Smarter risk analysis can help tax agencies crack down on identity fraud
With the right data, agencies can better drive positive interactions with legitimate constituents while mitigating fraud risk.
Every year, the IRS sees billions claimed in fraudulent tax schemes. One of the most common tax fraud types, Stolen Identity Refund Fraud, costs taxpayers billions and poses risks for victims who often don't know a tax return has been falsely filed with their Social Security number until they try to file themselves. As the IRS has recently advised taxpayers to avoid filing too early, this could mean more constituents fall victim to SIRF this year.
The number of fraud threats targeting the public sector are growing—as are their severity. In Q4 2022, 22 million Americans saw personal data exposed in breaches that may result in fraud targeting the public sector. These breaches make it easier for criminals to obtain stolen identities to file fraudulent returns.
Public tax organizations need a response to cybercriminals that both understands the volume and severity of modern fraud, as well as provides a strategic solution to balance security, user experience and transparency. With the right data, agencies can better drive positive interactions with legitimate constituents while mitigating fraud risk.
Keep systems more up to date with taxpayer identity data from multiple, authoritative sources
Identity elements can change over time—whether due to a move, new last name or other update. Combatting identity fraud requires the ability to distinguish legitimate constituents from suspected fraudsters, even if identity elements are different from a previous filing. A multi-layer data and analytical approach can also help flag more risky interactions using highly predictive fraud data.
Agencies should begin by integrating information from multiple, authoritative data sources—including consumer-provided information, current views of tax data, additional identity information and device signals—with advanced analytics to reduce tax refund fraud.
Better distinguish trustworthy digital signals from risky interactions
When government agencies implement enhanced security protections, constituents can experience delays and frustration. Starting with an understanding of the risk associated with reputational, technical or behavioral, device-based signals, agencies can better authenticate constituents quickly while analyzing other patterns of suspect behavior.
As most taxpayers opt to file electronic returns, agencies working with constituents in digital channels need to make solid identity decisions looking at the devices and behaviors of an identity for added signs of risk or assurance.
Protect against evolving fraud tactics across channels
Constituents can face negative perceptions when interacting with government agencies outside digital channels as well. For tax and revenue agencies specifically, recent years were challenging in phone channels. In 2022, only 13% of calls from taxpayers got through to an IRS employee.
Security measures implemented through phone-based interactions can help separate legitimate constituent experiences from potentially risky ones so good constituents get through faster. Therefore, securing the audio channel is as important as digital encryption, which has been in place for years. With more accurate inbound caller identification, fewer legitimate callers will require manual fraud reviews.
Build trust in legitimate outreach attempts
Fraud schemes negatively affect agencies at all points of entry. In addition to targeting tax systems, criminals may go directly to unsuspecting consumers. During tax season, an aggressive number of callers posing as IRS agents call consumers with hopes of stealing money or personal information. In 2022, the Federal Trade Commission reported thousands of IRS imposter attempts causing taxpayers to collectively lose $5.23 million.
To help assure taxpayers, inbound-only numbers can be registered as 'do not originate' to reduce the risk of fraudsters spoofing them to make scam calls. Agencies can also designate verified numbers for outbound calling to better assure calls aren't mislabeled, tagged as spam or blocked.
Private and public organizations alike have started to display branding on outbound mobile calls—including information like the company name or logo. These measures can help protect an agency's reputation and reassure constituents.
What can be done to implement stronger security measures and more positive user experiences?
While taxpayers may file early or leverage monitoring services to mitigate some risks of identity theft, the burden of fraud should not fall on constituents.
Instead, government agencies that are vigilant to the evolution of digital and phone channels, interconnectivity and fraud risks, will better build trust with constituents. To protect and foster more positive experiences, agencies must have a better understanding of taxpayers, their online and offline identities, devices used, and real-time behaviors. Using complementary layers of these data insights, agencies can better block and reduce fraud behind the scenes so authentic constituents can get through faster.
Stuart Levy is vice president for TransUnion's Public Sector business
NEXT STORY: The challenges of collective cyber defense