When a thief steals your ID and your IRS refund

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.timesleader.com/business/When_a_thief_steals_your_ID_and_your_IRS_refund_01-01-2012.html

MIAMI — Without a hitch, Ed and Kelley Brill had filed their joint
income-tax returns from the same home address for 14 years.

But this year, after obtaining an extension, the Miami Shores, Fla.,
couple were shocked to learn that the Internal Revenue Service had
rejected their electronically filed return. It turned out that a thief
had stolen Kelley’s identity, Social Security number and employer’s
name, then filed a falsified refund claim — beating the Brills to the
punch.

Now, the Brills, parents of three school-age children — who still have
no idea how they were victimized — must wait six to 12 months to get
their $7,918 refund. Like hundreds of thousands of other Americans,
the Brills are enduring a frustrating triple whammy: ID theft, tax
fraud and IRS red tape.

“What gets me is the taxpayer who was ripped off and did nothing wrong
has to prove himself to the IRS,” said Ed Brill, 50, a mortgage banker
whose wife is a schoolteacher.

They learned from an IRS representative in November that Kelley’s ID
was stolen and used for the fraudulent tax refund, but were told
little else. “The IRS never bothered verifying anything filed by the
crook who committed the crime,” said Brill. “I want to be afforded the
same courtesy and efficiency that the crook was afforded by the IRS.”

The combustible issues of identity theft and tax fraud in the
electronic age have forced the IRS to come up with smarter ways to
detect phony refund claims, match employee-employer wage statements
and handle victims’ refund problems.

IRS Commissioner Douglas Shulman has focused not only on the viral
identity-theft problem, but also on potential solutions such as
“real-time” matching of W-2 income statements before tax refunds are
issued. The agency has recently begun a series of public meetings with
consumer groups, accountants, employers and others.

Here’s the crux of the challenge: Scammers are exploiting a weakness
in the IRS electronic filing system, because the agency does not match
filers’ tax returns to W-2 income forms filed by employers until
months after the filing season ends in April.

That means the IRS is not scrutinizing fabricated documents before it
issues refunds to thieves — refunds that are loaded onto debit cards
that can be used in retail stores, supermarkets and banks.

But fixing the costly problem will require the IRS to modernize its
processing system and set new rules mandating that employers file
workers’ income statements earlier in the year.

Jose Marrero, a former IRS special agent in charge of the agency’s
South Florida criminal division, said part of the problem is that
Congress has pressured the agency to process returns faster, so
taxpayers can receive their refunds more quickly.

But that has meant the IRS has less time to review claims for accuracy.

“There is a real conflict that the IRS has to deal with,” said
Marrero. “They are hamstrung by some of the things that Congress wants
them to do or allows them to do.”
In the meantime, the IRS has designed software filters to flag false
returns before they are processed and refunds issued — including
screens that spot certain changes in a taxpayer’s filing, such as a
different address or marital status.

The agency warns that despite improvements, it is “also unfortunately
seeing an increase in identity theft, including more complex schemes.”

According to a Government Accountability Office report, the number of
identity theft-related fraud incidents on tax returns reached 248,000
last year, about five times the number in 2008.

Ed Brill pressed an IRS representative for immediate resolution of his
case. Instead, he was told if he did not hear back from the IRS by
phone or writing within 90 days, he should contact the agency again.
That clock started ticking on Nov. 7, when the IRS received the
couple’s theft affidavit, he said.

“I just don’t want to be penalized for a hole in their system,” he
said. “And their attitude was, ‘Get in line with the rest of them.’ ”

But with Christmas around the corner, he said, the Brills could use
their nearly $8,000 tax refund.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/