Gregory Korte, USA TODAY
WASHINGTON -- The Internal Revenue Service sent 655 tax refunds to a single address in Kaunas, Lithuania -- failing to recognize that the refunds were likely part of an identity theft scheme. Another 343 tax refunds went to a single address in Shanghai, China.
Thousands more potentially fraudulent refunds -- totaling millions of dollars -- went to places in Bulgaria, Ireland and Canada in 2011.
In all, a report from the Treasury Inspector General for Tax Administration today found 1.5 million potentially fraudulent tax returns that went undetected by the IRS, costing taxpayers $3.2 billion.
Those numbers are from an audit of 2011 data, and the IRS said it's put dozens of measures in place since then to crack down on the problem.
Acting Commissioner Danny Werfel acknowledges that "refund fraud caused by identity theft is one of the biggest challenges facing the IRS today." Testifying to a congressional committee in August, he said the agency now has 3,000 employees working on identity theft issues -- double what it had last year.
Here's how stolen identity tax fraud typically works: Thieves, using a valid social security number, file a tax return using fictitious withholding forms showing that they're due a refund, and have those refunds sent to another address. When the real taxpayer tries to file a return, the IRS rejects it.
But Treasury auditors have spotted a new wrinkle to this scam, in which the thieves don't need social security numbers.
Instead, they apply for what's known as an Individual Taxpayer Identification Number, or ITIN. An ITIN looks like a Social Security number, but it's used by people -- usually legal and illegal immigrants -- who aren't eligible for a Social Security number. An ITIN looks like an SSN, but begins with a 9 and has a 7, 8 or 9 as its fourth digit.
So, for example, the auditors found that the IRS issued 1,947 ITINs to individuals at a single address in Mountlake Terrace, Wash. In 2011, the IRS sent 194 tax refunds totaling $ 554,866 to that same address -- for returns that should have raised red flags. ITIN fraud totaled $385 million in 2011, auditors said.
The IRS now automatically cancels ITINs after five years.
One reason this fraud happens is that the scammers file the returns even before the IRS receives withholding statements directly from employers and other sources of income. Fixing that problem would take an act of Congress giving the IRS quicker access to outside data, said Michael E. McKenney, the inspector general's top auditor, in the report.
In the meantime, the IRS said it has new identity theft screening filters and developed more sophisticated data models to detect emerging fraud patterns. Since 2011, the IRS has stopped 12.6 million suspicious returns involving $40 billion in fraudulent refunds, said spokeswoman Julianne Fisher Breitbeil.