Skip to main content

Employment-Related Identity Fraud: Improved Collaboration and Other Actions Would Help IRS and SSA Address Risks

GAO-20-492 Published: May 06, 2020. Publicly Released: May 06, 2020.
Jump To:

Fast Facts

Employment-related identity fraud occurs when people use a name or Social Security number (SSN) other than their own to get a job. This fraud makes it harder for IRS to collect taxes and harder for the Social Security Administration to manage benefits.

Though the true scope of this fraud is unknown, we identified 1.3 million SSNs from 2016 that were associated with both signs of potential fraud (e.g., wages reported for the SSNs of children or the elderly), and underreported wages to IRS by the taxpayer.

Our recommendations include improving how both agencies share wage data to better detect this type of fraud.

Employment-related identity fraudsters use identities other than their own to gain employment

Resume

Resume

Skip to Highlights

Highlights

What GAO Found

Employment-related identity fraud occurs when people use a name or Social Security number (SSN) other than their own to get a job. People may do this if they are not authorized to work in the United States or are trying to avoid child support payments, among other reasons. Victims may face Internal Revenue Service (IRS) enforcement actions based on wages earned by fraudsters. IRS identified more than 818,000 cases in 2018, but this included only one form of employment-related identity fraud—mismatches between the identity listed on the Form W-2, Wage and Tax Statement (W-2) and the identity on the tax return. The true scope of employment-related identity fraud is unknown.

GAO reviewed additional forms of this fraud and identified 1.3 million SSNs that for 2016 had both (1) characteristics associated with employment-related identity fraud; and (2) wages reported by the employer on a W-2, but not reported by the employee on a tax return. This includes about 9,000 individuals whose employers reported W-2s in five or more states, but who did not include them all on their tax return (see figure).

Example of a Social Security Number Potentially Used for Employment-Related Identity Fraud

Example of a Social Security Number Potentially Used for Employment-Related Identity Fraud

The Social Security Administration (SSA) processes W-2s before sending W-2 data to IRS for enforcement purposes. SSA has developed processes to detect some inaccurate W-2s and notify potential fraud victims. IRS uses W-2 information to deter some potential fraudsters, but has not assessed the costs and benefits of expanding its enforcement efforts to include certain individuals who may underwithhold taxes or not file returns. Doing so could help IRS determine if such an effort would enable the agency to collect additional revenue.

SSA and IRS entered into a memorandum of understanding (MOU) to collaborate to exchange wage data. However, they have not established performance goals and measures for the MOU, implemented the MOU's monitoring provisions, or clearly defined the data elements they exchange.

Why GAO Did This Study

Employment-related identity fraud poses risks to IRS's ability to collect taxes owed on wages and to SSA's ability to correctly calculate and manage Social Security benefits.

GAO was asked to review employment-related identity fraud. This report examines (1) the potential scope of employment-related identity fraud, including what IRS knows about this type of fraud and what GAO could determine by analyzing Department of Health and Human Services' National Directory of New Hires (NDNH) and IRS data; (2) SSA and IRS actions to detect and deter this fraud as well as notify victims; and (3) SSA and IRS's collaboration on the issue.

GAO analyzed 3 months of 2016 NDNH wage data and 2016 IRS taxpayer data to identify potential employment-related identity fraud. GAO also reviewed relevant IRS and SSA documentation and interviewed agency officials.

This is a public version of a sensitive report that GAO issued in January 2020. Information that SSA deemed sensitive has been omitted.

Recommendations

GAO is making 12 recommendations to IRS and SSA, including that IRS assess the feasibility of adding checks to its review of employment-related identity fraud, and assess the costs and benefits of expanding enforcement; and that both agencies improve the implementation of their MOU. SSA agreed and IRS neither agreed nor disagreed with the recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Internal Revenue Service The Commissioner of Internal Revenue should modify the title of IRS's employment-related identity theft action code 525 to reflect the type of employment-related identity fraud encompassed by this action code. (Recommendation 1)
Open – Partially Addressed
IRS initially neither agreed nor disagreed with GAO's May 2020 recommendation but in September 2020 partially agreed with it. In October 2020 IRS updated an internal policy document to change the definition of the indicator, but as of January 2024, IRS did not plan to change the title of the indicator. Our analysis of SSNs at risk of employment-related identify fraud indicates that the count of cases that IRS identifies under Action Code 525 likely understates the universe of employment-related identity fraud. By modifying the title of its employment-related IDT action code to more accurately reflect the data covered by the code, IRS could ensure that the agency is appropriately conveying the risk this specific type of employment-related identity fraud poses both to victims and tax administration without suggesting its statistics cover other types of employment-related identity fraud.
Internal Revenue Service The Commissioner of Internal Revenue should assess and document the feasibility of incorporating additional checks into its automated checks of employment-related identity fraud for populations at risk of employment-related identity fraud, such as children, elderly, deceased persons, and individuals associated with multiple wage records. (Recommendation 2)
Open – Partially Addressed
IRS initially neither agreed nor disagreed with GAO's May 2020 recommendation but in September 2020 agreed with it. IRS now reviews all W-2s, not just the first two, when identifying mismatches in returns filed with an Individual Taxpayer Identification Number. However, as of January 2024, IRS does not consider other characteristics, such as individuals with multiple wage records, in its checks for employment-related identity fraud. Doing so would require the development of new codes or the modifications of existing ones. By assessing and documenting the feasibility of incorporating additional checks--such as multiple wage records or wage records for children under 14--into its checks of employment-related identity fraud, IRS may be able to develop a method for identifying additional taxpayers at risk of this type of fraud.
Internal Revenue Service The Commissioner of Internal Revenue should assess and document the costs and benefits of using the Withholding Compliance Program (WHC) to address compliance risks posed by potential employment-related identity fraudsters who owe taxes and take appropriate action, as needed. (Recommendation 3)
Open
No executive branch action taken. IRS initially neither agreed nor disagreed with GAO's May 2020 recommendation but in September 2020 disagreed with it. IRS said that expanding WHC to address potential employment-related identity fraud would not be effective. IRS officials told GAO that in instances where a fraudster uses the same name and Social Security number (SSN) as a true SSN owner, WHC would be unable to determine which person may have underwithheld taxes, the fraudster or the true SSN owner. However, based on SSA data from tax year 2016, IRS received millions of Forms W-2, Wage and Tax Statement (W-2) with names and SSNs that do not match those of a true owner. These W-2s may be associated with employment-related identity fraudsters who owe taxes, and these returns are excluded from WHC. As of January 2024, IRS said it has no plans to take further action on this recommendation. Until IRS assesses these costs and benefits, IRS may be missing an opportunity to close the enforcement gap for fraudsters who underwithhold and to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should modify Automated Underreporter (AUR) to include wage discrepancy checks for victims of employment-related identity fraud once IRS has updated AUR's legacy programming code. (Recommendation 4)
Open
No executive branch action taken. IRS initially neither agreed nor disagreed with GAO's May 2020 recommendation but in September 2020 disagreed with it. According to agency officials, IRS does not know when or if it will be able to update AUR's legacy programming code. IRS acknowledges that excluding victims of employment-related identity fraud from checks made by the AUR program creates an enforcement gap. GAO therefore maintains that IRS should update AUR to include wage discrepancy checks for these taxpayers when feasible. As of January 2024, IRS said it has no plans to take further action on this recommendation. Until IRS modifies AUR to include checks for these individuals, IRS may be missing an opportunity to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, develop and document a plan for updating future Combined Annual Wage Reporting (CAWR) MOUs. The plan should identify actions, time frames, and responsible parties, including executive leadership. (Recommendation 5)
Closed – Implemented
The Internal Revenue Service (IRS) agreed with this recommendation and in November 2020 finalized a joint strategy with the Social Security Administration for the continued maintenance of the Combined Annual Wage Reporting (CAWR) Memorandums of Understanding (MOU), as GAO recommended in May 2020. This strategy includes an agreement to review and update the MOU every two years beginning in fiscal year 2022. It also specifies how the MOU will be reviewed, and identifies parties responsible for conducting these reviews. IRS's actions will better position IRS to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, develop and implement goals and performance measures for the CAWR MOU. (Recommendation 6)
Closed – Implemented
IRS initially neither agreed nor disagreed with GAO's May 2020 recommendation but in September 2020, agreed with it. In October 2020, SSA and IRS finalized a joint update to the CAWR MOU. As of June 2021, SSA and IRS had updated part of the MOU to identify goals and performance measures the agencies can use to monitor their efforts to implement the MOU. These will provide IRS greater assurance that both agencies are periodically assessing the CAWR process and identifying opportunities to improve the timely exchange of information.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, develop and document a strategy for assuring that the reviews required by the updated MOU are completed within the specified time frames. (Recommendation 7)
Closed – Implemented
The Internal Revenue Service (IRS) agreed with this recommendation and in November 2020 finalized a joint strategy with the Social Security Administration for the continued maintenance of the Memorandum of Understanding (MOU). This strategy includes an agreement to review specific aspects of the MOU, such as the continued relevance of different data exchanges, every two years beginning in fiscal year 2022. It also identifies parties responsible for conducting these reviews and establishes deadlines for completing them, steps that will help assure reviews are completed within the specified timeframes, as GAO recommended in May 2020. IRS's actions will better position IRS to collect additional revenue.
Internal Revenue Service The Commissioner of Internal Revenue should, in collaboration with the Commissioner of Social Security, clearly define data elements they exchange with SSA. (Recommendation 8)
Closed – Implemented
IRS neither agreed nor disagreed with GAO's May 2020 recommendation and has taken steps to clearly define data elements exchanged with SSA. In October 2020, IRS and SSA finalized a joint update to the Combined Annual Wage Reporting (CAWR) Memorandum of Understanding (MOU) that included an exhibit (updated in June 2021) that defines data elements exchanged between the agencies as part of the CAWR process, including personnel responsible for overseeing these transfers, and processes for managing transaction errors. Additionally, as of October 2021, IRS and SSA have defined common terms in other publications, and the agencies plan to reference those definitions in the next MOU update. This will provide IRS the opportunity to use data more effectively to identify fraudulent or otherwise inaccurate earnings.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, develop and document a plan for updating future CAWR MOUs. The plan should identify actions, time frames, and responsible parties, including executive leadership. (Recommendation 9)
Closed – Implemented
The Social Security Administration (SSA) agreed with this recommendation and in November 2020 finalized a joint strategy with the Internal Revenue Service for the continued maintenance of the Combined Annual Wage Reporting (CAWR) Memorandums of Understanding (MOU), as GAO recommended in May 2020. This strategy includes an agreement to review and update the MOU every two years beginning in fiscal year 2022. It also specifies how the MOU will be reviewed, and identifies parties responsible for conducting these reviews. SSA's actions will better position SSA to more effectively manage its benefits programs.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, develop and implement goals and performance measures for the CAWR MOU. (Recommendation 10)
Closed – Implemented
SSA agreed with GAO's May 2020 recommendation. In October 2020, SSA and IRS finalized a joint update to the CAWR MOU. As of June 2021, SSA and IRS had updated part of the MOU to identify goals and performance measures the agencies can use to monitor their efforts to implement the MOU. These will provide SSA greater assurance that both agencies are periodically assessing the CAWR process and identifying opportunities to improve the timely exchange of information.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, develop and document a strategy for assuring that the reviews required by the updated MOU are completed within the specified time frames. (Recommendation 11)
Closed – Implemented
The Social Security Administration (SSA) agreed with this recommendation and in November 2020 finalized a joint strategy with the Internal Revenue Service for the continued maintenance of the Memorandum of Understanding (MOU). This strategy includes an agreement to review specific aspects of the MOU, such as the continued relevance of different data exchanges, on a biennial basis starting in fiscal year 2022. It also identifies parties responsible for conducting these reviews and establishes deadlines for completing them, steps that will help assure reviews are completed within the specified timeframes, as GAO recommended in May 2020. SSA's actions will better position SSA to more effectively manage its benefits programs.
Social Security Administration The Commissioner of Social Security should, in collaboration with the Commissioner of Internal Revenue, clearly define the data elements they exchange with IRS. (Recommendation 12)
Closed – Implemented
SSA agreed with GAO's May 2020 recommendation and has taken steps to clearly define data elements exchanged with the IRS. In October 2020, SSA and IRS finalized a joint update to the Combined Annual Wage Reporting (CAWR) Memorandum of Understanding (MOU) that included an exhibit (updated in June 2021) that defines data elements exchanged between the agencies as part of the CAWR process, including personnel responsible for overseeing these transfers, and processes for managing transaction errors. Additionally, as of October 2021, IRS and SSA have defined common terms in other publications, and the agencies plan to reference those definitions in the next MOU update. This will provide SSA the opportunity to use data more effectively to identify fraudulent or otherwise inaccurate earnings.

Full Report

GAO Contacts

Rebecca Shea
Director
Forensic Audits and Investigative Service

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Best practicesEmploymentIdentity theftIdentity verificationPayroll recordsPersonal identity verificationSocial security numbersSocial security numberTax returnsTaxesTaxpayersWages