Banking Exchange Magazine Logo

‘Tis the season—for tax refund ID fraud

Tax time marks return of a favorite scam

  • |
  • Written by  Srividya Sunderamurthy, Guardian Analytics
‘Tis the season—for tax refund ID fraud

Identity theft tax fraud is a scheme where criminals file fake tax returns under the name of an unsuspecting taxpayer, obtaining a refund from the Internal Revenue Service before the legitimate taxpayer files his or her actual return. The victim is the IRS, which pays out billions to criminals filing fraudulent returns.

IRS ranked identity theft tax refund fraud as its number one scam in 2013. And it’s estimated that identity theft tax fraud will result in $21 billion in losses over the next five years.

Impact on banks

Under Title 31 Code of Federal Regulations, Part 210, RDFIs—Receiving Depository Financial Institutions—must notify the government of any misdirected tax funds and return the credit entry to the IRS. In addition, the Bank Secrecy Act (BSA) requires financial institutions to detect and report any suspicious credit activity.

So, while financial institutions are not in the direct line of fire for financial loss, they have compliance requirements to watch for and report transactions that would result from fraudulent tax refunds.

Description of the scheme

Here’s how this fraud works:

1. Grabbing ID basics. The criminal obtains personally identifiable information on a taxpayer, such as their name, address, contact information, and social security number, all of which has been exposed in the numerous data breaches in 2014 and earlier.

2. Phony filing for the money.The criminal uses obtained personal information to file a fraudulent tax return and claim a refund. Often the crook uses the same return and supporting documentation to file many fraudulent returns at the same time, simply changing personal details about the taxpayer.

3. Moving the money. As part of the filing, the criminal requests that the money be deposited directly into a bank account under his control. Alternatively, he may have the funds loaded onto a prepaid debit card.

Executing this scheme does not require that the refund be deposited into the taxpayer’s own account. Thus the criminal does not need to have compromised an existing account. He only needs to create a new one.

4. Cashing out. The criminal withdraws the funds as soon as the tax refund has been credited to his account.

How to detect fraudulent tax refunds

This scheme will result in multiple suspicious credits to deposit accounts or to debit cards—in some cases hundreds of deposits to the same account—as criminals file many fraudulent returns at once. Suspicious characteristics could include large refunds to new accounts; identical deposit amounts to multiple accounts; or multiple deposits from the U.S. Treasury to the same account.

Also, many times the name on the tax return, that is, the name under which the refund is issued, does not match the name on the deposit account or the debit card.

Means of detection can include monitoring ACH receiving files to detect unusual or suspicious patterns between originators and recipients; high-velocity deposits to the same account; or mismatches between the name in the ACH credit and the name on the account. Activity ought to be compared to not only to the account holder’s own historic behavior, but also to the behavior of the population as a whole, and to known fraudulent activity.

Ideally, software can detect suspicious credits without time-consuming manual reviews and without writing and maintaining rules that result in a high volume of false positives.

About the author

Srividya Sunderamurthy is product director at Guardian Analytics. Guardian Analytics provides behavioral analytics solutions for protecting proprietary information and systems, payments, and online and mobile banking. The company’s FraudMAP product performs detection functions described in this article.

back to top


About Us

Connect With Us



How to get the most out of Data and AI
with Ravi Loganathan from Sardine
and President of Sonar

AT 11 AM ET / 8 AM PT, July 24, 2024

In this webinar we will cover:


This webinar is brought to you by:

SardineBanking Exchange