1 / 17

Stephen M. Ryan David Hahn McDermott Will & Emery Intuit, Inc.

Protecting the Integrity of the Tax System Against Tax Fraud and ID Theft: What Industry Is Contributing. Stephen M. Ryan David Hahn McDermott Will & Emery Intuit, Inc. (202) 756-8333 (650) 944-3522 sryan@mwe.com david.hahn@intuit.com. AMERICAN COALITION FOR TAXPAYER RIGHTS

gyan
Download Presentation

Stephen M. Ryan David Hahn McDermott Will & Emery Intuit, Inc.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Protecting the Integrity of the Tax System Against Tax Fraud and ID Theft: What Industry Is Contributing Stephen M. Ryan David Hahn McDermott Will & Emery Intuit, Inc. (202) 756-8333 (650) 944-3522 sryan@mwe.comdavid.hahn@intuit.com AMERICAN COALITION FOR TAXPAYER RIGHTS (“ACTR”)

  2. WHO IS THE AMERICAN COALITION FOR TAXPAYER RIGHTS (“ACTR”)? • ACTR is a 501(c)(6) • Made up of 2 components: tax preparation companies and financial service settlement companies • We help prepare approximately 90 million of the 140+ million individual federal income tax returns • We provide approximately 18.6 million of the nearly 20 million RTs • ACTR tax preparation companies: • H&R Block • Intuit • Jackson Hewitt • Liberty Tax • Tax Act (2nd Story) • TaxSlayer • CCH Small Firm Services (UTS)

  3. Continued: WHO IS ACTR? • The tax companies’ offerings range from: • In person • Do-it-yourself software (DIY) • “Professional” software (used by CPAs, lawyers, other preparers) • ACTR financial services companies: • H&R Block • Refund Advantage • Republic Bank and Trust • Santa Barbara Tax Products Group

  4. Understanding Tax Processing 1. Return Preparation 2. Return Filing & E-File 3. Return Processing & Refund Delivery 4. Prepaid Card Refund Delivery 4

  5. Diverse Tax ecosystem 140M individual returns – over 80% are electronically filed $$ Refund Delivery: Direct Deposits to Banks & Prepaid Cards + Checks “Preparer” Category Franchised & Independent Preparers Professional Tax Software ~60% IRS e-file Transmitters EF Returns Consumer Tax Software “Software” Self-Prepared Category ~30% “Manual”Self-Prepared Category ~10% Mailed Returns #’s are approximations based on various sources

  6. CHARACTERISTICS OF TAX PREPARATION MARKETPLACE • In 1999, 1.25 million taxpayers used private sector on-line products. In 13 years the industry (not just ACTR members) has gone from about 1% of taxpayers to 80% of taxpayers using Internet and electronic tax-preparation products • The states and federal government did not pay for this change, but have benefited mightily, e.g.: • lower cost of processing returns • reduced errors in returns since software corrects routine taxpayer errors • taxpayers benefit in reduced burden and cost • Industry marked by innovation, fierce competition and change • Software capabilities continue to increase, but not price • Competition is fierce within sectors (e.g., DIY), and between sectors (DIY v. stores v. professionals) • Example: A recent market entrant less than 10 years old has become the #3 company in the industry in a decade

  7. Understanding the THREAT Our tax system is under attack by very capable criminals 1 Theft (or misuse) Of Identities (directly or indirectly) enables… Authentication & Identity Gaps 2 Examples: Puerto Rican SS# Retirees Nursing Homes Schools Deceased Preparation & Filing of Fraudulent Returns resulting in… 3 Huge Volumes early in Tax Season First to file prior to real Tax Payer Delivery & Use of Fraudulent Refunds As with all types of fraud, criminals constantly change their fraud schemes Prepaid Cards used to move money

  8. Tax Fraud is fueled by an explosion in identity theft Sources: Prepared Statement of IRS Commissioner Doug Shulman, during Hearings on Identity Theft before Subcommittee On Government Organization, Efficiency And Financial Management of the House Committee On Oversight And Government Reform , June 2, 2011. GAO Report: Taxes and Identity Theft (GAO11-674T),Testimony before the Subcommittee on Fiscal Responsibility and Economic Growth, Committee on Finance, U.S. Senate, released May 25, 2011. • Identity theft is one of the fastest growing crimes in the U.S. • #1 consumer complaint received by FTC for last 11 years • Fraud perpetrated against the government in 2010 was the most common form of reported identity theft crime • IRS experienced significant increases in tax issues resulting from identity theft for tax years 2009-2011

  9. ACTR Agrees with GAO’s Framework for Fraud Prevention “A well-designed fraud prevention system should consist of three crucial elements: (1) upfront preventive controls, (2) detection and monitoring, and (3) investigations and prosecutions.” GAO Report GAO-06-954T, July 12, 2006, “Individual Disaster Assistance Programs Framework for Fraud Prevention, Detection, and Prosecution.”

  10. Overall ACTR Ideas/Concepts • Within the GAO framework, ACTR has focused on key taxpayer and fraud prevention outcomes intended to obtain the most “bang for the buck” in the short and long term: • Increasing barriers to potentially fraudulent electronic filings • Companies can help IRS identify suspicious activity for enhanced processing by providing more information at the time of electronic filing, and additional information after electronic filing, but not acting as a law enforcement adjunct against our customer • We could help IRS identify legitimate taxpayers who we recognize as repeat customers for timely return processing and refund issuance by providing more information at the time of electronic filing • Rejecting IRS refund issuance to direct deposit accounts that exhibit suspicious indicators • Preventing or restricting access to previously issued IRS refunds in direct deposit accounts that exhibit suspicious indicators • Further enabling law enforcement to identify and stop fraudulent activity quickly • Identifying and helping legitimate taxpayers who are prevented from filing their returns or receiving their refund in a timely manner

  11. Protecting the “Front Door” 6.5 Million LinkedIn Passwords Reportedly Leaked, LinkedIn Is “Looking Into” It Yahoo Confirms 450,000 Accounts Breached, Experts Warn Of Collateral Damage Websites that only use UserID & Password may be increasingly vulnerable Many breaches like: Many consumers reuse their U/P

  12. What can IRS and other portions of government do to reduce and mitigate the impact of Identity Based Tax Fraud? • Improve on current Authentication of PIN/AGI • Obtain more data, such as Device ID • Industry and IRS can use better filtering and detection capabilities • Continue to improve coordination and information sharing in LE community is under say • IRS/CI, DOJ, FBI, US Postal, Secret Service, State LE • Use expertise of industry groups willing to help • CERCA, ACTR, FFA and others

  13. IRS.GOV Electronic Filing PIN Tool

  14. Data Elements to Routinely Collect and provide as part of E-FIle • Key data elements already collecting: • Filer Identity: Name/Social Security Number/DOB of filer • IP Address from which the efile was submitted • Bank Account: RTN/Account# of the bank account being to which a refund transfer was requested • Email Address for filing status notifications • Street Address provided as the filer • Phone number provided as the filer • Potential NEW Element • DeviceID = Globally Unique ID of the device (Computer, SmartPhone, Tablet) used to submit the efile

  15. A DeviceID should… • Accurately identify a unique device in a way that is resistant to manipulation • Recognize a returning device (e.g. Following Tax Year) • Allow for association of additional “high risk” returns • Once certain user behavior is observed as “high risk”, linking to other returns from the same DeviceID becomes possible. Utilizing DeviceID enables Web Sites to uniquely identify users tied to unique machines and returns. This is a better method of identifying than IP address, PINs, or email/User IDs, which can easily be manipulated.

  16. Once Data is Collected, Analytics and Risk Scoring can be performed by Government, identifying possible Fraud • Rules based on DeviceID can be used to calculate risk for transaction • Negative Lists Device or IP is on “black” list or watch list • Velocity Rules High number of filings from same DeviceID • Static Rules Device is using proxy server • Multi-level rules can be used to hold transaction • IF Risky DeviceID and Risky bank account , then hold • If Risk DeviceID and compromised Identity, then hold • Link Analysis on DeviceID can be used link filings and identify fraud rings

  17. Understanding DeviceID • A DeviceID is not a MAC Address. A MAC Address is a serial number assigned to a computer’s network card, and is not available remotely to Web Servers • A DeviceID is based on observed device characteristics, using backend algorithms that determine the uniqueness of the device • How it works: 1. DeviceIDjavascript is loaded to the browser Users Web Browser • Javascript is embedded on the target web page which: • Looks for, or sets a device “tag” (e.g cookies) on the customer’s computer/device. • Captures characteristics of the customer’s computer and browser (IP Address, user agent, headers, mime-types, Plug-ins, etc) • The tag and fingerprint are sent by the Web Browser to the Web Server • The Web Server sends the tag and fingerprint to a DeviceID Service where it is associated with an existing DeviceID, or a new DeviceID • The DeviceID service returns the DeviceID to the Web Server and User can then be uniquely identified • IRS could build the DeviceID service or leverage various Vendors. 2. Device Fingerprint is generated and posted to the web server Web Server 3. Web server makes a call to DeviceID Service DeviceID Service 4. DeviceID Service returns a Globally Unique Device ID

More Related