IRS Not Doing Enough to Fight Business Tax ID Theft

The Internal Revenue Service (IRS) has taken actions and developed procedures to identify and detect business identity theft; however, TIGTA also found areas where improvements could be made to assist in this effort.

That is a finding of a report released today by the Treasury Inspector General for Tax Administration (TIGTA).

“Identity theft continues to be a serious and evolving issue which has a significant impact on tax administration. It not only affects individuals, it can also affect businesses,” said J. Russell George, Treasury Inspector General for Tax Administration. “Therefore, it is incumbent upon the IRS to use all the data and tools to detect and prevent business identity theft from occurring,” he said.

The IRS defines business identity theft as creating, using, or attempting to use businesses’ identifying information without authority to claim tax benefits. The IRS recognizes that new identity theft patterns are constantly evolving and, as such, it needs to continually adapt its detection and prevention processes. The overall objective of TIGTA’s review was to determine the effectiveness of the IRS’s efforts to implement a business return program to detect and prevent identity theft.

TIGTA found that the IRS recognizes continued efforts are needed to develop and implement systemic processes to detect identity theft. To date, the IRS has taken actions that include defining business identity theft, creating procedures for IRS employees to follow when they are made aware of a potential business identity theft situation, and conducting a Business Identity Theft Project to detect potential business identity theft relating to corporate tax returns.

However, TIGTA also found areas where improvements could be made in identifying potential business identity theft. For example, the IRS maintains a list of suspicious Employer Identification Numbers (EINs) determined to be associated with a fictitious business. TIGTA’s analysis of business returns filed during Processing Year 2014 identified that 233 tax returns were filed using a known suspicious EIN. Of these, 97 claimed refunds totaling over $2.5 million.

In addition, TIGTA determined that processing filters could be developed to identify returns containing certain characteristics that could indicate potential identity theft cases. Business returns containing these characteristics could be proactively identified before the issuance of any refunds. TIGTA also found that State information sharing agreements do not address business identity theft. The agreements only address the detection of individual identity theft. Finally, TIGTA also identified that actions are needed to better promote awareness of business identity theft.

TIGTA recommended that the Commissioner, Wage and Investment Division, establish procedures to identify business returns containing certain characteristics that could indicate potential identity theft cases; evaluate the potential for expanding information sharing agreements to include the sharing of suspicious or potentially fraudulent business tax return filings; and continue to develop and offer additional outreach materials that directly inform businesses about business identity theft.

The IRS agreed with TIGTA’s recommendations and has established some processes to detect potentially fraudulent business filings and will evaluate possible expansion of these processes to other business return filings in 2016. The IRS also plans to work with stakeholders to assess expanding the State Suspicious Filer Exchange to include business returns and update business outreach materials.