I received my tax refund as expected. Thankfully no one filed a fraudulent tax return using my Social Security Number.
I heard tax refund identity theft is becoming more rampant these days. You file your taxes only to hear that some criminals beat you to it. They make up some numbers and they get a large refund from the IRS or from the state. Now your tax refund is put on hold pending resolution of the fraud.
A popular suggestion is to file early. That’s not really a solution. You need to wait for the W-2 and 1099 forms. Criminals don’t. You can’t win that race. Making sure you owe instead of getting a refund only lessens the financial impact. It doesn’t save you from the paperwork hassle when you are informed that someone else already filed a return on you.
Points of Attack
I read the points of attack are often the online tax prep services. Criminals create fake accounts at the tax prep services, sometimes filing many fake returns under the same account. They also use stolen user names and passwords from elsewhere to log in to people’s online tax prep accounts because some people re-use their user name and password. The online tax prep services and their e-filing become the criminals’ super-efficient pipes to the IRS and to the states.
I read that the IRS and the tax prep industry met and agreed to set up three working groups to come up with ways to fight the fraud. That’s great. I have another idea. I think it will help cut down this type of fraud really fast.
The Root Cause
Before I get to the idea, let me first point out the root cause I’m trying to address. I believe the root cause is misalignment between information and motivation. The parties that have a lot of information lack motivation. The parties that have a lot of motivation lack information. Once information and motivation are aligned, the problem will be much easier to solve.
Online tax prep services have a lot of information. They know which account is filing this return. They know where it’s logging in from and what address is on the return. They know whether this account has filed returns for the same social security number in the past or not and where it logged in from in the past. They know whether the numbers were imported or typed in. They know how many other accounts were created or logged in from the same IP address or the same browser. They know how many sessions the users took before finalizing the return, how long each session lasted and which topics the user visited. They know where the refund is going to and how the user is paying for the tax prep fee.
The data points are numerous but the companies have very little incentive to use these data points. Instead, they adopt a zero tolerance policy on false positives.
The IRS and the states have a lot of motivation. They lose money to fraud, plus the added cost to deal with the legit taxpayers. However, by the time the returns come into the door through the tax prep companies’ pipes, all those fine-grained data points on how the returns were created are lost. There’s much less information to go by.
How do you shift the motivation to fight fraud to the parties with rich information? You borrow a proven effective practice from another industry: chargeback.
If a criminal steals your credit card number and makes an unauthorized purchase, you can dispute it with the bank and get it reversed. The bank will send a chargeback to the merchant. The merchant loses the merchandise. Merchants don’t want chargebacks. That’s why when you buy online you are usually asked to put in the 3-digit number on the back of your card as a security check. That’s why when your shipping address and your billing address don’t match, your order is sometimes put aside for extra screening.
Following that practice, if the IRS or the states pay a refund on a return which later is found to be fraudulent, they charge it back to the party that brought in that return. You bet now the online tax prep services will use all available data points to make sure the return is legit.
It also unleashes the power of competition. Right now one service says its anti-fraud effort doesn’t really help reduce overall fraud because fraud just goes somewhere else like squeezing a balloon. If they get chargebacks, they will do the best they can to push fraud somewhere else. When all companies push fraud somewhere else, fraud will have fewer places to go.
When information and motivation align, the problem will diminish. As long as they don’t align, the problem will stay with us.
What can we the taxpayers do in the interim?
- Use installed tax software, not online. Don’t leave an account out there for criminals to take over.
- If you already created an online tax filing account, especially if you don’t use it any more, put a unique, super-long password on it.
- Freeze your credit. Many places let people create an account if they can answer questions drawn from your credit reports (such as your old addresses or the size of your mortgage payment). If you freeze your credit, they won’t be able to do so.