April 10,2008

Baucus Statement on Tax Related Identity Theft

Hearing Statement of Senator Max Baucus (D-Mont.)
Regarding Identity Theft

A Chinese proverb says: “Make your plans for the year in the spring, and your plans for the day
early in the morning.”

Each spring, millions of Americans start to make their plans. Right after they sign their tax returns, with a sigh of relief, they begin to plan how to spend their tax refunds.

They dream about paying down the bills. They dream about buying a new TV. They dream
about putting money in the bank.

But for tens of thousands of taxpayers each year, their dreams turn into nightmares. These
taxpayers are the victims of identity theft.

According to the Federal Trade Commission, during 2006, some 50,000 people complained about
tax-fraud and employment-related identity theft. That’s a significant increase. Four years
earlier, in 2002, there were just 18,000 cases.

Some taxpayers learn that they are victims right away. That’s because the IRS rejects their
returns. Someone has already filed, using the taxpayer’s name and Social Security number.

On average, it takes almost a year for the IRS to sort out who is the real taxpayer. In the
meantime, the victim’s tax accounts get frozen. The IRS issues no refund. The money that the
taxpayer was planning on doesn’t come. The taxpayer waits in tax limbo, for months and

Other taxpayers don’t learn that they are the victim of identity theft until years later. It’s not until
the IRS starts matching W-2s to tax returns that the IRS detects the theft. Victims first realize
that other people are using their identities when the IRS contacts them. The IRS asks them why
they did not report the income that appears on W-2 forms with their names on them.

Both the National Taxpayer Advocate and the Treasury Inspector General for Tax Administration
— or TIGTA — have called tax-related identify theft a serious problem.

They agree that the IRS lacks adequate agency-wide strategies to ensure that victims of identity
theft are treated consistently and to minimize their burden.

The Advocate has identified at least 17 different functions within the IRS that deal directly with
private taxpayer information. The TIGTA has reported that as many as 240 computer systems at
the IRS contain personally-identifiable information.

Clearly, the IRS requires a comprehensive identity-theft strategy with goals, timelines, and
milestones. That strategy needs to hold IRS personnel accountable for reducing identity theft. I
call on you to give me a status report within 90 days.

I am amazed the IRS has no mechanism for taxpayers to give the IRS a heads-up that their
identities have been stolen. Instead, the IRS tells victims to report the crime to the Federal Trade
Commission. And then the IRS does nothing to coordinate with the FTC to use that information.

I am disappointed that the IRS does not notify a taxpayer when someone else has filed a return
using the victim’s Social Security number.

I am astonished that some IRS processes actually appear to facilitate identity theft. These involve returns filed by persons using Individual Taxpayer Identification Numbers — or ITINs. These persons will sometimes attach W-2s to their returns with someone else’s Social Security numbers.

But ITIN holders usually cannot legally obtain a Social Security number. So returns with both an
ITIN and a W-2 with a Social Security number should raise a red flag.

But the IRS processes these returns, without asking any questions. The IRS deliberately looks the other way. In fact, the IRS changed its electronic filing filters last year so that returns filed using both an ITIN and a Social Security number would not be rejected.

You would think that the IRS would flag those returns. But they don’t.

You would think the IRS would notify the rightful owner of the Social Security number that
someone else is using the number. But they don’t.

I am dismayed that the IRS does not do more to stop identity theft. The IRS generally will not
prosecute an identity theft case unless it is part of a larger crime.

Victims of identity theft deserve better. They deserve consistent procedures, no matter what part
of the IRS they are dealing with. They deserve a way to forestall problems with the IRS once
they discover they are victims. They deserve to be notified when someone else uses their Social
Security numbers.

Identity theft is a serious crime. It’s growing. America’s taxpayers must be able to trust that the
IRS is doing all that it can to protect their identities.

It’s time for the IRS to stop stalling. It’s time for the IRS to make and implement an effective
plan to detect, deter, and stop identity theft. It’s time to end the nightmare for honest American
taxpayers who fall victim to identity theft.