GO
Loading...

Identity Theft: Why Tax Refund Fraud Could Get Worse

When suburban Atlanta accountant Priscilla Diggs-Costen met the police at her office after the alarm company called in December, she thought it might have been a false alarm.

"When I first got here, it looked like there was no robbery. And then I looked at my desk."

Her computer and monitor were gone—a computer containing all of her clients' personal information, prior years' returns, and their Social Security numbers.

"I was devastated," she said.

The thieves had struck with surgical precision. At 10:32 on a Saturday night, just when the local police department was changing shifts, they had gotten in through the window closest to Diggs-Costen's desk, barely making a mark.

"There were no signs of forced entry on the outside but the inside of the window was partially broken," said the police report. These crooks knew exactly what they were after.

(Read More: Filing Snafu Could Delay Up to 600,000 Tax Refunds)

Diggs-Costen said it took a couple weeks after the break-in for her to understand what was going on, but then the first of her clients' returns were rejected by the IRS because someone else had already filed under their Social Security numbers—which clearly had come from Diggs-Costen's stolen computer.

Stolen identity tax refund fraud was a $5 billion problem last year according to the U.S. Treasury Inspector General for Tax Administration. That is the amount of fraudulent tax refunds the IRS paid out. The IRS and law enforcement have made the issue a top priority, but Diggs-Costen thought she was presenting them a golden opportunity to catch a crime before it occurred.

She contacted the IRS identity theft unit.

"I asked them, I said, hey, look, these returns are being filed. Can I give you a list of my clients to flag those accounts? And they said no."

She also alerted her clients about the breach. Vincent and Darlene, who asked us not to use their last names to protect what is left of their privacy, jumped into action as well. Or at least they tried.

"I called the IRS and was really trying to encourage them to close the gate, the barn door is open, they're going to do this, close the gate," she said. "They said I'm sorry, we can't do anything until they file a false return."

Nothing I could tell them could convince them to issue any kind of PIN, flag our account in any way, no matter how many times I told them my tax accountant's computer was stolen and that it was probably going to happen to many other people, they just seem to not care."

(Read More: How Identity Thieves Snatch Billions in Phony Tax Refunds)

An IRS spokesperson insists the agency does care.

"Our hearts go out to the victims of this terrible crime," she said.

But the IRS employees appear to have followed proper procedures, even though an enrolled agent and her clients were alerting them to what seemed to be a clear and imminent threat—complete with a police report to document the crime. That is because identity thieves have become so sophisticated, some have been known to contact the IRS themselves posing as victims, to buy more time to get their fraudulent returns in first.

The IRS has guidelines for taxpayers on a special web site. Taxpayers who suspect they were victims of identity theft are told to contact the agency's Identity Protection Unit at 1-800-908-4490. Typically, they will be told to file Form 14039, the Identity Theft Affidavit, which will help expedite their case if a fraudulent return is filed.

Diggs-Costen said she did all of that after receiving powers-of-attorney from her clients, but nearly all of them subsequently had fraudulent returns filed under their Social Security numbers.

"Every person that I've spoken to in the IRS identity theft unit gives me the spiel about ' you need to fill out this form or you need to this.' I already know what you need to do. What I'm trying to do is prevent more of the refunds from being issued," she said.

The IRS spokesperson said just because identity thieves filed a fraudulent return does not mean a refund was issued, because of "filters" designed to catch the fraud. Still, the legitimate taxpayer still might have to wait months—or longer—before they get their refund.

The IRS also issues special personal identification numbers to victims of identity theft, but those PINs are only issued once a year—in December—too soon to do the Georgia victims any good.

Why not issue every taxpayer a PIN?

The IRS said that would not be practical. With only about one percent of the nation's 140 million tax filers affected by identity theft, the spokesperson said the PINs would be an "unnecessary burden" for most taxpayers. Presumably for the IRS too, since many taxpayers lose their PINs and have to contact the IRS for a new one.

Nonetheless, the IRS says some 770,000 filers received PINs this year, the program's third year of operation. That is up from just 25,000 in the first year.

Victims of identity theft often find their federal return is just the start of their tax problems.

"I didn't even think of our Georgia state return," Darlene said.

(Read More: Five Smart Moves If You Can't Pay Your Tax Bill)

The states are a potential gold mine, experts say, because with a single Social Security number a thief can file returns—and collect refunds—across the country.

"What's scary about the states is that they're not centralized," said Haywood Talcove, CEO of LexisNexis' Government and Special Services division, which is trying to market filtering services to the states. "What the fraudsters are doing is they're using those identities to file in 42 or 43 other states, stealing hundreds of billions of dollars from taxpayers."

Because states generally do not share much tax information with one another, and because taxpayers would not know if a fraudster had filed in a faraway state, the state version of this crime is much harder to detect.

Georgia is one of four states to contract with LexisNexis, which runs every return through its vast database of personal identifying information such as home mortgages, auto registrations and employment. If something does not quite add up, the filer may be asked some additional questions.

"For example, 'Here's four addresses. Which didn't you live at?' 'Here's four cars. Which didn't you own,'" Talcove said.

(Read More:Tax Scam: IRS Pays Out Billions in Fraudulent Refunds)

Talcove said in the system's first year of operation last year, many filers chose not to answer the questions, which he said is an indication they probably were trying to commit fraud. As for the legitimate taxpayers caught in the filters, he said the screening might add an additional two or three days to their wait for a refund.

"The advantage to the individual is that if your identity is stolen, it will take you 12 to 18 months to get your refund and recoup your identity, but by using this it only takes two or three days to prevent it from happening in the first place."

Privacy advocates are keeping a wary eye on the system, which puts more information in the hands of the government than it would normally have, and filters individuals' personal information through a private database.

Georgia Commissioner of Revenue Doug MacGinnitie calls the issue a balancing act, which the state does not take lightly.

"We have a very serious obligation that we have keep here at the department to keep peoples tax information private, so what we send to the vendor is no tax information, just limited personal information so they can tell us if this is the same person, they don't need to know how much the person is paying in taxes or how much they're making," MacGinnitie said.

He also sympathizes with the IRS's concern about "burdening" taxpayers by requiring extra screening, but said it is a small price to pay—and taxpayers agree.

"All the feedback I've gotten is positive, even the folks that have had to answer the quiz and go online, they do appreciate what we're trying to do," MacGinnitie said.

Between the LexisNexis filtering and the state's own stepped up enforcement efforts, MacGinnitie said Georgia managed to stop around $99 million in fraudulent refunds.

But there are always some that get away, like an identity theft case his first year in office in 2011.

"Someone got a hold of my wife's Social Security and name," he said. "They filed a tax return in her name, with her Social Security number, made up some W-2 information, and it got processed through the IRS and the state of Georgia, and we sent out a check to the person who did it."

"If it can happen to my wife, it can happen to anybody," MacGinnite said.

By CNBC's Scott Cohn; Follow him on Twitter @ScottCohnCNBC

Featured

  • Andrea Day

    Andrea Day covers Crime & Punishment for CNBC. She and her team have reported nearly $1 billion in fraud this year.

Madoff Trustee: Investigations Inc

Crime & Punishment: Inside the SEC

  • The Treasury estimates that $21 billion in potentially fraudulent refunds due to identity theft could be issued in the next five years.

  • CNBC's Gary Kaminsky takes a look at the massive amount of digital data that pours into the SEC's enforcement division, which is in charge of investigating violations of securities laws.

  • CNBC's Gary Kaminsky spent time with SEC's Bruce Karpati to learn more about his division, which investigates allegations of fraud committed by investment advisers. Kaminsky reports that if you're breaking the law, the agency will find you.

Selling the American Dream

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.