It’s Tax Fraud Season

10 Red Flag Indicators of Tax Refund Fraud

January 21, 2016 by Brendan Brothers

With the holiday season behind us and the new year underway, it’s time to prepare for a brand new season—the 2016 tax filing season. Over the next few months, fraudsters will exploit the personal information of thousands of U.S. taxpayers and pocket millions of dollars in fraudulent tax refunds — illicit funds that will be deposited and moved throughout the financial system.

According to the Department of Justice, five million tax returns were filed using stolen identities in 2013. Of those, more than $24.2 billion in tax refund fraud was either prevented or recovered by the IRS — but a staggering $5.8 billion in fraudulent refunds was paid out.

How do they file fraudulent claims?

Tax refund fraudsters are often part of larger, more organized criminal schemes that begin by acquiring the necessary information to file fraudulent claims. Personally Identifying Information including Social Security or Tax Identification Numbers (TINs) can be acquired quite easily by the savvy fraudster.

A variety of fraud scams have been identified by the Internal Revenue Service (IRS), such as harassing telephone calls or phishing emails from fraudsters posing as IRS representatives. But cyber fraud likely poses the greatest threat. Hacked tax filing systems or breached databases provided unprecedented access to identities of unsuspecting victims.

In the 2015 tax season, there was an “unprecedented surge in online tax scams” by increasingly sophisticated criminals targeting third-party tax filing services, following a massive breach in the IRS online tax return service “Get Transcript”, as reported by the Washington Post.

Shockingly, identities stolen through breaches and hacking are made available for purchase online — some for less than the price of a cup of coffee.

Why do financial institutions need to be on guard?

Although tax refund fraud itself does not directly result in a loss for institutions, there is a clear role to play from an AML/BSA standpoint, as outlined by FinCEN. Financial institutions are “critical in identifying tax refund fraud because of the methods for tax refund distribution – issuance of paper checks, and direct deposit into demand deposit or prepaid access card accounts.” The regulator also points out that as direct deposit grows in popularity year-over- year, financial institutions should expect tax refund fraud and suspicious activity related to these direct deposits to continue to increase as well.

Financial institutions also need to be on guard for tax refund fraud because it is often part of larger, more organized criminal schemes involving many types of illicit activities, including identity theft, cybercrimes, and money laundering activity, such as mule accounts and structuring.

How could these illicit funds move into and through accounts at my institution?

Today’s sophisticated criminals are trying to avoid detection by opening or using mule accounts. “Mule accounts” are used to deposit and, ultimately, move the illicit proceeds of criminal activity.

To facilitate their crime, fraudsters may open the account themselves using false or stolen identities.

But often, it is operated by an unknowing accomplice, a money mule, who believe they are being employed as part of a money transfer service, and may not understand the consequences of their involvement.

Once the fraudulent refunds are deposited — the illicit funds will be moved in an attempt to mask the crime through rapid ATM cash withdrawals, POS purchases, or structured payments to other institutions.

In direct response to the growing problem of Tax Refund and Identity Fraud, in 2015, the IRS imposed a new limit on the number of direct deposit refunds that could be issued to a single financial account or pre-paid debit card — to three refunds. So, organized criminals often use multiple mule accounts to deposit fraudulent refunds, launder funds and maximize their illicit revenue stream.

What should a financial institution look for?

With the increased focus on preventing Tax Refund Fraud, the IRS has joined forces with many groups, including government agencies, third-party filing providers, law enforcement and financial services to share information and develop strategies for identity theft and anti-fraud measures.

Below is a summary of some of the red flag indicators for Tax Refund Fraud identified by FinCEN in consultation with the IRS and law enforcement.

For a complete list, including indicators for those related to business accounts, check cashing services, and fraud related to employees of financial institutions, see FinCEN’s Update on Tax Refund Fraud and Related Identity Theft.

If you suspect that the funds being deposited or transferred at your institution are the result of Tax Refund Fraud, you are required to file a Suspicious Activity Report (SAR). FinCEN also recommends that due to the time-sensitive nature of these transactions, you may also wish to contact your local IRS Criminal Investigation Field Office to alert them that a SAR has been filed related to Tax Refund Fraud.

10 Red Flags for Tax Refund Fraud

Accounts with multiple refund payments or majority of transactions from refunds

  1. Multiple direct deposit tax refund payments (federal, state or local), directed to different individuals, are made to a demand deposit or prepaid access account held in the name of a single account holder.
  2. Individuals using bank accounts where the majority of the transactions are ACH federal tax refunds or refund anticipation loans.

Account opening with transactions solely from refunds

  1. Suspicious or authorized account opening on behalf of individuals who are not present, with the absent individuals being accorded signatory authority over the account, with subsequent deposits comprised solely of tax refund payments. This activity often occurs with fraudulent returns for the elderly, minors, prisoners, the disabled, or recently deceased.

Multiple prepaid card accounts with tax refund credits

  1. A single individual opening multiple prepaid card accounts in different names, using valid TINs for each of the supplied names and having the cards mailed to the same address. Shortly after card activation, ACH credit(s) representing tax refunds occur. This is followed quickly by ATM cash withdrawals and/or point-of-sale purchases.
  2. Multiple prepaid cards that are associated with the same physical address, telephone number, e-mail address, or Internet Protocol (IP) address, which receive tax refunds as the primary or sole source of funds.

Tax refund checks and check endorsements

  1. Individuals accompanying multiple parties to the bank to negotiate Treasury tax refund checks. Such items may or may not be double endorsed checks.
  2. Individuals attempting to negotiate double endorsed Treasury tax refund checks with questionable identification.
  3. The signature/endorsement on the back of the check(s) does not match the identification of the individual conducting the transaction.
  4. The same signature/endorsement is used on multiple checks with multiple names.
  5. The freezing or closure of a personal account due to suspicious activity involving either Treasury tax refund checks or ACH Treasury deposits.
Verafin is the industry leader in enterprise Financial Crime Management solutions, providing a cloud-based, secure software platform for Fraud Detection and Management, BSA/AML Compliance and Management, High-Risk Customer Management and Information Sharing. Over 3800 banks and credit unions use Verafin to effectively fight financial crime and comply with regulations. Leveraging its unique big data intelligence, visual storytelling and collaborative investigation capabilities, Verafin significantly reduces false positive alerts, delivers context-rich insights and streamlines the daunting BSA/AML compliance processes that financial institutions face today.