NYTimes on growing tax fraud identity theft epidemic

The New York Times has a story on the web "With Personal Data in Hand, Thieves File Early and Often" by reporter Lizette Alverez for Sunday's paper. It describes an "epidemic" of tax identity theft. Thieves file fraudulent tax returns and receive a legitimate taxpayer's refund before he or she does, often on a hard-to-trace prepaid card.  Losses are in the billions, losses are increasing and legitimate taxpayers are waiting a long time to get their refund. It's a very good story that explains how the crime works, how it disproportionately harms retirees and how, -- despite massive efforts by agencies from the IRS to the post office -- it's a growing mess. Unfortunately, the reform promoted by some policymakers quoted in the story -- increasing criminal penalties -- has never worked to stop identity theft. Bad guys don't have to carry guns and they rarely get caught, so the crime is booming. Sure, it doesn't hurt to increase penalties, but it is not enough. We need to protect personal data better. Relying on increasing penalties is a feel-good solution that won't work on its own. But the credit bureaus and other powerful special interests have resisted legislation to protect personal information better and spent heavily to convince policymakers that "blaming bad guys" is more important than fixing their own sloppy practices. The credit bureaus, of course, are wrong.

The New York Times has a story on the web —  “With Personal Data in Hand, Thieves File Early and Often” — by reporter Lizette Alverez for Sunday’s paper. It describes an “epidemic” of tax identity theft. Thieves file fraudulent tax returns and receive a legitimate taxpayer’s refund before he or she does, often on a hard-to-trace prepaid card. It’s a very good story that explains how the crime works, how it disproportionately harms retirees and how — despite massive efforts by agencies from the IRS to the post office — it’s a growing mess. From the NYT:

“J. Russell George, the Treasury inspector general for tax administration, testified before Congress this month that the I.R.S. detected 940,000 fake returns for 2010 in which identity thieves would have received $6.5 billion in refunds. But Mr. George said the agency missed an additional 1.5 million returns with possibly fraudulent refunds worth more than $5.2 billion.”

So, losses are huge, losses are increasing and legitimate taxpayers are waiting a long time to get their refunds after filing a claim. Unfortunately, the reform promoted by some policymakers quoted in the story — increasing criminal penalties– has never worked to stop identity theft. Bad guys don’t have to carry guns to commit identity theft — a key reason they teach the crime in prison yards: “after you get out, stop carrying a gun, do identy theft.” Besides, not enough ID thieves get caught, so the crime is booming. Sure, it doesn’t hurt to increase penalties, but it is not enough. We need to protect personal data better. Relying on increasing penalties is a feel-good solution that won’t work on its own. It’s also a “look the other way” strategy that the credit bureaus and other members of the “Big Data” industry have used for years to deflect attention from their own failings.  The credit bureaus, of course, are wrong. They remain among the leading exponents of the Bart Simpson defense in America today: “I didn’t do it, nobody saw me do it, you can’t prove anything (youtube).”

But the credit bureaus and other powerful special interests have successfully resisted proposals to protect personal information better– they prefer to “blame the bad guys” not their own sloppy practices. The real solution is to better protect personal information. We could start with limiting the availability of Social Security Numbers as identifiers in the private sector, but businesses led by the powerful credit bureaus and less-well-known data brokers like the convenient crutch of using the number. As long as we use the SSN as both an identifier and an authenticator, any reform is doomed. As the privacy gurus at the Electronic Privacy Information Center have pointed out:

“Serious security problems are raised in any system where a single number is used both as identifier and authenticator. It is not unlike using a password identical to a user name for signing into e-mail. Or like using the SSN as a bank account number and the last four of the SSN as a PIN for automated teller machines.”

This 2011 Reuters story also includes comments from our colleagues at the authoritative Privacy Rights Clearinghouse about some of the other roadblocks that the IRs and other agencies face in stopping the crime and catching the crooks.

Topics
Authors

Ed Mierzwinski

Senior Director, Federal Consumer Program, PIRG

Ed oversees U.S. PIRG’s federal consumer program, helping to lead national efforts to improve consumer credit reporting laws, identity theft protections, product safety regulations and more. Ed is co-founder and continuing leader of the coalition, Americans For Financial Reform, which fought for the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, including as its centerpiece the Consumer Financial Protection Bureau. He was awarded the Consumer Federation of America's Esther Peterson Consumer Service Award in 2006, Privacy International's Brandeis Award in 2003, and numerous annual "Top Lobbyist" awards from The Hill and other outlets. Ed lives in Virginia, and on weekends he enjoys biking with friends on the many local bicycle trails.

Find Out More