
o IRS.gov does not have any general information on what taxpayers should do if they believe they are victims of identity theft.
o Officials in the TAS stated that the TAS should not be a contact for referral, but if the alternative is to have the taxpayer call the IRS toll‑free customer service telephone number, the TAS would rather take the call.
o Procedures for the Fraud and Abuse Hotline are inconsistent. Both sets of CI Division procedures require that the victim’s information be collected. However, the first set of procedures requires the information to be referred to the IRS Exam Identity Theft Unit, which does not exist. The second set of procedures requires the Fraud and Abuse Hotline referrals to be sent to the local CI Division office.
Correspondence sent to taxpayers because of IRS verifications and checks contains incomplete or inaccurate information. For example:
The AM function sends correspondence to taxpayers involved with a duplicate tax return situation. The correspondence states, “The Form [xx] you filed with us for the tax year ended [xx] shows your social security number as [xx]. Our records show the same social security number belongs to another taxpayer.”
However, at the time the correspondence is sent, the IRS does
not know which taxpayer owns the SSN used to file both tax returns. In addition, subsequent correspondence sent to
these taxpayers does not appropriately inform them of all the ramifications of
the duplicate tax return situation, (i.e., that, until the situation is
resolved, the taxpayers will be unable to receive certain deductions and
credits).
With the percentage
of fraudulent tax returns being filed by identity thieves almost doubling and
the effect identity theft has on individuals whose information is stolen, the
IRS needs to ensure taxpayers have sufficient information to help resolve their
issues. In addition, this information
should ensure taxpayers understand the actions the IRS takes when trying to resolve
the situation and how it affects them when trying to comply with their future tax
obligations.
The Deputy Commissioner for Services and Enforcement should
ensure:
1. Agency-wide communication tools used to educate and assist taxpayers are updated to include information about identity theft and what to do if taxpayers believe they are victims of identity theft. This should include referring taxpayers to the FTC.
Management’s Response: The IRS agreed with this recommendation and has developed an Enterprise Identity Theft Strategy. A primary component of this Strategy is outreach that focuses on updating communication and outreach vehicles. The IRS has documented this Strategy in its Identity Theft Communication Plan and made substantial progress in developing these vehicles and making them available to the public.
Specifically, the IRS has established a web site on IRS.gov and provided updated information and contacts to the FTC. It has also updated correspondence used to communicate with identity theft victims and finalized a plan to update major publications.
Lastly, the IRS has established the Multi-Agency Identity Theft Working Group and initiated a multiagency panel discussion with representatives from the SSA and the Department of the Treasury.
2. Information provided by the IRS to taxpayers or other Federal Government agencies when referring individuals to the IRS is complete and accurate, including correspondence sent to taxpayers involved in a duplicate tax return situation.
Management’s Response: The IRS agreed with this recommendation. It has updated communication vehicles to include references to the FTC and SSA and will continue to collaborate with the FTC and SSA through the Multi-Agency Identity Theft Working Group on communication and outreach. The IRS has also updated the correspondence used to provide more information to taxpayers who have duplicate returns. Lastly, the IRS has reviewed various procedures regarding fraud referral to ensure they are comprehensive and address identity theft cases.
The IRS does not have consistent processes to assist taxpayers that may be victims of identity theft
Procedures and processes of the various IRS functions that assist taxpayers that may be victims of identity theft are not consistent. For example:
·
The AM function attempts to resolve duplicate
SSN discrepancies (the duplicate tax return situations) to ensure legitimate
tax returns are filed with correct SSNs.
The function requests that taxpayers submit copies of identifying
documents, such as a driver’s license, passport, or birth certificate. It also asks taxpayers to provide their place
of birth and parents’ names. Once it
receives this information, the AM function forwards the information to the SSA,
which then attempts to determine which taxpayer owns the SSN.
While the SSA is conducting its research, the IRS assigns a taxpayer involved with the duplicate tax return situation a temporary Taxpayer Identification Number (TIN) to use when filing future tax returns. Because temporary TINs are not valid SSNs, certain credits and deductions requiring an SSN will not be allowed, including the EITC and dependent exemptions.
·
The CI Division attempts to
resolve duplicate tax return situations when there are indications of fraud. In working these cases, the CI Division does
not routinely assign a taxpayer a temporary SSN, although it does assign a
temporary SSN when the fraudulent tax return includes a claim for the EITC. Taxpayers determined to be the rightful
owners of the SSNs can continue to file tax returns using their SSNs. The CI Division will place a freeze code on
the account of the rightful owner that enables it to monitor the account in
subsequent years and prevent the issuance of false refunds in the future.
· The AUR and TDI functions focus on the underreporting or nonreporting of income. Procedures enable taxpayers to provide support that the income is not theirs either verbally or in writing. If the taxpayers claim the income is not theirs, the functions close the cases without any changes.
The National Taxpayer Advocate recognized the inconsistency with which the IRS assists potential victims of identity theft. In the National Taxpayer Advocate 2004 Annual Report to Congress, the Advocate lists the inconsistency of procedures in IRS functions nationwide as one of the most serious problems facing taxpayers. The Advocate cited the assistance the IRS provides to victims of identity theft as an example of these inconsistent procedures.
The function working the cases affects what information taxpayers are required to provide, as well as what credits and deductions taxpayers can claim while their cases are being resolved. However, the information required to substantiate identity theft should be consistent to ensure equal treatment and appropriate resolution of the identity theft cases.
The Deputy Commissioner for Services and Enforcement should:
3. Develop agency-wide standards to ensure the information taxpayers are asked to provide to substantiate claims of identity theft is consistent throughout the IRS. These standards should also ensure taxpayers are consistently allowed applicable future exemptions and credits while identity theft cases are being resolved.
Management’s Response: The IRS agreed with this recommendation. A key feature of its Victim Assistance Strategy is to develop consistency among processes to ensure taxpayers receive equitable treatment. Through process reengineering efforts, the IRS has modernized the process to dramatically reduce the time needed to resolve cases as well as ensure consistency. The substantial reduction in case resolution time will also reduce the need to suspend a taxpayer’s refund or credits while the case is being resolved, resulting in treatment consistent with that provided to taxpayer cases in the CI Division.
The IRS also developed standards for documentation to be used to validate the identity of the taxpayer, the taxpayer’s address, and the fact of the theft. The documentation required by the IRS is consistent with that required by the FTC and the SSA.
The IRS does not have comprehensive or centralized data to measure the effect identity theft has on tax administration
Identity theft is not specifically recorded as a category when the IRS works cases that involve potential instances of identity theft. Although the multiple functions that assist in these cases have closing codes that record how cases are resolved, the IRS has not developed specific closing codes to use when cases are resolved based on a claim of identity theft. For example, the AUR function closes cases involving a claim of identity theft by using a code that indicates “case closed – complex issue not pursued.” The TDI function closes these cases using a closing code that indicates “income below filing requirement.”
Although these cases include claims of identity theft, a distinction cannot be made between cases closed because of identity theft and cases closed with “complex issue not pursued” or “income below filing requirements” not due to identity theft. Without a consistent method to capture the cases involving identity theft, the IRS does not know how many taxpayers are affected and the extent of the effect on tax administration.
Although the IRS does not have comprehensive or consolidated data on identity theft, it does have existing data that can be used to begin to measure the effect of identity theft. We analyzed selected data and obtained examples of data in which identity theft appears to be a component. We believe these data could be used to begin to compile management information on identity theft. In addition, these data sources could be used to develop compliance initiatives to address identification number discrepancies and to protect tax revenue associated with these discrepancies. For example:
· A computer-matching program developed by the IRS identifies tax returns involved in a duplicate tax return situation with a high probability of being a case in which two individuals are using the same SSN to file a tax return. Currently, this program uses characteristics from the duplicate tax returns. The program identifies mismatches between secondary SSNs and zip codes from both tax returns filed for the same SSN and tax period.
· An analysis of Tax Year (TY) 2002 tax return data showed 378,418 tax returns filed using ITINs had income reported from wages; however, there was no ITIN on a related Form W-2 for these wages. This could indicate that the ITIN filer is using an identity of another individual to gain employment. In addition to the potential burden that may be caused to the individuals whose identities were used by the ITIN filers, the IRS could be inefficiently using its limited compliance resources. For example, if the 378,418 individuals whose SSNs were used were identified by the AUR function as underreporter cases, the IRS would needlessly expend approximately $8.5 million in resources to close these cases with no changes.
· An analysis of TY 2002 Forms W-2 showed 7.9 million mismatches for which the SSN and name on the Form W-2 do not match the SSN and name issued by the SSA (considered an invalid Form W-2). For example:
o
A retired
taxpayer’s SSN was reported on numerous other individuals’ Forms W-2 presumably
used to gain employment. The wages
earned were reported on Forms W-2 under the SSN of the retired person; however,
another name was used. The Forms W-2
contained wage earners’ addresses in states different from that of the retired
taxpayer. The wages totaled
****(b)(3); (b)(7)(C)****
with tax withholdings of only ****(b)(3);
(b)(7)(C)****.
o
About
9,500 separate companies were identified as each issuing 100 or more of the
Forms W-2 on which the names did not match the SSNs and names on file with the
SSA. Over 1,000 of the 9,500 companies
had discrepancies in 75 percent or more of their Forms W-2.
Further analysis of the data indicates compliance problems similar to
those identified in a new IRS tax withholding compliance program initiated in Fiscal
Year 2005. Under the guidelines of the
new tax withholding compliance program, the IRS will send letters to
individuals with low withholding and a tax compliance issue ****(b)(7)(E)**** proposing
to set their withholding rates at the percentage withheld for individuals
filing as single with zero exemptions. At
the same time, the IRS will send letters to employers advising them to withhold
at the rate of single with 0 exemptions on a date specified in the letter (that
will be no earlier than 45 days after the date of the letter) if the IRS does
not subsequently contact them. At any
time after receiving the letter, including before the employer imposes the new
withholding rate, the employee (taxpayer) may be able to justify to the IRS a
filing status and/or a withholding rate different from that specified in the
initial letter.
We analyzed the 7.9 million Forms W-2 using criteria similar to that
used in the new IRS tax withholding compliance program. In addition, we eliminated Forms W-2 with wages
less than $7,950, the income threshold required for an individual to file a tax
return if filing as single with no dependents.
We identified:
o
A total
of 1,086,195 Forms W-2 on which the SSN was not used to file a TY 2002 tax
return.
o
A total
of $19.7 billion dollars in income and $287 million in taxes withheld. The average income and taxes withheld were $18,165
and $264, respectively.
o
Over
355,500 unique companies that issued the 1,086,195 Forms W-2.
If the IRS required
the individuals listed on the 1,086,195 Forms W-2 to withhold at the single
withholding rate with 0 exemptions, the potential increase in tax revenue would
be about $9 billion ($1.8 billion annually over 5 years). This assumes an average wage of $18,165 and a
10.86 percent withholding rate required for a person filing as single
with no dependents.
Identity theft presents significant
challenges to Federal and State Governments.
We understand the unique and significant challenges the IRS faces when
dealing with issues of identity theft and tax administration. To meet these challenges and balance customer
service with enforcement, the IRS needs to develop a corporate strategy that
will proactively identify instances of identity theft and determine the optimum
approach to resolving identification number discrepancies and reducing taxpayer
burden, while protecting revenue and enforcing the law.
4.
Develop specific
closing codes for cases involving identity theft that will allow the IRS to
track and monitor the effect of identity theft on tax administration.
Management’s Response: The IRS agreed with this recommendation. The IRS has refined its AUR and TDI function closing codes to include identity theft. The Identity Theft Program Office will accumulate these data from the IRS and other sources, such as the FTC, to determine trends. These trends will be used to develop or enhance outreach activities and communication vehicles and to focus resources on enforcement initiatives.
The IRS did not agree with the amount of the first outcome measure (a potential $8.5 million in inefficient use of resources), stating it should be revised from $8.5 million to $676,000 because the IRS believes we made an incorrect assumption.
Office of Audit Comment: We disagree with
the IRS’ assertion that the outcome measure should be revised from $8.5 million
to $676,000. Management stated that, in
five of eight cases we reviewed, the ITIN on the tax return was also used as
the TIN on the associated Form W-2. We
agree that for the five cases there was a match between the ITIN used on the
tax return and the TIN used on the Form W-2 and, in the situation where an ITIN
was used on both the tax return and the Form W-2, no identity theft victim
would result. However, for the remaining
three cases, the ITINs on the tax returns did not match the TINs on the
associated Forms W-2. For these three
cases, the associated Forms W-2 contained SSNs.
The figures supporting our outcome
measure did not include situations relating to the five cases. The figures included in our report involved
only those occurrences in which an ITIN was used to file a tax return that
claimed wages and no corresponding Form W-2 was located with this ITIN. Therefore, the assumption is wages were
earned and reported under another TIN.
If the characteristics relative to the underreporting meet the AUR Program
criteria, these cases could be selected and ultimately closed as identity
theft. This would result in the
inefficient use of resources. The IRS
has the ability to proactively eliminate these cases from AUR Program inventory
if it captured this information. Taking
this action would be in line with its Enterprise Identity Theft Strategy of
balancing service with enforcement by focusing on victim assistance, outreach,
and prevention.
5.
Follow
through on the Identity Theft Task Force’s goal of developing an Enterprise
Identity Theft Strategy. The Strategy
should include processes to proactively identify instances of identity theft, resolve
identification number discrepancies, and ensure appropriate tax withholding while
enforcing the law.
Management’s Response: The IRS agreed with this recommendation. Prevention is the final part of the IRS
Enterprise Identity Theft Strategy. The
Strategy outlines several options for initiatives targeted at preventing or
deterring identity theft. These
activities will be monitored and coordinated through the Identity Theft Program
Office.
For
example, the IRS will work with employers through several initiatives to reduce
the incidence of theft related to employment, and tax return preparers who
promote schemes for clients to make false claims of identity theft to
underreport income and maximize refundable credits will face penalties and
sanctions.
The
IRS did not agree with the second outcome measure (a potential $9 billion in
increased revenue over 5 years), stating it was based on a recommendation in
the report to expand a current IRS tax withholding compliance program.
Office of Audit Comment: Although our
outcome measure is calculated using the same withholding rate used in the IRS’
tax withholding compliance program, in neither our report nor discussions with
management did we recommend the IRS expand its current tax withholding compliance
program [Form W-4 withholding compliance program]. As our report states, we believe Form W-2
mismatches provide yet another data source for the IRS to analyze and begin to
measure the impact that identity theft has on tax administration. The mismatch file could be used by the IRS to
develop compliance initiatives to address the identification number mismatches
and to protect any tax revenue associated.
We recognize that working these cases on a case‑by‑case
basis is probably not cost effective.
However, analyzing the data to develop initiatives may result in both
resolving the mismatches and protecting tax revenue.
Further, management indicates that
the recommendation focuses limited compliance resources on a low-income population
and that the outcome measure calculates tax withholding, not tax
liability. Management indicated it is
likely that the $9 billion withheld on low-income taxpayers would be
refunded. We have recognized (as
footnoted in Appendix IV) that individuals’ actual tax liabilities could be different once they
file tax returns. The actual tax
liabilities could be more or less than the amounts withheld based on the
exemptions, credits, and deductions the individuals claim on their tax
returns. However, until the individuals
file tax returns, the actual tax liabilities are unknown to us as well as to
the IRS.
We continue to recommend the IRS
Enterprise Identity Theft Strategy include processes to begin to resolve the
identification number discrepancies that totaled 7.9 million for Forms W-2
in TY 2002. The IRS does not currently
have a program that attempts to resolve the 7.9 million identification number
mismatches or enforce tax laws relating to withholding and filing issues.
Appendix I
Detailed Objective,
Scope, and Methodology
The
overall objective of this review was to determine whether the Internal Revenue Service (IRS) has an effective process to
educate and assist taxpayers that are victims of identity theft. To accomplish this objective, we:
I. Determined whether the IRS educates taxpayers that are victims of identity theft on the process to resolve their tax accounts.
A. Discussed with the appropriate officials how the IRS educates taxpayers on the process to resolve their tax accounts when they are victims of identity theft.
B. Obtained and reviewed key communication vehicles to determine how the IRS educates taxpayers about its process for handling identity theft cases.
II. Determined whether the IRS has an effective process to resolve taxpayer accounts when identity theft has occurred.
A. Determined
whether the IRS has a process to assist taxpayers whose identities are stolen
for the purpose of obtaining employment or filing false tax returns.
B.
Determined whether State tax agencies may
have a process that can be used by the IRS as a best practice when assisting taxpayers
that are victims of identity theft.
C.
Determined whether the IRS has a management information
system that captures information on identity theft cases.
D. Determined whether the IRS can implement a proactive process to assist taxpayers that are victims of identity theft.
III.
Determined
the potential amount of inefficient use of resources and increased revenue.
A. Determined the potential amount of inefficient
use of resources from identity theft cases not being worked by the Automated
Underreporter function. The
Automated Underreporter function works cases that show an underreporting of
income. The cases are a result of a
match of the income reported by taxpayers on their tax returns to third-party
information received by the IRS. See methodology in Appendix IV.
B. Determined the number of instances with an invalid Wage and Tax Statement (Form W-2) (Social Security Number and name do not match IRS records) for which there is no corresponding tax return for Tax Year 2002, the wages are below what would be included in the IRS Compliance Program and above the filing requirement, and the Form W-2 had a low withholding rate.
Appendix II
Major Contributors to This
Report
Michael R. Phillips, Assistant Inspector General for Audit
(Wage and Investment Income Programs)
Augusta R. Cook, Director
Russell P. Martin, Audit Manager
Pamela DeSimone, Lead Auditor
Patricia Jackson, Auditor
Mary Keyes, Auditor
Jeffrey Williams, Information Technology Specialist
Appendix III
Commissioner C
Office of the
Commissioner – Attn: Chief of Staff C
Commissioner, Small
Business/Self-Employed Division SE:S
Commissioner, Wage and Investment
Division SE:W
Chief, Criminal
Investigation SE:CI
Deputy Commissioner, Small
Business/Self-Employed Division SE:S
Deputy Commissioner, Wage and
Investment Division SE:W
Director, Business Systems
Planning, Wage and Investment Division
SE:W:BSP
Director, Communications, Liaison, and Disclosure, Small Business/Self-Employed Division SE:S:CLD
Director, Compliance, Wage and
Investment Division SE:W:CP
Director, Customer Account
Services, Wage and Investment Division
SE:W:CAS
Director, Refund Crimes, Small
Business/Self-Employed Division SE:CI:RC
Acting Director,
Strategy and Finance, Wage
and Investment Division SE:W:S
Acting Chief, Performance Improvement, Wage and Investment Division SE:W:S:PI
Chief Counsel CC
National Taxpayer Advocate TA
Director, Office of Legislative Affairs CL:LA
Director, Office of
Program Evaluation and Risk Analysis
RAS:O
Office of
Management Controls OS:CFO:AR:M
Audit Liaisons:
Acting Chief, Customer Liaison, Small
Business/Self-Employed Division
SE:S:COM
Acting Senior
Operations Advisor, Wage and Investment Division SE:W:S
Appendix IV
This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration. These benefits will be incorporated into our Semiannual Report to the Congress.
Type and Value of Outcome Measure:
· Inefficient Use of Resources – Potential; $8.5 million (see page 9).
Methodology Used to Measure the Reported Benefit:
An analysis of Tax Year (TY) 2002
tax return data showed 378,418 tax returns filed using Internal Revenue Service (IRS) Individual Taxpayer Identification
Numbers (ITIN) had income reported from wages; however, there were no
ITINs on a related Wage and Tax Statement (Form W-2) for these wages. This
could be an indicator that the ITIN filer is using the identity of another
individual to gain employment. In
addition to the potential burden that may be caused to an individual whose
identity was used by the ITIN filer, the IRS could be inefficiently using its
limited compliance resources to unnecessarily work underreporter cases. If the 378,418 individuals whose Social
Security Numbers (SSN) were used were identified by the Automated Underreporter
(AUR) function as underreporter cases, the IRS would needlessly spend
approximately $8.5 million in resources to close these cases with no changes. This
was calculated as follows:
|
Calculation of Total Salaries for AUR
Function Employees for Fiscal Year 2004 |
|
|
Permanent salaries |
$27,165,343 |
|
Temporary salaries |
$11,820,606 |
|
Overtime |
$2,066,222 |
|
Night differential |
$652,053 |
|
Premium dollars |
$784 |
|
Total salaries |
$41,705,008 |
|
Calculation of Average Salary for AUR Function
Employees |
|
|
Total permanent, temporary, overtime,
night differential, and premium dollars |
$41,705,008 |
|
Total Full-Time Equivalents (FTE) |
819 |
|
Average salary (total salaries/FTEs) |
$50,922 |
|
Calculation of Time to Close an AUR Function
Case |
|
|
Minutes in a work year
(2,096 hours x 60 minutes) |
125,760 |
|
Cases closed in Fiscal
Year 2004 |
2,257 |
|
Time to close an AUR function
case (minutes in a work year/cases closed) |
56 minutes |
|
Calculation of Cost to Close an AUR Function
Case |
|
|
Average salary |
$50,922 |
|
Minutes in a work year |
125,760 |
|
Cost per minute
(average salary/minutes in a work year) |
$.40 |
|
Minutes to work/close
an AUR function case |
56 |
|
Cost to close an AUR function
case ($.40 per minute x 56 minutes to work) |
$22.40 |
|
Calculation of Inefficient Use of
Resources |
|
|
Cost to close an AUR function
case |
$22.40 |
|
ITIN tax returns with
wages and no associated Form W-2 |
378,418 |
|
Inefficient use of
resources if these cases did not go to the AUR function |
$8.5 million |
Type and Value of Outcome Measure:
· Increased Revenue – Potential; $9 billion ($1.8 billion annually over 5 years) (see page 9).
Methodology Used to Measure the Reported Benefit:
We analyzed 7.9 million
Forms W-2 using criteria similar to that in a new tax withholding compliance
program the IRS is initiating in Fiscal Year 2005. We eliminated from our results Forms W-2 that
meet the dollar tolerance for inclusion in this new compliance program. We also eliminated the Forms W-2 with
earnings less than $7,950, the income threshold required for an individual if
the filing status is single with no dependents.
In addition, we eliminated any individuals who filed a tax return for TY
2002. Our analysis identified:
The following is the
calculation for the increased revenue:
|
Calculation of
Invalid Forms W-2 (Grouped by the SSN) ****(b)(7)(E)****,
Wages Between $7,950 and the IRS Withholding Compliance Program Dollar
Tolerance, |
|
|
Total invalid Forms W-2
(wages between $7,950 and the IRS withholding compliance program dollar tolerance) |
1,822,995 |
|
Number of SSNs from
invalid Forms W-2 used to file a tax return as the Primary taxpayer |
391,701 |
|
Number of SSNs from
invalid Forms W-2 used to file a tax return as the Secondary taxpayer |
151,340 |
|
Total invalid Forms W-2
(****(b)(7)(E)****and wages between $7,950 and the IRS
withholding compliance program dollar tolerance) |
1,511,220 |
|
Number of invalid Forms
W-2 on which the SSN was not used to file a TY 2002 tax return |
1,086,195 |
|
Average wages |
$18,165 |
|
Average withholding |
$264 |
|
Total wages |
$19.7 billion |
|
Total withholding |
$287 million |
|
Calculation of Increased Revenue for Invalid Forms
W-2 (Grouped by the SSN) |
|
|
Total wages |
$19.7 billion |
|
Single with 0 exemptions withholding
rate for average wages of $18,165 |
10.86 percent |
|
Total withholding for single with zero
exemptions withholding rate |
$2.1 billion |
|
Actual withholding on the 1,086,195 invalid
Forms W-2 that were not used to file a |
$287 million |
|
Additional withholding for single with
zero exemptions withholding rate |
$1.8 billion |
|
Projection over 5 years |
$9 billion |
Appendix V
Management’s Response
to the Draft Report
The response was removed due to its
size. To see the response, please go to
the Adobe PDF version of the report on the TIGTA Public Web Page.