Tax theft is a $ 20 billion a year industry, and one company things it can do something about that. Thanks to a new app from security firm MorphoTrust, taxpayers might now be able to secure their returns by using a selfie.
It's an idea that might save them, and the government, a lot of time and money.
Every year identity thieves steal taxpayers' information at both the federal and state level. These criminals file using stolen credentials such as Social Security numbers and W-2s picked up during phishing schemes and, if there's a refund due, take the money for themselves. With more than 80% of taxpayers getting money back from the government, and the average refund around $3,100, it's a pretty lucrative scheme.
It's also one that has become increasingly and incredibly easy with the advent of online tax processing and e-filing. It's the classic story that all IT security struggles with: making a system easier to use also makes it easier to hack. Well, those same systems which auto-crunch the numbers and let taxpayers dodge post office lines have made it seamless and easy to monetize identity theft.
"It's been frustrating for years," said Julie Magee, commissioner of the Alabama Department of Revenue. According to her, one of the biggest frustrations of her job over the past several years has been keeping the lid on an explosion in tax-related identity theft.
"We're really behind compared to banks and credit card companies and mortgage companies in preventing other people's pii [personally identifiable information] from being used to file fraudulent tax returns," she said.
"Any government that accepts an income tax return, we [are] being taken advantage of and wasting billions of dollars in funding criminal activity," she added. "It was happening on a small scale prior to 2011, but in 2011, that's when we saw just an explosion in identity theft, and we think it has to do with pushing people to file electronic returns rather than paper returns."
By moving the tax system online, Magee said, the government made it far easier for taxpayers to do their civic duty as well as for the government to process it. (She estimates that Alabama alone spends approximately $1.90 to process each paper return compared to the next-to-nothing costs of an electronic one.)
Yet the same systems that increase ease of use for individuals do the same thing for criminals. Reduced barriers have made it possible to submit hundreds or even thousands of illegitimate filings, making the scheme profitable even if the government rejects all but a relative few.
Locking down those systems, though, proves incredibly difficult in an era where personal IDs are an increasingly marketplace commodity.
Most government systems use more or less the same set of information to prove a user's identity: Social Security numbers, driver's license numbers, home addresses both past and present, etc. Particularly in the case of a social security number people try to keep this information private, but there's no such thing as bulletproof security. Device theft, hacks, scams and phishing schemes and any of a dozen other vectors can spill someone's personal information onto the internet.
And there's no unringing that bell. Data, once out in the wild, is out there for good. Anyone can copy it and use it again and again on any system.