By Rikki RogersTags:    Posted in: FeaturedInsights

How the IRS and State Revenue Agencies Can Mitigate Business Identity Theft

How the IRS and State Revenue Agencies Can Mitigate Business Identity Theft 

The IRS and state tax agencies have significantly improved their identity theft detection strategies over the past few years by investing in technology modernization, artificial intelligence, and machine learning. In response, fraudsters are changing tactics and increasingly stealing the identities of businesses – not just individual filers. To stay ahead of this, agencies need to implement fraud detection strategies specifically designed for business identity theft.

What is business identity theft?

Business identity theft occurs when criminals take over, impersonate, or fabricate the identity of business owners or their employees. When targeting the IRS and state revenue agencies, bad actors use these fake identities to fraudulently file tax returns and/or steal tax refunds issued to a business or its employees.
The most basic form of business identity theft (IDT) involves a fraudster filing a false return on behalf of an existing business entity. But, as with all identity-related fraud, business IDT has become more complex as fraudsters leverage emerging technologies and uncover weaknesses in the system.

For example, we’ve seen a surge in:

  • Fabricated entities – Fraudsters invent a new business by registering for an EIN, then use the fake business to file false business returns or employment tax returns.
  • Abused entities – Fraudsters use the EIN of an existing business to submit fake W2s to the Social Security Administration, then file for a refund based on the made-up wages.
  • Business account takeover – Fraudsters impersonate a business owner or officer in order to make changes to its account (e.g., change the address to reroute refund checks to themselves) or to obtain information about the business that they can use for other fraudulent activities.
By implementing Voyatek’s solutions, the IRS has prevented more than $10 billion in fraudulent payments.

READ THE CASE STUDY»

Why are tax scams involving business IDT difficult to detect?

These schemes are difficult to detect because they involve a combination of real and fabricated business and individual identities. The individual claiming a refund may be a willing participant or an unwitting accomplice.

Plus, fraudsters can fly under the radar by exploiting weaknesses in official channels. For example, to confirm that an inbound caller is an authorized officer of a business, customer service agents may ask for information that can be easily found online – like the year the business was founded or the CEO’s name and address.

Finally, bad actors are using AI to make their tactics more convincing and more scalable—generating thousands of false documents in seconds, scraping the web for hundreds of business’s information at once, and then sharing successful strategies with one another in online forums.

Adapting to the Challenge

To combat increasingly complex business IDT schemes, the IRS and state tax agencies need to mature their fraud detection strategies. We suggest the following:

Accelerate the Adoption of AI for Fraud Detection

AI can analyze and associate huge volumes of disparate data inputs and recognize patterns of abuse across channels in ways you simply can’t achieve manually. Graph neural networks, for example, are particularly useful in uncovering connections in organized fraud activities by identifying networks of interrelated transactions indicative of fraudulent operations.

WHITE PAPER: Artificial Intelligence and the Future of Government
READ NOW»

Arm Case Managers with Better Decision Support Tools

Case managers and customer service agents need intelligent tools that help them determine the next best action when working cases related to business identity verification. For example, current procedures around fabricated entities may involve manual checks of business tax returns and inquiries to Secretaries of State of website — all procedures that could be automated or streamlined.

The complexity of business fraud means disparate units in a tax agency may be responsible for different aspects of a case; analysts and tax technicians may need to mark information documents as suspect and unreliable for the purposes of income verification while other employees must remediate the impacted business entity by reversing fraudulent address or entity changes. Integrated case management platforms that provide custom workflows for complex fraud investigations are needed to assign cases based on type and complexity, manage workflows, and prevent duplication of effort.

Expand Cross-Agency Data Sharing

Many government agencies—e.g., the Social Security Administration, Department of Labor, and the Department of Health and Human Services—have valuable data that could help better identify business IDT.  Securely bringing this data together would optimize tax agencies’ strategies. For example, knowing the submission origin of W2 —whether it was submitted by a large and reputable payroll provider or directly uploaded through the SSA’s business portal —would allow tax agencies to identify clusters of fraudulent third-party submissions. Likewise, HHS’s National Directory of New Hires and state Departments of Labor can offer agencies independent verification of taxpayers’ employment status.

-Brian Bird, Sr. Vice President of Analytics and Ilya Gerner, Vice President, Fraud Analytics