Key Takeaways:
Revenue and tax agencies may face an increasing threat of identity-based tax fraud. Criminals are using a multi-pronged approach to collect, validate and monetize stolen constituent identity information, defrauding government agencies and individuals. Enhancing identity verification and authentication through a more robust suite of data identifiers or signals covering US adults and advanced analytics applied across the tax return lifecycle can help improve security and bolster constituent trust.
It’s tax season and agencies are ramped up to handle millions of tax filings as the April 15 deadline approaches. From the Internal Revenue Service (IRS) to state revenue departments to local departments, tax agencies across the country will be working efficiently to collect revenue, transparently process returns, issue refunds — and stop tax frauds.
Tax refunds are a prime target for criminals. The IRS Criminal Investigation alone investigated 2,667 tax fraud and financial crimes totaling $9.1 billion in fiscal year 2024. With exposure of Social Security numbers (SSNs) and other personal identity information accelerating, fraudsters have information required to steal refunds, submit false tax returns and perpetrate tax-related scams.
Government tax agencies need a response to cybercriminals that considers the volume and severity of modern fraud. This requires a strategic approach to deliver security, smooth user experiences and transparency. With more robust data identifiers and device signals, agencies can more efficiently process returns from legitimate constituents while identifying those that may require more scrutiny to mitigate fraud risk.
What is tax fraud?
Tax fraud is the deliberate act of falsifying information on a tax return to acquire illegitimate refunds, avoid paying taxes or evade paying the amount of tax owed. Tax fraud is illegal and subject to criminal prosecution. Tax fraud can include actions like:
- Stolen identity refund fraud: Using a stolen or fake SSN to falsely file a tax return
- Tax refund theft: Stealing someone else’s tax refund check or funds
- Underreporting income: Failing to include all sources of income on a tax return
- Claiming false deductions: Reporting deductions or credits that one isn’t entitled to
- Misrepresenting expenses: Claiming personal expenses as business expenses
How does identity-based fraud impact tax fraud?
The rate of identity theft and identity-based fraud is stubbornly high. Public tax authorities must adjust their threat postures to address modern cybercrime tactics enabled by millions of exposed identities. Like any enterprise, criminals seek the most efficient way to steal funds. Their primary method for improving cybercrime effectiveness include acquiring high-value personal identity information through:
- Data breaches: Illegally accessing an organization’s or service-provider’s network to steal personal identity information. Before exploitative information ever gets to a fraudster, it often starts with a separate criminal who’s sophisticated in mining, breaching and collecting data to broker.
- Consumer scams: Fooling consumers through fraudulent emails, phone calls, texts, social posts or websites to either share personal information or authorize transactions.
- Social engineering scams: Convincing an organization’s call center staff to unknowingly validate or share personal information, or change account information to gain control of someone else’s account.
Criminals use all these tactics and more to gain a clearer view of individuals’ identities — enabling them to perpetrate identity-based fraud. These include, submitting false tax returns or returns with modified banking information using a legitimate SSN, taking over users’ online bank accounts to steal tax refund checks or digital payments, or falsely claiming deductions or credits using stolen or synthetic identities.
Fraud trends explain identity fraud risk facing tax agencies
Protecting your organization and constituents is more difficult in an environment where so much identity information has been exposed to criminals. Cybercriminals have been building a trove of stolen identity data to either sell to the highest bidder on the dark web or leverage with advanced technologies to perpetrate fraud directly. For example:
- Data breach trends: A TransUnion Public Sector analysis of the volume and severity of data breaches — using publicly available data about US breaches — recently found 970 data breaches took place in 2024 with a likelihood for the stolen information to be used in stolen identity refund fraud, based on the type of data harvested. Our analysis found these breaches exposed more than 640 million consumer records, which contained critical pieces of identity information like SSNs, address histories and full names.
- Consumer fraud trends: In a survey of US consumers conducted on behalf of TransUnion, more than half (54%) of individuals reported being targeted by an email, online, phone call or text messaging fraud scheme and 11% said they fell victim in the last four months of 2024.
- Global digital fraud trends: The rate of suspected digital fraud globally among TransUnion TruValidate™ customers remained stubbornly high despite falling to 5.2% in H1 2024 from 5.6% in H2 2023. Critical to tax authorities that rely on electronic filing to improve operational efficiencies and provide transparency into tax return processing, 6.5% of new account openings and 5.8% of account login transactions were suspected digital fraud.
- Call center fraud trends: TransUnion documented a 55% increase in high-risk calls into US call centers in 2023.
Enabling trust and security to reduce fraud risk and improve tax return processing
The IRS estimates it takes 21 days to process an electronically filed Form 1040 return. To maintain that pace while handling millions of returns, its critical tax authorities screen returns quickly for potential fraud — letting legitimate returns flow through the process and identifying suspect returns for further scrutiny. Enhancing existing tax systems with better intelligence enhanced risk signals can help deliver more trusted omnichannel customer experiences.
Enhance systems with identity data from multiple sources
Identity elements are constantly changing; people move, change their last names, switch phone numbers — the list goes on. Combatting identity fraud requires distinguishing legitimate constituents from suspected fraudsters, especially if someone changed their identity information from a previous filing. A multilayer data and analytical approach can help flag more risky interactions using highly predictive fraud data — while letting trusted returns flow more quickly.
Agencies should begin by integrating identity information from multiple data sources — including identity information and device signals — with consumer-provided information, current views of tax data, and advanced analytics to help reduce tax refund fraud.
Improve ability to distinguish trustworthy digital signals from risky interactions
Implementing enhanced security protections to improve identity verification and authentication can often lead to poor customer experiences and constituent frustration. Starting with an understanding of the risks associated with reputational and contextual, device-based signals, agencies can better authenticate constituents quickly while recognizing patterns of suspicious behavior.
As most taxpayers opt to file electronic returns, agencies working with constituents in digital channels need to make solid identity decisions by looking at devices for added signs of risk or assurance during account setup, account login and return filing.
Protect against evolving omnichannel fraud tactics
Constituents rely on the phone channel to get answers quickly or address complex issues. However, the phone channel remains a primary target for fraudsters trying to gain access to accounts or validate account information through social engineering.
Making the phone channel efficient and secure is critical to fulfilling revenue agency missions. Through concerted focus, the IRS has improved call center performance, but challenges remain: For tax year 2023, IRS call centers achieved just a 51% “level of service”, an IRS-derived measure of specific phone lines and the number of calls that are able to successfully get through to a live customer service representative. This was a sharp increase from tax year 2022, largely attributable to a reduction in IRS-initiated disconnects. These disconnects can take place when calls are connected to sites that are closed or unable to provide service due to high demand. In 2023, the IRS disconnected 16.3 million calls (a reduction from 74 million in 2023). Adding automated authentication for inbound phone interactions can help good constituents get through faster while flagging risky calls for enhanced step-up authentication. With more accurate inbound caller risk assessment, fewer legitimate callers require manual fraud reviews.
Improve constituent experience by building trust in outreach
Cybercriminals don’t just target tax agency systems, increasingly, they go directly after unsuspecting constituents. Tax scams can involve fraudsters impersonating IRS agents while calling consumers with the intent of stealing money or personal information. In 2024, the Federal Trade Commission reported thousands of IRS imposter scams causing taxpayers to collectively lose $6.26 million.
To reduce call spoofing of agency phone numbers, inbound-only numbers can be registered with carriers as ‘do not originate.’ Agencies can also designate verified numbers for outbound calling to better assure calls aren't mislabeled, tagged as spam or blocked.
Some organizations have even started to display branding on outbound mobile calls — including information like the agency name, logo and purpose of the call. These measures can help protect an agency's reputation and reassure constituents calls they’re receiving are legitimate.
What can be done to implement stronger security measures and more positive user experiences?
The burden of fraud should not fall on constituents. Instead, government agencies should be vigilant about detecting evolving, identity-based fraud and the interconnected risk across digital and phone channels. To protect and foster more positive experiences and build constituent trust, agencies must have a better understanding of taxpayers, their online and offline identities, and the devices they use every day. Using complementary layers of these data insights, tax agencies may better detect and reduce fraud behind the scenes — enabling them to serve trusted constituents faster and prioritize focusing limited resources on suspected fraudulent returns.
Help reduce identity-based fraud with TransUnion® TruValidate™ identity and fraud solutions.
