Individual Income Insights: The Art of Taxation: Know Thyself


Programming Code

Nearly 700,000 accounts affected by the Internal Revenue Service hack in 2015. 70 million  pieces of personal information stolen in the 2013 Target data hack. And then the granddaddy of them all: 143 million compromised social security numbers in the 2017 Equifax data breach. Hostile state agents and splinter cells around the globe are targeting the world’s financial systems looking for any piece of information they can sell to a third party, and the more information they collect, the more money they make. Some state governments have decided to act before the next mass identity theft by requiring identity verification tests for some state taxpayers before their returns are processed and refunds paid. Although the programs have in some instances enjoyed success, questions and criticisms remain in the efficacy and necessity of such efforts. 

Speak, Friend, and Enter

Identity verification for state tax purposes comes in a variety of forms and processes. Indiana, for example, has used a bifurcated approach since 2014. With this approach, when a refund is submitted electronically, it is first confirmed using an identity verification database that analyzes the information claimed on the return. If the database discovers an issue with verification, the taxpayer is then selected for heightened identity verification, which involves completing a four-question multiple choice quiz. The questions test the taxpayer’s knowledge concerning information contained on their tax return and other sources. The taxpayer must answer at least three out of four questions correctly to verify their identity. Several other states have a similar process, including Ohio, Kentucky, Louisiana, and Idaho. 

Initial statistics released by state treasury departments show encouraging signs that the programs are working as implemented. In Indiana, 97 percent of fraudulent activity and over $110 million in fraudulent refund attempts have been stopped using its bifurcated approach, according to a report released last week. Ohio’s program has been even more active, flagging “63,000 returns that were seeking more than $273 million in fraudulent refunds,” according to Cleveland.com

I Know Who I Am, Do You?

The programs have their critics as well. The biggest criticism has been the inability of legitimate taxpayers to answer some of the questions contained in the quiz. In Ohio, several residents complained that some questions refer to events or activities that occurred a long time ago. Many older taxpayers have simply not kept the kind of records required to complete the quiz, leaving them with the option of retaking, taking the quiz over the phone, or mailing in the required documents. 

Not all states take such a stringent approach with their identification queries. For example, in Indiana the information contained in the Identity Confirmation Quiz Letter and the expected refund are all a taxpayer needs to pass the test. Considering Indiana’s success, states like Ohio may want to consider reducing the difficulty of their tests to prevent the vulnerable being denied the refund they are due. 

As the sophistication of internet hackers grows, state governments will need to keep pace to ensure the security of our financial systems. Increasing sophistication while still offering a user-friendly interface may be the greatest challenge facing taxation authorities in the years ahead. 

Continue the discussion on Bloomberg BNA’s State Tax Group on LinkedIn: Should federal, state, and local governments be doing more to protect our identities and financial system? 

Get a free trial to Bloomberg Tax: State, a comprehensive research service that provides deep analysis and time-saving practice tools to help practitioners make well-informed decisions.