Report: Identity theft is more prevalent than IRS data shows

Identity theft-related tax fraud is more widespread than Internal Revenue Service statistics indicate, according to a new report from the Government Accountability Office.

The IRS catalogued more than 50,000 incidents of identity theft and employment fraud in 2008 and stopped 90 percent of fraudulently claimed tax refunds before they were processed, according to the report (GAO-09-882). But the "data provides an incomplete picture of the amount of identity theft-related fraud occurring at IRS," said James White, director of tax issues on GAO's strategic issues team.

Limited resources and the large number of mismatches in employer-provided versus taxpayer-reported wage data make it difficult for the IRS to pursue every case of potential fraud, the report noted. Also, agency officials have difficulty detecting incidents where a thief steals the identity of a person with no tax filing obligation, such as a child, and files returns and pays taxes using that person's name and Social Security number. "From IRS' point of view, a tax return has been filed with a name and SSN that match and the income on the tax return matches income reported by an employer," White said.

IRS fraud-detection processes often cause incidents to go unnoticed for a long time, GAO added. "It is only after IRS notifies a taxpayer of unreported income that IRS may learn from the taxpayer that the income was not his or hers and that someone else must have been using his or her identity," White said. "By the time both the victim and IRS determine that an identity theft incident occurred, well over a year may have passed since the employment fraud."

The IRS can't identify how many incidents of fraud go undetected, partly because it lacks metrics to assess the effectiveness of existing efforts, according to the report. For example, the IRS does not measure the number of false positives -- where a legitimate return is flagged as being fraudulent -- or false negatives. The agency also fails to track the cost or time required to resolve cases referred to employees.

IRS Commissioner Douglas Shulman agreed with GAO's recommendation to develop performance measures to assess the effectiveness of identity theft initiatives by the beginning of the 2010 filing season.

"The security and privacy of taxpayer information is of the utmost importance to the IRS," Shulman wrote in response to the report. "I have made it a priority of this agency to reduce the burden placed on the taxpayer and the tax system because of identity theft."