Who's Fooling Who?

Jan 10, 2019

Catching and stopping identity theft before fraudsters make off with innocent taxpayers’ tax refunds is one of the IRS’s top priorities, and resource constraints means the Service is always looking for innovative ways to do more with less. The IRS estimates that, despite preventing $10.5 billion in attempted identity theft in 2016, $1.6 billion of tax refunds fell into the hands of criminals who filed fraudulent returns using stolen identities. As the IRS’s ability to detect and prevent identity theft improves, the volume of identity theft has begun to decrease; in 2017, there were 597,000 confirmed cases of identity theft, down from 883,000 in 2016. This situation creates a cat-and-mouse game, where identity thieves develop increasingly sophisticated schemes to avoid IRS detection, and the IRS requires increasingly sophisticated solutions to stay ahead of fraudsters.

To preempt and counteract new behaviors, the IRS has partnered with external institutions and updated its own data operations. Specifically, the IRS has teamed with 42 state tax administration agencies and 20 private tax industry officials to form the Security Summit to combat ID theft refund fraud. Additionally, the IRS has partnered with financial institutions to recover already-issued fraudulent refunds. These partnerships have opened up new data sources and advanced analytical capabilities for both the IRS and state tax agencies.

Furthermore, the IRS has increased the sophistication of their own data-driven predictive analytics to combat ID theft. Between 2014 and 2016, the IRS phased out the outdated Electronic Fraud Detection System (EFDS) and replaced it with the Return Review Program (RRP), which combines business rule filters and large scale proprietary machine learning algorithms to select returns that are most likely to be ID theft cases. RRP improves on the legacy EFDS system in several respects—it recognizes a broader range of emerging fraud trends, prevents more instances of attempted ID theft, and has a lower false detection rate. Additionally, the IRS has developed data visualization tools and advanced graph analytics capabilities to further understand fraudulent schemes and increase the coverage of systemically detected fraud.

For more than a decade, ASR Analytics has teamed with the IRS and state revenue agencies to prevent identity theft and other types of tax fraud. ASR works with state tax administration agencies to build ID theft models and detect fraudulent schemes using data and metadata from state tax returns. For the IRS, we use a three-pronged approach to prevent ID theft before refunds go out the door: (1) actively monitoring for emerging threats; (2) conducting data engineering to amplify signals of fraud; and (3) designing algorithms that use these signals efficiently and effectively. ASR has also strengthened vulnerabilities in the IRS’s current taxpayer authentication process to make filing returns under false identities more difficult in the first place.

As data-driven solutions continue to make ID theft harder to perpetrate, tax administration agencies will see increasingly complex and sophisticated schemes. As the IRS recognized by switching from EFDS to RRP, flexible solutions that can adapt in near real-time to ever-changing schemes are the only way to get ahead of today’s identity thieves and stay ahead of tomorrow’s.