Expert Article by Amy Ross Lauck
According to the Treasury Inspector General for Tax Administration (TITGA), the number of tax-related ID theft incidents has grown significantly since 2008, and the problem appears to be getting worse.[1] The IRS reported that the number of tax-related ID theft incidents in the calendar year 2011 alone was nearly three times the number of incidents reported in 2009 and 2010. [2]
The IRS indicated it was able to self-identify and prevent issuance of approximately $6.5 billion in fraudulent tax refunds during the 2011 calendar year. Despite these efforts, an analysis conducted by TITGA found that the number of fraudulent tax returns that were actually filed and processed by the IRS during the 2011 calendar year was significantly larger than what the IRS was able to detect and prevent.
According to TITGA, a significant majority of taxpayers (approximately 72 percent of taxpayers in 2011) are requesting to have their tax refunds direct deposited to their checking or savings account, or to a prepaid card. Unfortunately, direct deposit also has become the preferred method used by fraudsters to obtain fraudulent tax refunds. This type of disbursement method allows fraudsters to simply spend down the funds or withdraw funds from an ATM without having to provide identification, as would normally be required when cashing a paper refund check. ID theft is typically a prerequisite to tax refund fraud because federal income tax returns are tracked using individual taxpayer names and taxpayer identification numbers (TINs). Fraudsters have used various methods to obtain taxpayer information, including establishing fraudulent tax preparation businesses, phishing schemes and collusion with tax preparers or IRS employees.
Financial institutions and service providers, including prepaid access providers, play a significant role in helping the Treasury Department and law enforcement identify and prevent tax refund fraud because tax refund fraud, particularly via direct deposit, is commonly carried out by depositing refund proceeds to one or more accounts established through a financial services provider or multiple financial services providers. Although the prepaid industry has been diligently assisting the Treasury Department and law enforcement in mitigating tax refund fraud, the continued perception by certain media outlets and members of Congress that the industry is perhaps not doing enough or is potentially even enabling the fraud is disappointing to say the least. The prepaid industry, the Treasury Department and law enforcement share a common goal in wanting to identify and prevent tax refund fraud. Steps must be taken by all parties involved to assist in this effort. (See sidebars at xxx.)
The IRS has indicated it will employ a number of initiatives for the 2013 tax filing season to help detect tax-related ID theft before fraudulent tax refunds are processed. These initiatives include: • Designing new ID theft screening filters, including filters to identify changes in taxpayer circumstances from year to year. • Expanding its efforts to assist victims of ID theft by assigning victims identity protection personal identification numbers (PINs) and placing ID theft indicators on victims’ accounts for additional screening. • Expanding its efforts to prevent payment of fraudulent tax refunds claimed using deceased individuals’ names and TINs. • Analyzing data from prior ID theft cases to identify commonalities and trends that could be used to detect and prevent future tax refund fraud. • Attempting to use (1) current income and withholding information for individuals who receive Social Security benefits and (2) prior third-party income and withholding information to validate current-year income documents submitted in connection with questionable tax returns. • Establishing a specific code that financial institutions may use to reject questionable direct deposits specifically for name mismatches or questionable tax refunds. • Developing new filters to identify multiple deposits to the same account and instances where it appears tax return preparers and IRS employees may be improperly using the direct deposit program for unintended purposes. • Developing messaging to remind taxpayers and tax return preparers that taxpayers should not be direct depositing any portion of their refund to an account they do not own.
TITGA has identified a number of other recommendations to assist the IRS in combating tax refund fraud. These recommendations include: • Employing a real-time tax system to allow the IRS to verify current third-party income and withholding information to identify potentially fraudulent returns with false income documents. This recommendation would necessitate legislation to provide the IRS the ability to access and use current income information available through the National Directory of New Hires (“NDNH”) database. • Limiting the number of tax refunds that can be deposited to the same tax account and coordinating with other Federal agencies and financial institutions to develop a process to ensure that tax refunds issued via direct deposit to either a bank account or prepaid account are made only to an account held in the taxpayer’s name.[3] • Working with the Department of Treasury Financial Crimes Enforcement Network (“FinCEN”) to develop procedures that can be implemented to ensure authentication of individuals’ identities and prevent the direct deposit of tax refunds to debit cards issued or administered by financial institutions that do not take reasonable steps to authenticate individuals’ identities. • Adopting common industry practices for authenticating taxpayers’ identities, not only in the processing of tax returns but also when taxpayers call or write to the IRS requesting assistance with their refund (e.g., asking out of wallet questions or other ID verification information). • When the IRS processes a tax return with an address different from the one it has on file, notifying the taxpayer that his or her account has been changed with the new address and suspending correspondence at the new address until the taxpayer has validated the address change.
The IRS is evaluating the feasibility of implementing these recommendations, but has previously indicated that budget cuts and staffing reductions have impaired its ability to combat all the potentially fraudulent tax refunds it identifies.[4] Nevertheless, the initiatives the IRS has recently employed will, hopefully, help curb the incidence of tax refund fraud going forward.
WHAT PREPAID PROVIDERS CAN DO
Like the IRS and law enforcement, prepaid access providers have also been seeking ways to more effectively combat tax refund fraud. If you offer a prepaid program that allows accountholders to load tax refunds to their prepaid accounts, there are three key ways you can assist in identifying and preventing tax-related ID theft and fraud in connection with your prepaid program:
1. Know Your Customer
Properly authenticating an applicant’s identity is a critical step in mitigating the risk of ID theft and preventing tax refund fraud. If your prepaid program allows accountholders to load federal tax refunds to their prepaid accounts, you should ensure that you have a written customer identification program (CIP) including reasonable procedures to allow you to verify the identity of each applicant, particularly before cash access is enabled on the account.
2. Monitor Your Accounts
Account monitoring, both at the time of account opening and on an ongoing basis, is also an essential step in identifying and preventing tax refund fraud. Effective monitoring includes establishing account parameters (e.g., individual and aggregate velocity or dollar limits for associated accounts) and triggers to assist in identifying any red flags or suspicious activity that may suggest an account is being used to facilitate tax-related ID theft and fraud. FinCEN has, in consultation with the IRS and law enforcement, identified several red flags to assist financial institutions in identifying potential tax-related ID theft and fraud.[5] For prepaid accounts, these red flags include: • Multiple direct deposit tax refund payments, directed to different individuals, from the Treasury Department or state or local revenue offices made to a prepaid account held in the name of a single accountholder. • Suspicious account openings requested on behalf of individuals who are not present, with the fraudulent actor being named as having signatory authority, particularly if the subsequent source of funds is limited to the direct deposit of tax refund proceeds (typically indicates exploitation of tax returns for the elderly, minors, imprisoned, disabled or recently deceased). • Opening multiple prepaid accounts by one individual in different names using valid TINs for each of the supplied names but the same mailing address, particularly if tax refund proceeds are direct deposited to these accounts shortly after account activation or in situations where the deposit is followed quickly by ATM cash withdrawals and/or point-of-sale purchases. • Multiple prepaid accounts that are associated with 1) the same physical address (fraudulent actors may also contact customer service requesting to change their address for their personalized card shortly after opening a temporary card on-line]; 2) the same telephone number or mobile device; 3) the same e-mail address; or 4) the same Internet Protocol (IP) address, which receive tax refund proceeds as the primary or sole source of funds.
In addition to the FinCEN red flags, prepaid providers also may want to consider monitoring for the following: • Accountholders attempting to load third-party tax refund checks via remote image/deposit capture. • Inconsistencies in data supplied during application (e.g., providing a Texas phone number but Michigan address). • Tax refunds direct deposited to accounts with recently added secondary cardholders. • Multiple cards directed to the same physical location or general geographic vicinity (e.g., same street address but different apartment numbers). • Seemingly unrelated accounts linked by suspicious and usual email formats (e.g., [email protected]; [email protected], etc.) or other similar data elements (e.g., similar refund amounts). • Timing of tax refund, particularly if the refund is received outside the traditional tax season (typically January 15 through April 15).
3. Follow Up on Suspicious Transactions.
To the extent your account monitoring program identifies red flags that might suggest tax refund fraud, you also will want to have procedures in place to ensure that you are timely and appropriately responding to any suspicious activity identified. These procedures might include: • Attempting to contact the accountholder to confirm account opening and discuss any suspected fraudulent activity. This step may require you to look to third-party resources for contact information as the contact information provided during the application process likely will be unreliable. • Blocking or returning direct deposits or other transactions that exceed your account parameters or appear to be fraudulent. • Finally, if you know, suspect or have reason to suspect that a transaction involves funds derived from illegal activity or an attempt to disguise funds derived from illegal activity, you may be required to file a suspicious activity report (SAR) with FinCEN. When completing SARs on suspected tax refund fraud, FinCEN has advised reporting institutions to use the term “tax refund fraud” in the narrative section of the SAR and provide a detailed description of the activity.
While law enforcement has had recent success in uncovering some significant tax-related ID theft schemes and bringing the perpetrators to justice, more needs to be done on the front end to identify and prevent tax-related ID theft and fraud before the fraudsters abscond with taxpayer funds. Successfully combating this issue will require involvement by and cooperation and communication between all interested parties impacted by this issue, including the Treasury Department, law enforcement and financial services providers. Hopefully, the combined efforts these parties have been employing, including the efforts being employed by prepaid providers, will help put the industry on the right path towards reducing the incidence of tax-related ID theft and fraud during the 2013 tax filing season and beyond.
Endnotes
[1] “Identity Theft and Tax Fraud,” Hearing before the U.S. House of Representatives Committee on Oversight and Government Reform Subcommittee on Government Organization, Efficiency and Financial Management (November 4, 2011) (testimony of J. Russell George, Treasury Inspector General for Tax Administration). [2]“There Are Billons of Dollars in Undetected Tax Refund Fraud Resulting from Identity Theft”, Final Audit Report by Treasury Inspector General for Tax Administration, Reference Number 2012-42-080 (July 19, 2012). See also, “Processes for the Direct Deposit of Tax Refunds Need Improvement to Increase Accuracy and Minimize Fraud,” Final Audit Report by Treasury Inspector General for Tax Administration, Reference Number 2012-40-118 (September 25, 2012). [3] 31 C.F.R. § 210.5 requires tax refunds delivered via ACH deposit to be deposited into an account in the name of the taxpayer. If protocols were in place to mandate this, any tax refund deposit not meeting this requirement would be converted to a paper check and sent to the taxpayer. To cash the refund check, the check recipient would likely need to provide a picture ID matching the name on the check. TITGA believes this would serve as a deterrent to individuals seeking to commit tax refund fraud. To date, the IRS has expressed concern about this type of limitation due to situations in which an account is legitimately held in the name of multiple individuals. Furthermore, many financial institutions currently do not have the automated capability to match the name associated with an ACH deposit to the name listed on the account. The IRS has indicated it will take this recommendation into consideration to determine whether such restrictions can be effectively implemented. [4] “Identity Theft and Tax Fraud,” Joint Hearing before the U.S. House of Representatives Committee on Ways and Means Subcommittees on Oversight and Social Security (May 8, 2012) (testimony of J. Russell George, Treasury Inspector General for Tax Administration). [5] “Tax Refund Fraud and Related Identity Theft”, FinCEN Advisory FIN-2012-A005 (March 30, 2012).
