It’s no secret that the IRS has been fighting a battle against identity thieves and tax return fraud for a long time, paying out as much as $5.8 billion in fraudulent refunds to scammers last year alone.
But with the abundance of stolen data available on black market internet sites, often stolen during large-scale data breaches, it didn’t seem like there was any end to the fraud in sight.
New measures, though, may go a long way towards putting a dent in tax-related identity theft crimes. The IRS, in partnership with the state tax administrations and the software companies that produce at-home filing software, has announced several changes. These new steps are intended to help citizens know if there has been a change to their personal identifying information, namely in the payment method that electronic refunds go to.
Under the new protocols, software filing companies will alert the IRS any time a mobile device is used to file more than one tax return, whenever the same IP address (the unique “name” for your internet connection) is used to file more than one return, or when a tax return is auto-generated instead of filed by a live person.
Why these steps? One of the major links among tax refund fraud rings is that they take multiple people’s identities for the purposes of filing dozens—or even hundreds—of tax returns. If mobile devices, the same IP address, or a computer file those returns, the IRS will find out.
Other ways the software companies are trying to break the cycle of tax return fraud is by strengthening their own programs. This coming year, they’ll require stronger passwords than in the past, meaning a combination of numbers, uppercase and lowercase letters, and even symbols. There will also be a limit to the number of times you can attempt your password before you’re locked out, which is aimed at keeping “guessing software” from randomly guessing your password. A larger number of required security questions has been implemented, as well as a two-step authentication which will require you to check your email or text message for a special one-time PIN, then enter that with your other information in order to access your account.
Finally, one major piece of the crime-prevention puzzle has been implemented, and that’s an alert if your payment processing method has been changed. Tax return thieves receive their money typically by prepaid debit card or in a newly opened bank account; if anyone changes the bank account information on your account, you’ll receive a notification.
Interestingly, there have been industry hints that other measures have been implemented but that the IRS has not made those public. One reason for the secrecy could be to keep thieves from coming up with a workaround before it’s time to file tax returns. As always, one of the best ways to prevent tax refund on a personal level is to file as early as you possibly can. By gathering your documentation and paperwork now, you’ll be ready as soon as the rest of the documents arrive in January.