Until recently, he notes, in the case of a discrepancy the IRS would simply contact the alleged thief and ask them to verify that they were the legitimate taxpayer, leaving the real taxpayer forced to verify — again and again —that they really are who they say they are. (Read More: Busch: Could a Chicago 'Quirky' Democrat Help Rebuild the GOP?)
"To their credit, they recently changed this," George said.
IRS spokeswoman Michele Eldridge denies the agency has been caught flat-footed by the sudden growth of identity theft.
"IRS takes refund fraud and identity theft very seriously," Eldridge said in an interview. "We've gotten a lot better at being able to protect and prevent the refund fraud, from when it hits the door."
Eldridge said the agency has employed a number of "filters" to detect fraudulent returns. She declined to offer specifics that might offer a road map for thieves.
In Congressional testimony in November, Deputy IRS Commissioner Beth Tucker said in the first ten months of 2012, the agency "protected approximately $20 billion of revenue related to fraudulent returns, including identity theft."
The IRS is also working more closely with criminal prosecutors.
The Justice Department's Tax Division, which historically has focused on offshore tax havens and other forms of tax evasion, now lists tax identity theft among its top priorities.
Assistant U.S. Attorney General Kathryn Keneally said identity thieves view the fraud as a "low risk, high reward crime."
"Our absolute goal is to alter that equation, through law enforcement activities, through prosecutions and our investigations, to make it clear that if you do this, you're going to prison," Keneally said in an interview.
She said the department has brought a number of successful cases, often getting stiff sentences "in excess of 25 years."
The IRS reports criminal investigations tripled last year from the year before, with nearly 900 investigations and nearly 500 indictments.
"That's how we're going to alter the equation," she said.
Still, investigators are battling with thieves for the upper hand.
"What we are seeing and combating are increasingly sophisticated networks, where instead of having one person just sit there and do the returns and collect the money, we've seen these networks. And with any business that you leverage, you can grow," Keneally said.
Compounding the problem is the sheer amount of data about taxpayers that can be readily available to thieves.
"The reality here is that very often what this crime involves are entire lists of identity information, often taken from some of the most vulnerable parts of society. Hospitals. Nursing homes. Death lists. Prisons," Keneally said.
The McClungs believe identity thieves got their daughter's Social Security number from a "death master file" published by the Social Security Administration and updated weekly. Ironically, on a special web site, the Social Security Administration notes one of the purposes of the list is to "prevent identity fraud."
"By methodically running financial, credit, payment and other applications against the Death Master File, the financial community, insurance companies, security firms and state and local governments are better able to identify and prevent identity fraud," the site says.
Because the IRS often processes returns involving deceased taxpayers, the file has limited use for detecting tax identity fraud. But TIGTA said the IRS is failing to make use of other third party information that could help detect fraud.
"[The Department of Health and Human Services] has a national directory of new hires that indicates whether a person is employed or not employed," George said. "Access to that directory by the IRS would assist it tremendously to identify people who claim to have income and withholding from that income and did not."
George noted that the IRS would need authority from Congress to access the directory.
Also a problem, George said: The IRS typically does not receive information from employers about W-2 forms until well after the electronic filing season has begun, giving thieves a window to file false returns and collect refunds.
"Once the money is out the door, it's either more expensive to capture it through audits or what have you, or the money has left the country and dissipated," George said.
The IRS notes that this year, that window has been eliminated, though not necessarily because of concerns about identity theft. The IRS delayed the start of electronic filing this year until January 30 — the same day employer tax information is due—because of the need to recalculate tax tables to account for the deficit reduction deal reached on New Year's Day.
Terry and Stephanie McClung eventually resolved their tax situation, they say through sheer persistence. They still do not know who tried to steal their daughter's identity, and the IRS declined to comment on their specific case citing privacy rules.
But the McClungs are pushing for changes in the rules to help victims, and urging all taxpayers to protect themselves.