Data Breaches Increase Need for Modernized Taxpayer Experiences

In addition, the number of total high-risk breaches reported in Q1 2023 was at its highest point in more than two years.⁴ Through the first half of 2023, there have been 283 data breaches reported with a suspected connection toward enabling tax refund ID theft.⁵

Many recognize cybercriminals use compromised identities to syphon returns from legitimate taxpayers. However, through our work with public tax organizations, TransUnion has found many bad actors also use tax systems to enable additional schemes by validating stolen identities. Without effective fraud prevention measures, instances of fraud and account takeover result in the loss of refunds, cost of recovery, public scrutiny and constituent dissatisfaction.

Fraudsters taking crimes to call centers

In an analysis of internal data, TransUnion documented the riskiest channel for the call center proved to be non-fixed Voice over Internet Protocol (VoIP), a phone number that isn’t associated with a physical address.⁶ While that channel represented only 3% of total call volume for financial services customers, 60% of those calls were identified as high risk for fraud, and 62% of all high-risk calls came from non-fixed VoIP last year.⁷

Public sector agencies should adapt fraud-fighting best practices across sectors. Agency leaders should work with call center teams to implement integrated inbound call authentication technology based on robust phone and device reputation. For call centers, high-risk calls can immediately be routed for additional authentication or to fraud teams. It also allows trusted calls to move through to Interactive Voice Response (IVR) or representatives with less friction.

Data is key to fighting fraud while delivering positive constituent experiences

Tax and revenue agencies need a response to cybercriminals that both understands the volume and severity of modern fraud, as well as provides a strategic solution to balance security, user experience and transparency. To better mitigate fraud risk while driving positive interactions with legitimate taxpayers, agencies can leverage three types of external data:

• Identity information: Combatting identity fraud requires the ability to distinguish legitimate constituents from suspected fraudsters, even if identity elements are different from a previous filing. Integrating information like name and address from multiple, authoritative data sources — including consumer-provided information and third-party data — with advanced analytics can help reduce tax refund fraud.
• Digital insights: An understanding of the risk associated with reputational, technical, behavioral and device-based signals can help agencies better authenticate constituents quickly while analyzing patterns of suspicious behavior. And by catching fraudsters early in the user journey, tax agencies can better avoid downstream costs.
• Phone data: Security measures implemented through phone-based interactions can help separate legitimate constituent experiences from potentially risky ones so good taxpayers get through faster. Therefore, securing the audio channel is as important as digital encryption — which has been in place for years. With more accurate inbound caller identification, fewer legitimate callers will require manual fraud reviews, which increases constituent satisfaction and access.

Government agencies that implement data-driven strategies to understand, verify and authenticate users across digital and phone channels will build trust with constituents. Using complementary layers of data insights, agencies can better block and reduce fraud behind the scenes so authentic constituents can get through faster — and these small gains matter. Studies show a gain in average constituent satisfaction of just one percentage point can result in up to a 1.5% increase in government trust, suggesting that — by focusing on improving the user experience — government agencies can make significant gains in constituent trust while also improving access.⁸

Learn how TransUnion is helping public agencies protect internal systems and constituents from bad actors while increasing access for good constituents.

1–5 Source: Sontiq, a TransUnion company. This assessment reviewed trends across publicly reported data breaches — which may include those targeted at both the private and public sector. With this information on data breaches, our team then analyzed proprietary scores that indicated when stolen identity credentials had the potential to be used to further tax identity refund theft. All calculations based on the date a breach was reported.

6,7 Source: TransUnion’s call center findings were based on data from more than a half billion transactions in 2022 — from both large and small financial institutions based in the US. The rate or percentage of high-risk calls was determined by the assessment of multiple risk factors.

8 Source: Governments can deliver exceptional customer experiences – here’s how. McKinsey & Company; November 16, 2022.

*High-risk breach: A breach where a given category is in the top five harms associated, as determined by Sontiq BreachIQ™ score. Sontiq’s BreachIQ algorithm evaluates 12 types of identity crimes that could result from stolen personally identifiable information (PII).