• United States



Senior Staff Writer

IRS to delay tax refunds as a security precaution

Jan 23, 20173 mins
CybercrimeData and Information SecuritySecurity

The trade-off between security and personal welfare is a tough one

Refunds for more than 40 million low-income families could be delayed by the IRS this year, as the tax agency looks to leverage the extra time to combat identity theft and fraud.

These delays will surely impact some of the families filing their taxes this week, which is the official start to this year’s tax season. For many of them, their refund check is the largest payment they’ll see all year.

This isn’t the first time the IRS has delayed refunds in an effort to stop fraud, but the process is painful for millions of taxpayers who depend on their refund checks – or more notably the Earned Income Tax Credit (EITC) and child-tax credits – to catch-up on bills or generally survive.

Earlier this month, IRS Commissioner John Koskinen, told the Associated Press his agency was sensitive to the needs of taxpayers. At the same time, this doesn’t change the law requiring early refunds be delayed until February 15.

The delay is there to help the IRS detect fraud, but the process isn’t perfect. According to the AP report, 1.2 million legitimate refunds were delayed by at least 30-days on average last year.

The trade-off being made by the IRS is a tough one, because it means delaying refunds to the working poor for the sake of lowering the losses due to fraud, which topped more than $8.9 billion in 2013 and 2014. However, these delays did prevent more than $47 billion in fraudulent payments during the same reporting period.

Clearly something has to be done, and the criminals behind many of the recent tax scams show no signs of slowing down.

During the first quarter of 2016, tens of thousands of taxpayers were targeted by criminals working the billion-dollar industry of tax fraud and identity theft. At least 41 organizations, but likely more than 70 when the year’s public and private notifications are tallied, reported a wave of Phishing and social engineering attacks targeting payroll records. The criminals were especially interested in W-2 data.

Often originating via email, these scams were dubbed Business Email Compromise / Correspondence (BEC) attacks. BEC attacks are a variant of Spear-Phishing, as they play on the trust relationships that exist within the company.

Many of the organizations that came forward last year after being victimized reported the same basic setup; someone pretending to be the CEO or other high-level officer within the company requested payroll or tax records via email. The requests sounded official, and by most accounts mirrored similar requests made previously. As such, the employee who received the request complied.

The scams were painful for many of the victimized organization’s staffers, as they had to jump through additional hoops before they could file taxes, and worry about the future repercussions of the incidents. Moreover, at least one group of employees felt their employer tossed them aside and forgot about them in the aftermath of the BEC attack.

The IRS says that while the delays are both law and an important security measure, most refunds will be issued within 21 days.

“These increased security screenings are invisible to most taxpayers,” Koskinen said in a statement on the IRS website.

“But we want people to be aware we are taking additional steps to protect taxpayers from identity theft, and that sometimes means the real taxpayers face a slight delay in their refunds.”

Want to comment on this story, head over to our Facebook page.