14
Dec 15

Don’t Be a Victim of Tax Refund Fraud in ’16

With little more than a month to go before the start of the 2016 tax filing season, the IRS and the states are hunkering down for an expected slugfest with identity thieves who make a living requesting fraudulent tax refunds on behalf of victims. Here’s what you need to know going into January to protect you and your family.

The Growing Tax Fraud MenaceThe good news is that the states and Uncle Sam have got a whole new bag of technological tricks up their sleeves this coming tax season. The bad news is ID thieves are already testing those defenses, and will be working against a financially strapped federal agency that’s been forced to cede much of its ability to investigate and prosecute such crimes.

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.

By all accounts, the IRS has improved at blocking phony refund requests. The agency estimates it prevented $24.2 billion in fraudulent identity theft refunds in 2013. Trouble is, it paid out some $5.8 billion in fraudulent refunds that year that it later determined were bogus, and experts say that is only the fraud the agency knows about, and the true number is likely much higher annually.

Perhaps in response to the IRS’s increasing ability to separate phony returns from legitimate ones, crooks last year massively focused on filing bogus refund requests with the 50 U.S states. To head off a recurrence of that trend in the 2016 filing season, the states and the IRS have hammered out an agreement to examine more than 20 new data elements collected by online providers like TurboTax and H&R Block.

Those new data elements include checking for the repetitive use of the same Internet address to rapidly file multiple returns, and reviewing computer device information (browser user agent string, cookies e.g.) tied to the return’s origin. Another check involves measuring the time it takes to file a return; fraudsters involved in tax refund fraud tend to breeze through returns in just a few minutes because they are generally copying and pasting information into the tax forms, or relying on an automated program to do it for them.

The hope is that the these new checks will let investigators more accurately flag suspicious refund requests processed by tax preparation firms, which also have agreed to beef up lax security around customer accounts. Under the agreement, online providers will enforce:

  • new password standards to include a minimum of eight characters, with upper, lowercase, alphanumerical and special characters;
  • a lock-out feature that blocks users with too many unsuccessful login attempts;
  • the addition of three security questions;
  • some sort of out-of-band verification for email addresses — sending an email or text to the customer with a personal identification number (PIN).

Julie Magee, Alabama’s chief tax administrator, said the state/IRS task force opted not to disclose all 20 of the data elements they will be collecting from tax prep firms.

“The thieves are going to figure these out on their own, and they’re already testing our defenses,” Magee told KrebsOnSecurity. “We don’t want to do anything to make that easier for them.”

ANALYSIS

Whether or not we see an increase in tax refund fraud next year, one thing seems certain: the IRS will prosecute far fewer of the crooks involved. Congress has persistently underfunded the IRS, and budget cuts have pushed prosecutions of identity thieves to a new low. According to the IRS’s 2015 Annual Report, IRS identity theft criminal investigations are down almost 50 percent since 2013.

irs-idtheftprosecutions13-15

Tax fraudsters were so aggressive last year that they figured out how to steal consumer identities directly from the agency itself. In August 2015, the IRS disclosed that crooks abused the “Get Transcript” feature on its Web site to steal Social Security numbers and information from previous years’ tax filings on more than 334,000 Americans.

The IRS has responded to the problem of tax ID theft partly by offering Identity Protection PINs (IP PINs) to affected taxpayers that must be supplied on the following year’s tax application before the IRS will accept the return. However, consumers still have to request an IP PIN by applying for one at the agency’s site, or by mailing in form 14039 (PDF).

Incredibly, the process that thieves abused to steal tax transcripts from 334,000 taxpayers this year from the IRS’s site also works to fraudulently obtain a consumer’s IP PIN. In fact, the following redacted screen shot from a notorious cybercrime forum shows a seasoned tax fraudster teaching would-be scammers how to use the IRS’s site to obtain a victim’s IP PIN.

ippin

Both the Get Transcript and the process to retrieve an IP PIN from the IRS’s site are vulnerable because they rely on the applicant supplying static information that is trivial for thieves to obtain, including the taxpayer’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifax that asks four so-called “knowledge-based authentication” (KBA) questions.

These KBA questions — which involve multiple choice, “out of wallet” questions such as previous address, loan amounts and dates — can be successfully enumerated with random guessing, but much of the data is readily available via free online social networking and consumer tracking services like Spokeo.

If any readers here doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the U.S. Senate Commerce Committee. This information is no longer secret (nor are the answers to KBA-based questions), and we are all made vulnerable to identity theft as long as institutions continue to rely on static information as authenticators.

My guess is that a huge chunk of 334,000 victimized via the IRS’s site this year probably will not request the IP PIN and will in fact have fraudulent tax returns filed with their info — whether they request the IP PIN and it is stolen or not. The IRS should just issue the IP PINs to affected taxpayers, instead of asking victims to do it themselves.

Incidentally, the IRS’s Twitter account is still promoting the online Get Transcript capability, even though it no longer offers the service online. For now, the only way to obtain a transcript is via snail mail.

IRS's Twitter account urging followers to use a service that hasn't been available for months.

IRS’s Twitter account urging followers to use a service that hasn’t been available since May 2015.

DON’T BE THE NEXT VICTIM

In notifying 334,000 taxpayers affected by its Get Transcript debacle, the IRS predictably offered victims free credit monitoring services from Equifax. The IRS makes no mention of a more effective way to block ID thieves: Placing a “security freeze” on one’s credit files with the major credit bureaus. See this tutorial about why freezes are more effective than credit monitoring in blocking ID thieves from assuming your identity to open up new lines of credit.

While it’s true that having a security freeze on your credit file won’t stop thieves from committing tax refund fraud in your name, it would stop them from fraudulently obtaining your IP PIN. Also, anyone who has a freeze in place will need to temporarily lift that freeze to take advantage of any credit monitoring services (in this case, the consumer would need to briefly thaw a freeze at Equifax).

-File before the fraudsters do it for you – Your primary defense against becoming the next victim is to file your taxes at the state and federal level as quickly as possible after the 2016 Tax Filing Season begins — which is usually the second or third week in January. Remember, it doesn’t matter whether or not the IRS owes you money: Thieves can still try to impersonate you and claim that they do, leaving you to sort out the mess with the IRS later.

-Get on a schedule to request a free copy of your credit report. By law, consumers are entitled to a free copy of their report from each of the major bureaus once a year. Put it on your calendar to request a copy of your file every three to four months, each time from a different credit bureau. Dispute any unauthorized or suspicious activity. This is where credit monitoring services are useful: Part of their service is to help you sort this out with the credit bureaus, so if you’re signed up for credit monitoring make them do the hard work for you.

Monitor, then freeze. Take advantage of any free credit monitoring available to you, and then freeze your credit file with the four major bureaus. Instructions for doing that are here.

-File form 14039 and request an IP PIN from the government. This form requires consumers to state they believe they’re likely to be victims of identity fraud. Even if thieves haven’t tried to file your taxes for you yet, virtually all Americans have been touched by incidents that could lead to ID theft — even if we just look at breaches announced in the past year alone.

FIGHT BACK

Thieves involved in tax return fraud may be laughing all the way to the bank, but that doesn’t mean we have to suck it up and take it: Exercise your rights to obtain a copy of the phony return, and you may just help put crooks in jail.

If you become of the victim of tax fraud and are motivated to learn who helped to defraud you and Uncle Sam, you can file form 4506 (plus a $50 fee) to get a copy of the return. That information can be shared with your local police, who may be able to use to track down people who help launder the proceeds from tax refund fraud.

Earlier this year, I wrote about Isha Sesay, a Pennsylvania woman who was arrested for receiving phony IRS refunds on behalf of at least two tax fraud victims. Among Sesay’s victims was resident Mike Kasper, whose request for the filing led to Sesay’s arrest. Kasper’s hard work helped expose the IRS’s pervasive authentication weaknesses and later testified to Congress about his ordeal. Sesay is currently scheduled to plead guilty (PDF) to the charges on Dec. 18.

Turns out, Kasper’s sleuthing was key to Sesay’s prosecution. When he found out he’d been victimized, Kasper requested the copy of returns that fraudsters filed in his name, but he did so before filing form 14039 to request an IP PIN.  Had he done it in the opposite order, the IRS would have redacted all of Ms. Sesay personal and financial information.

Poughkeepsie, NY victim Michael Kasper testifying before the Senate Homeland Security Committee in June 2015.

Poughkeepsie, NY victim Michael Kasper testifying before the Senate Homeland Security Committee in June 2015.

In testimony before the Senate this year, IRS Commissioner John Koskinen explained the reasoning behind that decision: A fraudulent return could include the personal information of other people. The end result is that it is better to file form 4506 and pay $50 to request a photocopy of the fraudulent return before you file form 14039 to formally report the fraud.

“There is a section 6103 of the US code that imposes stiff criminal penalties for sharing tax return information  and the IRS’s tortured view of reality interprets this law, which is intended to protect personal information, so that once you report fraud and they know some information on the return might not be yours, they believe it is against the law for them to ever share that information with you,” Kasper said.

“As a result, when they recently created the process above for victims to get a copy of the fraudulent tax returns filed in their name, the IRS decided they need to redact any personal info that could possibly belong to a criminal,” Kasper continued. “They do everything they can to protect the privacy of the criminal who already violated your privacy. You actually lose all of your rights once you report the crime so it’s better to wait.”

Tags: , , , , , , ,

62 comments

  1. The IRS PIN number site has been shut down until mid January. So the link above will get you to the site, but you can’t request a PIN now.

  2. Would you recommend an IRS pin? Should one obtain a pin even if id theft did not happen?

  3. Great article! Just filed a From 14039 for myself. Is it advisable to file the same for a deceased spouse? Also, if you have an accountant prepare return and e-file is a PIN already set up?

  4. My husband and I were in the 334,000 customers in the IRS breach. We’ve frozen our credit, filed police reports, done everything we’re supposed to. After filing the PIN request form with the IRS, we received letters in September telling us we were approved for the PIN #s and they would be coming by snail mail in December. It’s mid-December and we have not received anything yet. As for filing by the end of January, we can’t because we won’t have everything we need from our employers to do so. Why do they make a law that employers, banks, etc. have until 1/31 to mail stuff out but they allow people to file a week or two before that … I’ll never understand. I am mentally preparing myself for the worst in 2016, making 2015 look easy.

    • Same boat. My understanding is the IP PIN snail mail will come late December. I will not apply online (personally happy it is not accessible online for now), I WANT that to come to me as paper, because it locks in my address to its receipt.

      • I agree, I don’t want anything coming by way of online from the IRS. After this whole mess because of their lack of securing our personal information, any amount of trust I had is gone.

    • wow, makes you wonder if they take kickbacks…

    • Having all the “paperwork” to file an official tax form makes too much sense (how else are criminals going to be able to file criminal returns if the are allowed to file ANYTIME; but legal returns CAN’T be files anytime. Criminal- non-crime™ — crime is allowed-even though it’s criminal, it’s a recurring theme in crime-non-crime tied to the internet).

  5. The thing I hate the most about this process is that it is usually not possible to file in late January; I also don’t think it’s a reasonable thing to recommend. The deadline for brokerage services to provide these forms is February 1st but of course if you are using Turbotax’s automated retrieval options, that service may not even be ready until mid-February for a slow brokerage. I usually try to file as early as possible and I’ve still never been able to successfully file in February.

    • just fudge the numbers, the IRS is a criminal gang.

    • File fast, amend later.

      • Amended returns are a flag for audit.
        Yes, the chances are still very low for an audit, but still a flag.

    • Agree that early filing is not an option for people with certain (even small) investments held in brokerage accounts (e.g., stocks, mutual funds). Another example of government working at cross-purposes with itself. More stringent cost basis reporting requirements from investment firms takes much more time (I didn’t get statements until March), which works against security imperatives.

  6. The “data points” collected by the IRS and states during filing are laughable at best. There’s no standard, both because the IRS refuses to set one and the states refuse to adhere to one, and no one at any of the agencies bothered to determine if any of the data recorded is truly traceable and actionable.

  7. With 22 million people affected by OPMs data breach, plus numerous other data breaches, it’s time to abandon the SSN. Replace it with something like a 128 bit PIN. Secure all government – personal online transactions with digital signing. Since many people will resist change, phase this in, placing new accounts at the head of the list, with people at risk of identity theft next.

    • It seems to me that doing personal ID should be done like the card companies used to a few years ago, where a fake card number was issued for each merchant the card holder did business with – if that card attempted to pay out to any one other than the assigned merchant, then it was blocked by the issuing company. This worked great, until the card company I was using decided their other authentication services were working as well, and dropped the scheme.

      Seems like the IRS could do the same, by issuing a fake ID number, or a pseudo personality profile, and any payment that doesn’t go to the original owner is blocked.

      • +1

        It’s a bit of a hassle, but, I think this is probably the best way to go.

        Doing this would require the IRS (or equivalent) to become *the* big target. Since anyone trying to work anywhere would have to provide an EIN+ their SSN to get a psuedo-SSN in order to give it to their employer.

        In this model, criminals would have to visit the IRS to generate these pSSN’s…

        The faster fix is to delay the refund issuing process until after the IRS has the necessary W2/W4 forms from employers.

        • Except that would require an act of congress, since an earlier act of congress pretty much requires them to issue refunds before the paperwork has come in.

          Not sure if you’ve paid attention to what congress has been doing lately, but if it’s a task that’s legitimately useful, they’ll get to it roughly around the time they’re kicked out of office and replaced by someone competent.

  8. Twice I have requested a PIN just to prevent being a victim. Twice I have received a form letter telling me how to avoid identity theft and no PIN. You can follow the advise but you can’t make a bureaucracy like the IRS cooperate. The second time I even sent a police report of attempted identity theft.

    • Similar result here. After having my main credit card lifted three times, and being a victim of the BCBS breach, I filed for a PIN. They sent me the same notice that you received with no mention of my PIN. So I froze my credit. And then came the OPM breach…
      Not sure if I should bother to file again or not. Someone (here) speculated (last spring) that the IRS would only give a PIN to a person who had filed a police report (due to not wanting to deal with a bunch of people losing their PINs and tying up IRS resources at the most busiest time of the year).
      Pretty much setting us all up for failure…

    • The Form 14039, itself doesn’t mention it’s for an IP PIN. It says if “…you would like the IRS to mark your account to identify questionable activity”.

  9. Hey Brian — reading your “how to freeze your credit” age, it jumps out how the system pushes the costs and hassle onto the consumers. I’d love for you write an Oped somewhere along the lines of “how credit freeze should work”, reducing the costs on consumers, but with a mechanism so people can, say, go car shopping on a whim. Some sort of cell number callback scheme. Doesn’t seem that hard.

  10. As a foreigner with taxes in my European country I don’t understand 2 points. First, how exactly US taxpayers identify with website, don’t they use separate hardware tokens/cards like e-id? Second, how thieves actually get money, aren’t banks supposed to identify a person attempting to get cash/transfer money from the account?

    • Vladimir, in the US, there is no universal citizen identity document required. It is a hodge-podge of account “identifiers” that are – by law – restricted only for the purposes of the agency that requires them to perform its function. So there is no mandatory “e-id” credential and our Congress has not (and likely never will, due to the whole “Papers, Please!” libertarian zeitgeist we have here), along with the 4th Amendment. That’s why the official position here is that a person’s SSN is explicitly forbidden to be used by any *government* agency other than the SSA itself, unless by explicit law granting another agency such use (i.e. the IRS has such power). However, such laws offer no preventative or governance over non-government entities like banks, credit bureaus, insurance companies, etc.

      In short, it’s a mess, and there isn’t a way out of it anytime soon. Our SSN was never designed to be anything more than an identifier, and absolutely not some sort of “secret” or worse, an authentication mechanism. But it is the closest thing that all US citizens have to a universal taxpayer ID – due to the fact that your Social Security benefits are tied to the taxes you pay. Technically, there is nothing preventing the IRS from adopting its own taxpayer identity system and then doing its own mapping internally to your SSN. It already does this today with “Taxpayer IDs” for non-persons like corporate entities and non-citizens (who pay taxes, but don’t necessarily receive or qualify for SS benefits).

  11. “[IRS does] everything they can to protect the privacy of the criminal who already violated your privacy” How true! I was one of those who had someone else file my 2015 tax return fraudulently. However, what was most disheartening was the response when I went to the local IRS office to ask for a transcript of the fraudulently filed tax return (that is, the tax return with my and my wife’s and my children’s SSN#s on it) — I wanted the transcript so that I could see how my tax return had been misrepresented. The IRS agent asked whether I had personally filed the tax return that I was requesting. I responded “No” (since that’s why it was a fraudulent tax return). I was then told specifically by the IRS agent that “since I didn’t file the tax return, they can’t give me a transcript of the [fraudulently filed] tax return because of privacy reasons”. I was prepared for just about anything else – but I was not prepared for the IRS to protect the “privacy” of the person who fraudulently filed my tax return.
    It was also a complete surprise that the IRS did not check the fraudulent return against my W2 before sending out the refund — the fraudulent return claimed, on line 7 of the 1040, an amount $20,000 than my W2.

    • …the fraudulent return claimed, on line 7 of the 1040, an amount $20,000 less than my W2.

    • PC, the IRS agent asked you the wrong question. That’s not what the form requests for authorization. It asks if you are the taxpayer named on the tax return, not who filed the form, nor whether that person had authorization to file on your behalf (such as a tax preparer). Read the form instructions carefully, and pay attention to the fine print. The IRS certainly isn’t looking out to protect either you, me, or the rest of the US taxpayers – only to follow orders.

      • Michael, I appreciate your distinction and will keep that in mind in the future. At the time, it caught me completely off guard since I would have never anticipated a response like that (btw, the IRS agent’s response was also supported by the IRS manager at that office).

  12. The link to IRS Form 4506 actually goes to Form 4506-T, which is a request for your return’s transcript which indicates filing dates and such. Form 4506 is for the return itself, but will not include filing date and such. Form 4506 is the one that requires the fee. I don’t know if you need to file a 4506-T in order to obtain the filing date if it is required in filing out the regular Form 4506.

    Also, the 4506-T only requires that the person requesting the transcript be the *taxpayer* in question, not that they be the person that filed the tax return (i.e. the fraudster). The IRS would only prevent you from obtaining your own tax return if you mistakenly identify yourself as a third party. So don’t do that.

  13. awesome article. should of put “Remember, it doesn’t matter whether or not the IRS owes you money: Thieves can still try to impersonate you and claim that they do, leaving you to sort out the mess with the IRS later. ” in bold, alot of people don’t get that.

  14. I filed IRS form 14039 and got back a letter saying they’ve flagged my account as being one who was subject to identity theft (OPM breach), but that I still needed to go online to request a PIN…and the site is unavailable until mid-January, and I needed to unfreeze Experian. Geeze, IRS, not helpful at all. Why didn’t you just send me the PIN like I had requested by filing the form? And now I have to unfreeze Experian just to request the PIN? What was the point of sending the IRS form and a copy of my Passport to Andover, ME then? GRRRR……

  15. Here is another interesting nugget: https://www.wyden.senate.gov/download/?id=6c9cd25c-28d1-4cda-9199-04a15c0b5d33&download=1

    IRS use of cell-site simulation technology is limited to the federal law enforcement arm of the IRS, our Criminal Investigation (IRS-CI) division. Only trained law enforcement agents have used cell-site simulation technology, carrying out criminal investigations in accordance with all appropriate federal and state judicial procedures.

    IRS-CI possesses one cell-site simulator, procured in October of 2011. IRS-CI first deployed the cell-site simulator in early 2012. In July 2015, IRS-CI began the process of procuring an additional cell-site simulator, but as of this date, it has not been received.

    IRS-CI used the simulator in support of eleven federal grand jury investigations – in particular, Stolen Idenficiation Refund Fraud and money laundering investigations – led by the US Attorney’s Office (USAO), which provided oversight and guidance in obtaining appropriate authorization, such as court orders and/or tracking warrants. IRS-CI tracked 37 cellular devices as part of these investigations.

    • “IRS-CI tracked 37 cellular devices as part of these investigations.”… that they have admitted to. But everyone within range of these cell-site-simulators had their calls disrupted when it forced a connection to their phones as well, and we will never know how many of those were emergency calls. Is anyone over there capable of thoughtful and proportionate use of technology, or that just too much to ask?

      • What I have wondered is how calls placed via these cellsite simulators appear in phone company records. In the event of an unconnected criminal case where cell records are pulled for another phone, I wonder if it causes an incorrect location to be indicated or implied. This could lead to incorrectly convicting or clearing someone of a crime.

  16. I got a form in the mail from the IRS yesterday asking me to confirm my address.

    That’s all it asked, if yes check a box and sign, if no check a box and fill out the correct address.

    It seems strange that after 40 years of filing taxes, 20 years at this address, that the IRS would not know my address. After reading this thread it has made me wonder if someone filled out a return in my name using a different address.

    Should I check, and if so how?

  17. I too would like to know if one should request a pin if a person’s taxes are filed by a CPA.

  18. From personal experience, the “knowledge-based authentication” you mention may used flawed data or ask for information you are not likely to have. I was once asked which state I had lived in a particular year, but I had lived in three, two of which were on the multiple-choice response. I also was asked the model year of a car I had owned before another car (I assume from registration numbers), but that was back in the 1980s or 1990s when we owned a series of used cars and I had no records. More than a minimum number of errors can block you from setting up online accounts.

  19. The TransUnion link to freeze a credit file referenced in the article is broken. If you go to the main site it appears to offer the freeze as a “service” asking for a credit card. A quick Google Search for “Trans Union Security Freeze” brought up the correct page. I just completed the process with all 4 bureaus. Even with the TU delay it took 15 min. Print out your pins! Here is the site: http://www.transunion.com/credit-freeze/place-credit-freeze

  20. Only the government could be so capable as performing ‘planned’ maintenance for an IRS security service from the blackout dates of Nov2015-to-Jan2016. brilliant!

  21. The TransUnion link is broken for the credit freeze in the referenced post. The new link is http://www.transunion.com/credit-freeze/place-credit-freeze.

    One can find it with a google search of “TransUnion Credit Freeze”. The TU homepage appears to be offering this as a paid for service.

  22. If you own any MLPs it is impossible to file early. The companies send out the K1 forms in March, often late in March.

    • Seems to perhaps be the case with any tax statements related to more “complex”, not sole individual entities.

  23. I’d be perfectly content seeing every member of Congress hit with tax refund fraud if the end result meant the IRS was properly funded and security paid attention to.

    Hell, let the lot of ’em be hit with all kinds of fraud and identity theft. It’s way past the point where this should have been addressed.

  24. How do we beat the bad guy?
    Should IRS go back to old system of mailing the refund check to your registered address and Bank verify the signature before giving you the refund……till we design a full-proof system again, say by next FY.

  25. I believe what the IRS needs is an aggressive push to update their technology to allow automation and near real-time checking of taxpayer records and verification of data.

    It was only in the past couple of years that the IRS took a leap forward with CADE 2 Transition State 1 which allowed returns to process and update from weekly to daily. Subsequently CADE 2 TS1 also allows for refunds to process quicker which could in theory accelerate tax return fraud.

    What the IRS needs is to accelerate the modernization of taxpayer records to allow for information to update in near real-time. What this allows is for controls to be implemented that will vastly reduce fraud. For example, if someone files a tax return with a fake W-2 claiming $1,000 in withholding there is no way for the IRS system to verify that information in real-time. In the ideal world with a modern system, the computer could correlate the W-2 data with the employer filed W-4 and find a mismatch and flag the return as potential fraud.

    The IRS is vastly underfunded and badly needs technology upgrades. It was only in this decade that they transitioned to relational databases. Which has been around for decades.

  26. I had somebody call me just yesterday they said they were from the IRS. They said I owe 2000 + dollars in penalties and fines for the last six years of income tax 1040 forms that there were mistakes on. All six years of forms and you can see the mistakes on the forms in front of you, he says yes, absolutely he said. I said you have all six years worth in front of you? he said yes, I said that’s strange, I haven’t filed a 1040 form in over 10 years.

  27. so is Brian recommending everyone

    -File form 14039 and request an IP PIN from the government

    ?

    i already have a credit freeze, if it aint’ broke yet, i hesitate to do something un-un-doable……etc

  28. Given that the Congress keeps cutting the IRS budget do they really have the resources and personnel to do the job? right? I read audit collections are down a third in five years and thousands of auditors have been eliminated. This has to effect how well they monitor fraud and the ability to stay on top of it.

  29. How about if refunds are not paid out until after the April 15 filing deadline? Any duplicate returns are automatically flagged for review.

    Any return with an extension requested also doesn’t pay out until the extension deadline has passed.

  30. Savvy blog post – I learned a lot from the points . Does someone know where my company could possibly acquire a template IRS W-2 example to fill in ?