Things are difficult for the IRS right now. For the last few years, people contacting the IRS have encountered lengthy phone hold times, and identity theft and refund fraud drain billions of dollars’ worth of tax refunds into the pockets of international criminals. The Government Accountability Office has the job of overseeing government agencies, including the IRS, and it released a new report today about its issues and possible ways to fix them.
The 23-page report is actually quite readable, and worth looking at if you’ve been a victim of identity theft or refund fraud, you’re a tax preparer, or you’re interested in the future of how Americans file our taxes.
1.The IRS paid out $3.1 billion in refunds to scammers last year. We’ve discussed in the past how this scam works: someone with basic information about a U.S. taxpayer files a return with fake information, depositing their refund in the scammer’s own account. It’s a sophisticated operation and very lucrative.
While the IRS was able to stop most fraudsters in tax year 2014, they’re already figuring out how to hack and social engineer their way into more refunds next year. People whose W-2 information was taken in a variation of the Boss Scam this year should be especially vigilant, locking down their IRS e-filing information and filing their real returns as soon as possible.
2. The IRS doesn’t actually have your W-2 information before they issue your refund. Your employer had to send it to them, yes, and you used those numbers to file your taxes, but a previous GAO reprot on the IRS pointed out that the agency doesn’t actually match up the numbers that you put down on your return with the numbers that your employer provided until July.
This means that if you delay in filing, someone can file a fake return on your behalf and scoop up a fake refund based on whatever information they make up. If you put false information in your tax return, later in the year, the IRS will catch up with you. Scammers who live thousands of miles away don’t care.
3. The IRS could prevent fraud by checking taxpayers’ pay information against what their employers submitted before issuing refunds. This would be theoretically possible if they received W-2s electronically, but anyone with fewer than 250 employees can submit them on paper.
The GAO suggests that the IRS consider making all employers but the smallest businesses (with 5 to 10 employees) submit their W-2s electronically, and change their workflow to verify returns before cutting metaphorical and literal refund checks.
4. The IRS began an agency-wide information security program to lock things down But failed to implement all parts of it across the entire massive agency, leaving weak spots. An example: auditing who had access to which systems, and making sure that people only had enough access to do their own jobs.
5. The IRS did better dealing with taxpayers contacting them by phone this year, but took the average wait time down to an estimated 25.8 minutes, compared to 30.5 minutes last year.
6.The most important part of information security at the IRS is users getting access to e-file their returns: methods need to be secure enough that someone who has stolen a taxpayer’s identity can’t easily access their tax history and filing PIN, but easy enough to use that we don’t all forget our passwords from year to year.