Wednesday, May 9, 2012

The number of identity theft-related incidents on tax returns reached about 248,000 in 2010, about five times more than in 2008

Insurance News - House Ways and Means Subcommittee on Oversight and Social Security Hearing:

'via Blog this'> An OIG investigation of a Colorado man revealed that he employed individuals so he could obtain names and SSNs of long-deceased individuals from a genealogical website. The man then fabricated employment records and instructed others to use the obtained names and SSNs and false employment information to create fraudulent tax returns, which were submitted to the IRS online. To determine deceased individuals' SSNs, the man said he compared data available from the public Internet site with a certain State's death data. A judge sentenced the man to 46 months in prison for SSN misuse, making false claims, and wire fraud; and ordered him to pay more than $282,000 in restitution to the IRS.




Today, each DMF record usually includes the following: SSN, full name, date of birth, and date of death. Therefore, even with SSA's recent changes, the DMF still contains more information than required by the Consent Judgment in Perholtz. The file contains about 86 million records, and it adds about 1.1 million records each year.
SSA provides the DMF to the Department of Commerce'sNational Technical Information Service (NTIS), a clearinghouse for scientific and technical information, which, in turn, sells the DMF to public and private industries--government, financial, investigative, credit reporting, and medical customers. Those customers use the data to verify death and prevent fraud, among other uses. SSA also currently distributes all death information it maintains, including State death records, under agreements with eight government agencies, including the IRS and the Centers for Medicare & Medicaid Services. SSA provides this death information to the IRS weekly. SSA also providesIRS a weekly file that includes the names and SSNs of newborns, as well as their parents' names and SSNs.
Criminal Use of Public Death Records
The DMF has important and productive uses. For example, medical researchers and hospitals track former patients for their studies; investigative firms use the data to verify deaths related to investigations; and pension funds, insurance companies, and government entities need to know if they are sending payments to deceased individuals. In addition, the financial community and Federal, State, and local governments can identify and prevent identity theft by running financial and credit applications against the DMF. However, the form in which the DMF is currently distributed provides opportunity for individuals to misuse SSNs and commit identity theft.
These OIG investigations show how individuals can use available death data to obtain SSNs and commit fraud:
> In August 2010, we began investigating about 60 fraudulent retirement benefit claims that used the name, SSN, and date of birth of individuals who died decades ago. We determined that the PII used to file the fraudulent claims was available to the public through a genealogical website. The OIG and other law enforcement agencies identified suspects in the case and executed search and arrest warrants; however, the main suspect took his own life before he was taken into custody. His two accomplices, both relatives of his, were indicted and pled guilty to the charges. A judge sentenced the two individuals to 20 months' and 25 months' incarceration followed by deportation from the U.S., and one was ordered 







> An OIG investigation of a Colorado man revealed that he employed individuals so he could obtain names and SSNs of long-deceased individuals from a genealogical website. The man then fabricated employment records and instructed others to use the obtained names and SSNs and false employment information to create fraudulent tax returns, which were submitted to the IRS online. To determine deceased individuals' SSNs, the man said he compared data available from the public Internet site with a certain State's death data. A judge sentenced the man to 46 months in prison for SSN misuse, making false claims, and wire fraud; and ordered him to pay more than $282,000 in restitution to the IRS.

Local TV Commercials
According to news media reports, in December 2011, this genealogical website said it would no longer display the Social Security information for anyone who has died in the last 10 years; the site also said it would place its Social Security Death Index behind a pay wall and only allow access to the index to family history researchers.
The Congress has recognized the seriousness of this issue, as current bills for consideration address access to the DMF. In November 2011, Chairman Johnson and several members of the Subcommittee onSocial Security introduced the Keeping IDs Safe Act, which would end the sale of the DMF. The bill would help protect the death data of all number holders. My office also supports an exemption to the bill that would allow government and Federal law enforcement agencies--like the OIG--to access the DMF to combat fraud.
Reviews and Recommendations
The OIG recognizes that limiting or discontinuing the DMF's availability is ultimately a legislative and policy decision for theCongress and SSA to make. Even so, my office has long taken the position that to the extent possible, SSA should limit public access to the DMF that required by law, and take all possible steps to ensure its accuracy. We have made several recommendations to this effect.
Our March 2011 report, Follow-up: Personally Identifiable Information Made Available to the Public via the Death Master File, examined whether SSA took corrective actions to address recommendations we made in a June 2008 report on the DMF. In the June 2008 report, we determined that, from January 2004 through April 2007, SSA's publication of the DMF resulted in the potential exposure of PII for more than 20,000 living individuals erroneously listed as deceased on the DMF. In some cases, these individuals' PII was still available for free viewing on the Internet--on ancestry sites like genealogy.com andfamilysearch.org--at the time of our report.
In the March 2011 report, we found SSA did not take actions on two of our recommendations. SSA did not implement a delay in the release of DMF updates, as the Agency indicated that public and private organizations rely on the DMF to combat fraud and identity theft. According to SSA, those organizations must have immediate and up-to-date information to be effective. The Agency also did not attempt to limit the amount of information included on the DMF, and it did not explore alternatives to the inclusion of an individual's full SSN, citing the Perholtz consent judgment and potential litigation under FOIA. SSA added that a deceased individual does not have a privacy interest, according to FOIA.
Our follow-up audit work indicated that between January 2008 andApril 2010, SSA published at least 35,000 living numberholders' PII in the DMF. According to SSA, there are about 1,000 cases each month in which a living individual is mistakenly included in the DMF. SSA said that when the Agency becomes aware it has posted a death report in error, SSA moves quickly to correct the situation, and the Agency has not found evidence of past data misuse. However, we remain concerned about these errors, because erroneous death entries can lead to benefit termination and cause severe financial hardship and distress to affected individuals. We also have concerns that DMF update files, some with the SSNs of living individuals, are a potential source of information that would be useful in perpetrating SSN misuse and identity theft. DMF updates can reveal to potential criminals the PII of individuals who are still alive.

30-day Free Trial
Legislative Efforts
We support the prior bipartisan legislative efforts of these Subcommittees to limit the use, access, and display of the SSN in public and private sectors, and to increase penalties against those who misuse SSNs. Most recently, the Subcommittee on Social Securityintroduced the Social Security Number Privacy and Identity Theft Prevention Act of2009. This legislation included new criminal penalties for the misuse of SSNs; criminal penalties for SSA employees who knowingly and fraudulently issue Social Security cards or SSNs; and enhanced penalties in cases of terrorism, drug trafficking crimes, or prior offenses.
The legislation would also expand the types of activities that are subject to civil monetary penalties (CMPs) and assessments under Section 1129 of the Social Security Act. Currently, an individual who misuses an SSN is not subject to a CMP, except in cases related to the receipt of Social Security benefits or Supplemental Security Income. The legislation would authorize the imposition of CMPs and assessments for activities such as providing false information to obtain an SSN, using an SSN fraudulently obtained, or counterfeiting an SSN.
The expanded use of the SSN in today's society has made it a valuable commodity for criminals. In addition to being a lynchpin for identity theft crimes, it also helps an individual assimilate into our society, and in some instances, to avoid detection. The importance of SSN integrity to prevent identity theft and ensure homeland security is universally recognized. Providing enhanced, structured penalties is appropriate to reflect the vital importance of the SSN.
Citizens' Accountability
While government agencies such as SSA have controls in place to protect the SSN and other personal information, individuals must also take basic preventive steps to protect their own information from improper use. We urge everyone to keep Social Security cards in a secure place, shred personal documents, and be aware of phishing schemes, because no reputable financial institution or company will ask for personal information like an SSN via the phone or the Internet. It is also important to protect personal computers with a firewall and updated anti-virus protection.
Additionally, we should all be judicious in giving out an SSN in business transactions, because while it is required for some financial transactions, an SSN is not necessary for everyday transactions, like applying for a gym membership. We can monitor our financial transactions and regularly check our credit reports from the three major credit bureaus. Concerned citizens may also contact SSA at 1-800-772-1213 if they suspect someone is using their SSN work purposes; SSA will review work earnings to ensure its records are correct. Anyone who suspects identity theft should report it to the FTC at 1-877-438-4338; and may need to contact the IRS to address potential tax issues. By knowing how to protect ourselves, and actually taking these important steps, we make life much more difficult for identity thieves.
Conclusion
SSA has a long history of protecting PII, and while current conditions may be the most challenging yet, we are confident SSA will rise to the occasion and address the challenges of today and tomorrow. Identify theft will undoubtedly persist for years to come, because of the reliance on the SSN as a national identifier and advances in technology and communication. Nevertheless, we are committed to ensuring that the information in SSA's records remains safe and secure.

4.05% for 10 Years
While we support efforts to limit public access to this data through legislative or policy changes (such as the Keeping IDs Safe Act), barring such changes, SSA should implement a risk-based approach for distributing the DMF, and the Agency should limit the amount of information included on the DMF. These actions would protect PII and reduce the potential for misuse and abuse of SSNs and identity theft.
Our investigators are committed to pursuing SSN misuse and identity theft cases, and our auditors will continue to offer recommendations to safeguard the SSN and prevent theft of government funds. Finally, we will continue to provide information to your Subcommittees and Agency decision-makers about this critically important issue. I thank you again for the opportunity to speak with you today. I am happy to answer any questions.
Copyright:(c) 2010 Federal Information & News Dispatch, Inc.
Wordcount:2816


No comments:

Post a Comment