Watchdog: IRS needs new tech to fight fraud

The IRS must do a better job implementing new tools, technologies and strategies to combat identity theft and refund fraud and collect unpaid taxes.

That's the conclusion the Government Accountability Office reached in its latest annual report on high-risk government programs, released Mar. 6. While the agency has made notable strides in both areas over the past few years, GAO flagged the two issues as the most pressing challenges IRS must overcome to improve enforcement of its tax laws.

The IRS has reported that incidents of tax-related identity theft have continued to drop precipitously since the agency improved coordination with industry and tax providers on security issues in 2015. However, the GAO report notes that an explosion of hacks against government and private-sector entities over the years has flooded the black market with much of the same personally identifiable information about Americans that IRS relies on to authenticate taxpayers and process returns.

The report recommends that the agency continue to work on and improve its authentication policies, including looking at new tools and technology. James McTigue, Director of Strategic Issues at GAO, said there are over 100 different types of interactions between a taxpayer and IRS that require some form of authentication.

The GAO report said IRS officials have not completed updating authentication procedures to align with 2017 guidance from the National Institute of Standards and Technology. While the agency has developed a road map for how it wants to improve authentication across the agency, it currently lacks a solid plan for how to implement that vision.

"What we did find was that even though IRS was very careful about identifying these initiatives that it needs to undertake, it really hasn't estimated how much it would cost to do these things and haven't come up with a way to prioritize different initiatives," said McTigue.

McTigue laid out a number of ideas that should be on the table: implementing security keys or tokens; expanding a pilot program that assigns identity protection PIN numbers to previous victims of tax fraud; developing distinct taxpayer identifiers to cut down on the overlap of PII; and developing a way to send event-driven notifications to taxpayers, similar to how banks alert customers about potentially fraudulent activity on their accounts.

"The point is that it may be the case that one size doesn't fit all -- maybe not everybody would be comfortable with a secure key device," he said. "For those folks, maybe an IT pin is a better approach."

An IRS spokesperson declined to comment on the GAO report, but  pointed to Sept. 2018 congressional testimony by Chief Privacy Officer Edward Killen.

Killen told the House Ways and Means Committee then that changes put in place have led to a sharp decrease in reported instances of tax related identity theft, but he also acknowledged that "the proliferation of personally-identifiable information that is out in the ecosystem [from data breaches] makes it fundamentally more difficult to authenticate an individual."

While the agency is attempting to adapt to those realities, it won't be able to solve the problem alone.

"There will be some things we can do on our own, unilaterally, but in many instances we will need to partner with folks, both in the public sector and in the private sector…to help us work through this."

Closing the 'tax gap'

The tax gap is defined as the difference between true tax liability in a given year and the amount the IRS actually receives at the end of filing season. The most recent figures provided by the IRS show that between 2008 and 2010, the tax gap averaged $458 billion, though McTigue said the agency is able to recoup about $52 billion every year with current efforts.

That leaves more than $400 billion in uncollected tax revenue every year, and the GAO report makes it clear that IRS could do more to leverage the data it collects to further close the gap. In 2017, then-IRS commissioner John Koskinen said the agency's main fraud detection tool, the Return Review Program, had expanded to incorporate more than 200 different data filters designed to root out tax return fraud.

However, the research that feeds into the program is "ad-hoc" and the report recommends that the agency develop a more comprehensive data strategy.