FINKSBURG, MD — The nursery in Terry and Stephanie McClung's house in suburban Baltimore seems frozen in time. A display case in the hallway is filled with memories of their daughter, Kaitlyn, who died in May, 2009, of sudden infant death syndrome (SIDS) at the age of five months.
"She was the best little girl anyone could ask for," Stephanie McClung said. "She had the fattest little cheeks, and she had the best laugh."
"We had the ideal American family, a boy, a girl and a dog and we were happy," Terry said.
"And that life ended the day she died," Stephanie said.
Alongside the pain the McClungs still feel nearly four years after the death of their daughter is a feeling of bewilderment and even violation over what happened next.
They filed their 2008 income tax return, claiming Kaitlyn as a dependent. But the IRS rejected the return.
"The dependent's Social Security number cannot be used more than once in a tax return. It also cannot appear in more than one tax return," read the automated response from TurboTax.
The McClungs instantly knew what had happened. (Read More: Online Tax Filing a Hit With Taxpayers – and Thieves)
Soon after Kaitlyn's death, they had joined a SIDS support group. Word began circulating in the group about a growing scam: identity thieves using the Social Security numbers of dead babies to file false tax returns and claim refunds.
"I was floored. That's the lowest of the low," Terry recalled. "I said let's hurry up and do our taxes before they get to Kaitlyn."
But it was too late.
"It's salt in the wounds, just for someone to take advantage of her and try to use her number to make a buck," Terry said. "We felt violated."
"It was the last time that we had to claim her as our own and somebody robbed us of that as well," Stephanie added.
And their nightmare was just beginning, because what followed for the McClungs was a trip down a bureaucratic rabbit hole.
"I called the IRS, they said to call Social Security because it was about her Social Security," Terry said. "So I called the Social Security department, they wanted me to call the IRS."
Stolen identity tax refund fraud, virtually unheard of just a few years ago, has become a massive problem. (Read More: Tax Scam: IRS Pays Out Billions in Fraudulent Refunds)
In 2008, the IRS said it had identified 47,730 incidents. By 2011, the last full year of data available, that number had ballooned to 242,142. Through the first nine months of last year, 641,690 incidents had been reported.
The Treasury Inspector General for Tax Administration (TIGTA) estimated in July that the problem has already cost $5.2 billion, and an estimated $21 billion in potentially fraudulent refunds due to identity theft could be issued in the next five years.
And for victims like the McClungs, TIGTA found the IRS's customer service woefully inadequate.
"Identity theft cases are not worked timely and can take more than a year to resolve," TIGTA found in a report issued in May. "Communication between IRS and victims are limited and confusing, and victims are asked multiple times to substantiate their identity."
In an interview, Treasury Inspector General for Tax Administration J. Russell George said the problem is a combination of limited resources at the IRS and a numbing bureaucracy that includes customer service telephone agents who simply did not follow up on taxpayer complaints, leaving the taxpayer back at square one when he calls back.
"You'd have people who didn't initially respond to that taxpayer complaint, and would essentially start the process all over again," George said. "As you can imagine if you're calling a credit card company how frustrating that could be. Imagine it with the IRS."
George said the bureaucracy works to the benefit of identity thieves.
"In effect it's a race to get your tax form filed. Most tax thieves know that if they file first they are perceived to be the legitimate taxpayer," George said.
Until recently, he notes, in the case of a discrepancy the IRS would simply contact the alleged thief and ask them to verify that they were the legitimate taxpayer, leaving the real taxpayer forced to verify — again and again —that they really are who they say they are. (Read More: Busch: Could a Chicago 'Quirky' Democrat Help Rebuild the GOP?)
"To their credit, they recently changed this," George said.
IRS spokeswoman Michele Eldridge denies the agency has been caught flat-footed by the sudden growth of identity theft.
"IRS takes refund fraud and identity theft very seriously," Eldridge said in an interview. "We've gotten a lot better at being able to protect and prevent the refund fraud, from when it hits the door."
Eldridge said the agency has employed a number of "filters" to detect fraudulent returns. She declined to offer specifics that might offer a road map for thieves.
In Congressional testimony in November, Deputy IRS Commissioner Beth Tucker said in the first ten months of 2012, the agency "protected approximately $20 billion of revenue related to fraudulent returns, including identity theft."
The IRS is also working more closely with criminal prosecutors.
The Justice Department's Tax Division, which historically has focused on offshore tax havens and other forms of tax evasion, now lists tax identity theft among its top priorities.
Assistant U.S. Attorney General Kathryn Keneally said identity thieves view the fraud as a "low risk, high reward crime."
"Our absolute goal is to alter that equation, through law enforcement activities, through prosecutions and our investigations, to make it clear that if you do this, you're going to prison," Keneally said in an interview.
She said the department has brought a number of successful cases, often getting stiff sentences "in excess of 25 years."
The IRS reports criminal investigations tripled last year from the year before, with nearly 900 investigations and nearly 500 indictments.
"That's how we're going to alter the equation," she said.
Still, investigators are battling with thieves for the upper hand.
"What we are seeing and combating are increasingly sophisticated networks, where instead of having one person just sit there and do the returns and collect the money, we've seen these networks. And with any business that you leverage, you can grow," Keneally said.
Compounding the problem is the sheer amount of data about taxpayers that can be readily available to thieves.
"The reality here is that very often what this crime involves are entire lists of identity information, often taken from some of the most vulnerable parts of society. Hospitals. Nursing homes. Death lists. Prisons," Keneally said.
The McClungs believe identity thieves got their daughter's Social Security number from a "death master file" published by the Social Security Administration and updated weekly. Ironically, on a special web site, the Social Security Administration notes one of the purposes of the list is to "prevent identity fraud."
"By methodically running financial, credit, payment and other applications against the Death Master File, the financial community, insurance companies, security firms and state and local governments are better able to identify and prevent identity fraud," the site says.
Because the IRS often processes returns involving deceased taxpayers, the file has limited use for detecting tax identity fraud. But TIGTA said the IRS is failing to make use of other third party information that could help detect fraud.
"[The Department of Health and Human Services] has a national directory of new hires that indicates whether a person is employed or not employed," George said. "Access to that directory by the IRS would assist it tremendously to identify people who claim to have income and withholding from that income and did not."
George noted that the IRS would need authority from Congress to access the directory.
Also a problem, George said: The IRS typically does not receive information from employers about W-2 forms until well after the electronic filing season has begun, giving thieves a window to file false returns and collect refunds.
"Once the money is out the door, it's either more expensive to capture it through audits or what have you, or the money has left the country and dissipated," George said.
The IRS notes that this year, that window has been eliminated, though not necessarily because of concerns about identity theft. The IRS delayed the start of electronic filing this year until January 30 — the same day employer tax information is due—because of the need to recalculate tax tables to account for the deficit reduction deal reached on New Year's Day.
Terry and Stephanie McClung eventually resolved their tax situation, they say through sheer persistence. They still do not know who tried to steal their daughter's identity, and the IRS declined to comment on their specific case citing privacy rules.
But the McClungs are pushing for changes in the rules to help victims, and urging all taxpayers to protect themselves.
Among the things you can do, according to experts:
•File early. The IRS begins processing electronic returns on January 30. Any day you file after that offers a window for an identity thief to file ahead of you.
•Guard your identity, especially your Social Security number — an identity thief's key to your tax refund.
•If you are a victim of identity theft at any time during the year, be sure to contact the IRS along with your banks and credit card issuers so that your account can be flagged come tax time.
•Learn more about tax identity theft on the IRS web site.