The IRS established the Taxpayer Protection Program (TPP) to proactively identify and prevent the processing of identity theft tax returns and assist taxpayers whose identities are used to file such returns. However, as part of the TPP process to identify potential identity theft returns, many legitimate taxpayer returns are also selected. When this happens, it is considered to be a “false positive.” Taxpayers selected by this process must contact the IRS to authenticate their identity and confirm that they filed the return so that the TPP can issue their refund.
One of the following letters will be sent to the taxpayer advising them to contact TPP to authenticate their identity:
- A Letter 4883C, Potential Identity Theft during Original Processing – issued on accounts for returns filed with an address in the United States.
- A Letter 5447C, Potential Identity Theft during Original Processing; Foreign Address – issued on accounts for returns filed with an address outside the United States
- A Letter 5747C, Potential Identity Theft during Original Processing
- Letter 5071C, Potential Identity Theft During Original Processing with Online Option – this letter is being issued for accounts meeting specific criteria. The letters will provide a web address to the Identity Verification Service (idverify.irs.gov) landing page located via the IRS.gov website. The letter and the website instruct the taxpayer to use the id verify website if they did not file a tax return. The letter and the website advise the taxpayer to contact the IRS using the TPP toll-free number, which is listed in the letter if they filed a return. If caller states they had issues with the website, were confused with the process, or had other concerns with responding to the questions, apologize for the inconvenience and continue with the authentication process. Responses to the Letter 5071C should be resolved using the instructions for the Letter 4883C.
To detect and prevent Identity Theft(IDT) refund fraud, IRS has developed tools and programs, including:
- IDT filters: IRS uses automated filters that search for IDT refund fraud characteristics to identify suspicious returns during processing and to confirm taxpayers’ identities before issuing refunds. These characteristics are based on both IRS’s knowledge of previous refund fraud schemes and clusters of returns with similar characteristics.
- Taxpayer Protection Program The Taxpayer Protection Program (TPP) reviews returns that are flagged by IRS’s IDT filters. IRS asks taxpayers to authenticate their identities—either online or by phone—by answering questions that a legitimate taxpayer is likely to know, such as previous addresses, mortgage information, and data about family members. If the taxpayer fails to authenticate himself online or by phone, the IRS instructs the respondent to authenticate his identity in person at an IRS Taxpayer Assistance Center.
- Identity Protection Personal Identification Number (IP PIN): IP PINs are single-use identification numbers sent to IDT victims who have authenticated their identities with IRS. If a return is electronically filed (e-filed) for a Social Security Number assigned an IP PIN, it must include the IP PIN or else IRS will reject the return. If a paper return has a missing or incorrect IP PIN, IRS delays processing the return while the agency determines if it was filed by the legitimate taxpayer.
Of the 650,000 filers who responded to TPP notification letters last year, 450,000 (69 percent) attempted remote authentication—online or by phone—whereas 200,000 (31 percent) claimed to be victims of Identity Theft (IDT) who had not filed the selected returns. To pass remote authentication, filers must first complete “identity proofing” by providing basic identifying information such as their names and dates of birth. Next, they are asked to answer knowledge-based authentication questions obtained from a third-party provider. Examples of authentication questions are “Who is your mortgage lender?” or “Which of the following is your previous address?” If filers pass knowledge-based remote authentication, then IRS releases those filers’ returns for further processing before issuing refunds. If filers cannot pass, IRS will not issue a refund unless those filers pass in-person authentication or IRS receives information return documents from third parties, such as W-2s, that match filers’ return data.