Tax season in the United States brings a mix of anticipation and anxiety for millions of hardworking taxpayers. For many, a tax refund is the largest single check they will receive all year. Unfortunately, cybercriminals and scammers are well aware of this fact.
Every year, criminals attempt to steal billions of taxpayer dollars through tax-related identity theft and Social Security Number fraud. This happens when someone steals personal information, most commonly a Social Security Number, to file a fake tax return in another person’s name.
A recent government audit shows that the IRS is actively fighting back. Drawing from a comprehensive TIGTA identity theft report released in May 2026 and covering recent calendar years, this article breaks down how the IRS protects refunds, the tools it uses, and the challenges it still faces.
The Multi-Billion Dollar Shield: A Look at the Numbers
The sheer scale of tax fraud in the United States is staggering, but the IRS has built a formidable defense system. The agency’s primary goal is to prevent tax identity theft before a single penny leaves the Treasury.
The recent report reveals that these efforts are highly successful.
| Metric | Result |
| Fraudulent refunds prevented | $7 billion |
| Suspicious returns flagged in 2024 | 4.4 million |
| Refunds those 2024 returns attempted to claim | $42.5 billion |
| Confirmed identity theft in 2024 | 185,000 returns |
| Taxpayer funds protected in 2024 | $4.2 billion |
| Suspicious returns flagged in 2025 | 3 million |
| Confirmed identity theft in 2025 | 144,000 returns |
| Taxpayer funds protected in 2025 | $2.8 billion |
These massive numbers highlight why identity theft prevention remains a top priority for tax administrators.
Inside the Machine: How the IRS Catches Fraud
The IRS processes more than 163 million legitimate tax returns every year, and it uses automated fraud detection methods to spot the fake ones.
In the 2025 filing season, the IRS used 76 distinct identity theft filters. These filters work like digital tripwires. They are programmed to look for patterns, thresholds, and characteristics commonly associated with known identity theft.
Because the IRS uses these filters during return processing and before money is paid out, the approach is known as prerefund identity theft detection.
The agency constantly updates and refines these filters as fraud schemes change. For example, during the 2024 processing year, the IRS saw a major spike in potential identity theft tied to specific data on tax returns. By updating one filter, the number of returns flagged for that type of fraud jumped 237%, from 78,000 in 2023 to 263,000 in 2024.
The Balancing Act: Catching Crooks vs. Bothering Taxpayers
Aggressive fraud prevention saves billions, but it also creates false positives. When digital filters are set tightly enough to catch criminals, some innocent taxpayers get flagged too.
Historically, the percentage of legitimate returns caught by identity theft filters has been high. Between 2018 and 2022, an average of 59% of the returns flagged by the system were actually legitimate. In 2024, the identity filters flagged 2.4 million legitimate returns, causing refund delays for those taxpayers.
To manage flagged returns, the IRS uses two main approaches:
- Independent resolution: The IRS runs secondary checks to see whether a flagged return appears safe. If the return looks legitimate, it is released for normal processing without taxpayer involvement. In 2024 and 2025, the IRS resolved 955,000 flagged returns this way.
- Taxpayer authentication: If the IRS cannot confidently verify the return, it freezes the refund and sends an identity verification notice. In 2024, the IRS sent 3.7 million notices, followed by another 2.8 million in 2025.
If you receive one of these letters, you will need to prove your identity. Most taxpayers do this through their IRS online account, but verification can also be done by phone, mail, or in person at a Taxpayer Assistance Center.
Once identity is successfully verified, the delay is usually not too long. For taxpayers who authenticated themselves in 2023 and 2024, the average time for the IRS to post the return and process the refund was just 13 days, assuming no other tax issues were found.
When the Worst Happens: Dealing with Actual Identity Theft
If you receive an identity verification letter but have not filed a return, or if you try to file your legitimate return and the IRS says one has already been filed under your Social Security Number, you are officially dealing with identity theft.
Once a fraudulent return posts to a taxpayer’s account, the case is sent to the Identity Theft Victim Assistance program. These cases are complex and require detailed manual review; the IRS IDTVA backlog creates serious delays.
According to the Taxpayer Services Division, the current average resolution time is 18 months. That means victims may wait a year and a half for their accounts to be corrected and their refunds to be released.
A short delay for a false positive is annoying. An 18-month identity theft case is much worse.
Teamwork Makes the Dream Work: The ISAC Partnership
The IRS works through a collaborative network called the Information Security Analysis Center, or ISAC. This partnership includes state tax agencies, financial services companies, and tax industry officials.
ISAC acts like an early warning system. Partners share alerts about new fraud schemes and methods that criminals are using.
In Fiscal Year 2025, the IRS received 312 alerts through the ISAC portal. About 30% of those alerts led to direct IRS action, such as building new identity theft filters or targeting specific accounts.
The partnership has had a measurable impact. In Fiscal Year 2024, alerts from external partners helped the IRS stop $9.2 million in confirmed fraudulent refunds and identify another $49.3 million in potential identity theft. Since the program began in 2017, the IRS estimates that ISAC has helped protect nearly $277.7 million in taxpayer money.
The Blind Spot: The March 31 Deadline Loophole
Even with strong filters and partnerships, the IRS still has a major blind spot that criminals exploit.
To verify whether a return is truthful, the IRS needs to cross-check the information on the return against data submitted by employers and financial institutions, such as W-2s and 1099s.
Employers must submit Form W-2 by January 31. However, other key forms, specifically Form 1099-R and Form W-2G, are not due until March 31.
When filing season opens in late January, the IRS is missing critical data for pension and gambling income. Criminals know this and use fabricated 1099-R and W-2G data to file fake returns before the IRS can verify them.
| Filing category | Missing third-party data by mid-April 2024 | Refunds claimed |
| Form 1099-R income | 75% (15 million returns) | Over $46 billion |
| Form W-2G gambling winnings | 77% (1 million returns) | $3.6 billion |
Because of this data gap, questionable returns can slip through the first layer of defenses.
TIGTA has recommended that the IRS work with the Treasury Office of Tax Policy to request legislation that would move information-return deadlines earlier in the year. The IRS agrees with that recommendation. If the loophole is closed, the agency estimates it could protect an additional $944 million in taxpayer funds between 2025 and 2034.
Looking Forward
As criminals become more sophisticated, the IRS is working hard to ensure that its digital defenses stay one step ahead. By constantly tweaking their filters, partnering with the private sector through the ISAC, and pushing for earlier access to critical financial data, the IRS is building a stronger wall around your tax refund.
FAQs
How does the IRS detect tax-related identity theft?
The IRS uses automated identity theft filters and the Taxpayer Protection Program (TPP) to screen returns. In 2024–25, these filters flagged approximately 7.5 million returns for review, preventing over $7 billion in fraudulent refunds.
What is the IRS Taxpayer Protection Program (TPP)?
Established in 2012, the TPP is the IRS’s primary tool for identifying suspected identity theft during return processing. When suspicious activity is flagged, the IRS halts processing and sends a verification notice to the taxpayer.
How long does it take the IRS to resolve an identity theft case?
As of 2025, the average identity theft case takes about 20 months to resolve, according to the National Taxpayer Advocate, though new cases filed after July 2024 are being resolved in an average of 100 days.
What is an IRS Identity Protection PIN (IP PIN)?
An IP PIN is a 6-digit number issued by the IRS that prevents someone else from filing a tax return using your Social Security Number. As of July 2024, over 10.4 million taxpayers had obtained one. Taxpayers can enroll through the IRS website.
Is overtime pay tax-free under the new IRS rules?
Not entirely. Under the One Big Beautiful Bill Act (signed July 2025), eligible FLSA-covered workers can deduct up to $12,500 ($25,000 for joint filers) in qualified overtime compensation from federal taxable income for tax years 2025–2028. Social Security and Medicare taxes still apply.
Who qualifies for the no-tax-on-overtime deduction?
W-2 employees who are non-exempt under the Fair Labor Standards Act (FLSA) and whose modified adjusted gross income is under $150,000 (single) or $300,000 (married filing jointly) qualify. The deduction is claimed on Schedule 1-A when filing the 2025 tax return.
Why doesn’t the IRS catch all identity theft before issuing refunds?
TIGTA found that during the 2024 filing season, the IRS lacked information return data (like Forms 1099-R and W-2G) for millions of returns when the filing season opened in January because those forms are not due until March 31. This gap allowed potentially fraudulent refunds to go undetected.
