The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by 65-percent from just two years ago. However, the IRS, state tax agencies, and the tax industry are facing new challenges:
- Fraudsters are using more sophisticated schemes, with business identity theft and account takeovers of tax prep websites on the rise.
- The 2019 implementation of the 2017 tax reform law is looming large.
- The Senate is preparing to take up the recently House-passed Taxpayer First Act, which would bring new changes.
ISAC Gains Traction with Persistence of Identity Fraud
It may seem like the IRS Security Summit was just yesterday, but the work begun in 2015 is now maturing. The Identity Theft Tax Return Fraud ISAC is now two years old, and it has quadrupled the number of members from a year ago (63 vs. 18). That includes at least one state that doesn’t even have an income tax. This growth speaks to the membership value of ISAC in terms of fraud alerts and actionable threat intelligence, but also to the scope and persistence of identity fraud.
Ken Corbin, a commissioner for the Wage and Investment Division of the IRS, highlighted the IRS’ accomplishments combatting ID theft fraud. He pointed to $6 billion in fraud prevention last year, as detailed in the ISAC’s annual report. The two-thirds reduction in fraud translates to taxpayer dollars saved -- and fewer frauds to investigate and fewer victims.
CERCA Experts: Fraudsters Continue to Adapt
Of course, that still leaves a $2 billion problem for the IRS to solve. Courtney Kay-Decker of the Iowa Department of Revenue said fraudsters are always adapting. “In tax administration, whatever we’re not watching gets abused.”
The first challenge is discovery, and the next is measurement. “Our challenge in the future is how are we going to measure new fraud schemes that arise?” Later meeting sessions highlighted some of these shifts. Fraudsters began targeting states after the IRS Security Summit and PATH (Protecting Americans from Tax Hikes Act) implementation made the IRS a tougher nut to crack. In a conference representing the tax preparation industry, it wasn’t news that they are increasingly the targets of account takeover and other attacks, as fraudsters look to acquire ammunition with which to carry out more sophisticated schemes. As a result, information security took on new prominence this year, and panels featured MITRE and NIST.
Business Identity Theft Fueled by Broad Access to Data
Likewise, business identity theft is on the rise. State business registries often provide a soft target, both for harvest of information for tax identity theft and for direct exploit, such as redirecting payments. Allison Schwartz of Dun & Bradstreet noted a 46% increase overall in business ID theft. Meanwhile, at IRS the problem has sharply increased. It has risen to $1.6 billion from just 12,000 fraudulent returns in tax year 2017, said Tamara Powell of the IRS Business Performance Lab.
With business data widely available from public records and commercial sources, it’s not an easy problem to solve. It brings a new set of authentication and authorization challenges. One potential approach would be for the IRS to leverage third-party intelligence to better authenticate business filers.
Equifax has deep expertise in this area. It not only provides commercial credit and identity reports, but also delivers authenticating and credentialing services companies across industries.
Learn how risk-based authentication tools, such as the FraudIQ Authenticate can be used to confirm identities and help enhance the security of account applications and transactions. Mark your calendar for the CERCA FALL 2018 Conference on November 14, 2018.