The past 12 months brought a rash of data breaches at some very high-profile financial services and consumer products companies. Some of the victims, like yours truly, have received several cover-your-ass notices that our information may or may not be used without our knowledge. Blah, blah, blah.
As a result, we’ve done all the “right” things that you’re supposed to do when you discover your identity has been or may have been compromised, like initiating clamped-down regular scrutiny of credit reports and maybe even placing fraud alerts with the reporting agencies so that any information requests are brought to our attention.
But that probably won’t be enough to thwart a new and apparently rampant sort of fraud that preys on your identity: fraudulent income tax return claims.
I should know, since I am apparently a victim and I am not completely naive when it comes to cybersecurity. Apparently, I am not alone, if this CNN investigative report is any indication.
Here’s how the fraudulent income tax racket works. Identity thieves snatch your social security number from some place — and that place could be many places these days, such as a doctor’s office (which increasingly request them for insurance purposes) or a car dealership (which might have needed it for a car loan) or wherever. Then, they file an online tax return using your name and some sort of made-up income amount — claiming a refund.
For this to work really well, the identity thieves will file early in the filing season, so by the time the real you gets around to filing your return the damage is already done and you can’t file your own claim electronically.
In my case, I discovered my social security number had been used when my accountant attempted to file my husband’s and my return electronically about a month ago. No dice. When I called the IRS to ask about it, the representative told me I had two choices: my husband and I could file separately, so his claim could still be filed electronically (and we would, incidentally, end up paying higher taxes) or we could file a paper claim. In either case, I had to fill out an identity theft affidavit flagging the situation and send it in with proof of my identity (copies of my passport, driver’s license and social security card).
And now the waiting begins while they try to sort things out (although it didn’t keep the feds from cashing the check for the relatively small amount that my husband and I owed).
If I had legitimately been owed a refund, I would have been out of luck: the IRS representative that I talked to on the phone admitted that it would take at least 90 days for me to hear anything about a resolution. Maybe. Incidentally, the IRS will treat YOU with suspicion when this happens, so get ready to feel doubly violated.
The CNN report I’ve referenced mentioned that there were close to 950,000 fraudulent claims of this type filed in 2010, amounting to about $6.5 billion. (There are apparently about 140 million claims filed every year.)
Not all of the fraudulent claims were paid out, mind you, but some certainly were. The big breaches of 2011 could make for even higher potential damages for this season, and some people believe the new fast-track online filing system that the IRS has adopted is to blame. The amount of fraudulent claims of this sort apparently has doubled in the past three years.
In my case, for example, the claim against my social security number was filed by an individual, not a couple. That in itself should have triggered some sort of alert, in my opinion. I haven’t filed an individual claim in close to 10 years, since I officially changed my legal name (which is not the one I write under, incidentally). Sure, I could have been divorced or decided to do things differently, but it should have been flagged.
Apparently, another reason this sort of identity theft is particular effective is because the IRS will issue refunds electronically to debit cards if that is requested. Meaning thieves don’t have to have checks sent to your real address. This is another example of how the federal government’s valiant attempt to streamline and improve certain processes — moving from paper to digital methods — is backfiring without the proper security measures in place.
CNN quotes Deputy IRS Commissioner Beth Tucker as saying that the IRS has trained close to 40,000 people in how to deal with this sort of problem. It has also created an online resource to help victims repair the mess, which I have consulted myself. It certainly sounds like the IRS will need it.
Does all this mean that the government should shy away from digital processes?
Certainly not, but it is clear that once again criminals have managed to find the loopholes and security drawbacks in the system. It would be nice if the feds spent more time anticipating this sort of thing as we move forward into a digitally processed world.