photo by Charles Barilleaux
Hello, Ms. American Taxpayer. State and federal authorities are having a devil of a time stopping fraudsters from filing bogus tax returns in your name, and I’m sorry to tell you, but it’s all your fault.
As Veranda Smith of the Federation of Tax Administrators put it, according to The Wall Street Journal, “America is addicted to fast refunds, and that addiction is sucking good money out of the budgets. What we need from politicians is permission to process a return for a month or two before sending out a refund.”
That describes the situation almost perfectly. Perfectly backward, that is.
Tax refunds are interest-free loans that tens of millions of Americans make to the federal government, and to states that tax wages (which is most of them). Employers must withhold taxes according to tables that are designed to over-withhold in most cases, giving treasuries free use of the money until the taxpayer files a return to reclaim what is rightfully his or hers. While taxpayers can adjust withholding to reduce these overpayments, most lack the wherewithal to tackle the paperwork.
Of course people want to get their refunds as fast as possible once their returns are complete and they know they do not owe any additional balance. It is their money, not the government’s. Once they establish this fact via their returns, it would add insult to injury to force taxpayers to wait any longer than is reasonably necessary in this day and age. Imagine if your bank told you it would require a month or two of processing before you could make a withdrawal.
Smith is absolutely right that modern fast-payment mechanisms are what have attracted so many fraudsters to the rapidly growing industry of stealing taxpayer identities and filing false returns. The problem, however, is with the mechanisms, not the taxpayers.
Quick access to refunds was the carrot that tax administrators used to sell the public and elected officials on the idea that tax returns should be electronically filed in nearly all instances. Nobody much cared if professionals were forced to buy expensive software and jump through other commercial hoops in order to implement mandatory e-filing. But the vast majority of taxpayers who self-prepare returns or who go to high-volume, low-cost shops to get them prepared expected to share in e-filing’s benefits. It is worth noting, however, that the benefits for tax administrators themselves were and are considerable, and quick refunds were an enticement, not a consumer-initiated demand.
The idea was to make getting cash as fast and easy as possible. Instead of waiting the traditional four to six weeks to get a paper check, your refund could be electronically deposited in one to three weeks. And if that was too long to wait, the government set up its system to allow tax preparers and financial institutions to advance you the money - often at exorbitant costs - right on the spot. To make that happen, the lender needed to be able to collect its repayment directly from the refund.
Which is where the problem really lies. When you file a tax return - or someone pretending to be you does - the refund money will go to any valid financial account that you indicate. The account does not need to be in your name, nor is there any matching by the financial institutions handling the funds between the names on the accounts and the tax ID numbers associated with the returns.
Commercially speaking, this is crazy. Identity theft is a problem that affects every player in the financial system today. There is no magic bullet to stop it or surefire shield to defend against it, but there are a lot of protective measures that can minimize it. The most basic, and one that financial custodians now require financial advisers like my firm to take, is to verify the authenticity of every fund transfer request and other account action. One of the most important steps is to permit automated transfers only to accounts that are registered in the exact same name as the party initiating the transfer.
Think about it. If you go online to Bank A and ask it to transfer funds to Bank B, you will probably receive an email confirming that your instruction has been received. The email does not need to include account numbers or dollar amounts; the mere receipt is enough to signal to you that something is wrong if you never actually asked to make a transfer. If a client emails me, even from an email account that I recognize, and asks me to move money to an account in someone else’s name, or even to an account in the client’s own name that is not one that the client regularly uses, I will personally call that client to confirm that the instruction is genuine. It takes a little more time for both me and the client, but because sometimes such instructions come when a client’s email account has been hacked, it pays to make sure that the request is genuine.
Neither the Internal Revenue Service nor the states have created anything like the online infrastructure that private financial providers offer their customers. You can’t log on to an account at the IRS, set up a password and email, and automatically receive updates any time there is activity on that account. The best you can do is call a phone number and find out when your refund is due to arrive - but if you have not yet filed your return, you probably won’t think to call that number. The first clue most people have that there is a problem is when they try to e-file a return and have it rejected, because someone else has already filed under that name and Social Security number.
That is exactly what has happened to the most recent spate of tax fraud victims in the news. Intuit’s popular TurboTax software briefly suspended e-filing returns at the state level after reports of fraud arose in about 19 states. The FBI is also looking into a handful of reports of fraudulent federal returns. (This is not to mention the active phishing schemes designed to prey on taxpayers now justifiably nervous about the security of their tax data.) Intuit has said that it has not had a widespread data breach, and in a letter to the IRS commissioner, the company’s chief executive urged tax authorities to take action. The authorities’ response? Smith’s misguided attempt to blame taxpayers who want their refunds quickly.
It is not the taxpayers’ job to secure the money that the government extracts from them under the force of the tax laws. It is not the taxpayers’ job to establish commercially reasonable procedures to ensure that very few refunds can be issued to someone who is not the person that the tax authorities believe they are dealing with. Social Security, which used to be the frequent target of thefts of paper checks when most payments moved by mail, is pretty good at controlling the places where it sends benefits to ensure they go only to the authorized recipient. The tax authorities could take some notes.
Memo to Smith, her fellow state and local tax administrators, and the IRS: Electronic filing was your idea, not the public’s. It is designed to help you process hundreds of millions of returns as efficiently and cheaply as possible. On balance that is a good thing. But security is a cost of doing business, especially financial business, and that is exactly the business you are in.