II
113th CONGRESS
1st Session
S. 676
IN THE SENATE OF THE UNITED STATES
April 9, 2013
Mr. Nelson (for himself, Mrs. Feinstein, Mr. Schumer, and Mr. Cardin) introduced the following bill; which was read twice and referred to the Committee on Finance
A BILL
To prevent tax-related identity theft and tax fraud.
Short title, etc
Short title
This Act may be cited
as the
Identity Theft and Tax Fraud
Prevention Act of 2013
.
Table of contents
The table of contents of this Act is as follows:
Sec. 1. Short title, etc.
TITLE I—Protecting victims of tax-related identity theft
Sec. 101. Expedited refunds for identity theft victims.
Sec. 102. Single point of contact for identity theft victims.
Sec. 103. Enhancements to IRS PIN Program.
Sec. 104. Electronic filing opt out.
TITLE II—Shutting down abusive identity theft and tax fraud schemes
Sec. 201. Restrictions on ability to use prepaid cards for tax fraud.
Sec. 202. Limitation on multiple tax refunds to the same account.
TITLE III—Adding critical new protections to safeguard social security numbers
Sec. 301. Restriction on access to the death master file.
Sec. 302. Prohibiting the display of Social Security account numbers on newly issued Medicare identification cards and communications provided to Medicare beneficiaries.
Sec. 303. Prohibition of the display, sale, or purchase of Social Security numbers.
Sec. 304. Criminal penalties for the misuse of a Social Security number.
Sec. 305. Civil actions and civil penalties.
TITLE IV—Strengthening laws and improving enforcement against tax-related identity theft
Sec. 401. Criminal penalty for using a false identity in connection with tax fraud.
Sec. 402. Increased penalty for improper disclosure or use of information by preparers of returns.
Sec. 403. Authority to transfer Internal Revenue Service appropriations to use for tax fraud enforcement.
Sec. 404. Local law enforcement liaison.
TITLE V—Accelerating transition to a real-time tax system that protects taxpayers and reduces fraud
Sec. 501. Improvement in access to information in the National Directory of New Hires for tax administration purposes.
Sec. 502. Plan of action for transitioning to a real-time tax system.
Protecting victims of tax-related identity theft
Expedited refunds for identity theft victims
Not later than 180 days after the date of enactment of this Act, the Secretary of the Treasury, or the Secretary’s delegate, shall establish a plan of action to reduce the administrative time required to process and resolve cases of identity theft in connection with tax returns, including the issuance of refunds to legitimate taxpayers, to no more than 90 days, on average.
Single point of contact for identity theft victims
Not later than 180 days after the date of enactment of this Act, the Secretary of the Treasury, or the Secretary’s delegate, shall establish new procedures to ensure that any taxpayer whose return has been delayed or otherwise adversely affected due to identity theft has a single point of contact at the Internal Revenue Service throughout the processing of his or her case. The single point of contact shall track the case of the taxpayer from start to finish and coordinate with other specialized units to resolve case issues as quickly as possible.
Enhancements to IRS PIN Program
In general
The Secretary of the Treasury, or the Secretary’s delegate, shall issue a personal identification number to identity theft victims as soon as practicable after their true identity has been established and verified.
Report
Not later than 360 days after the date of enactment of this Act, the Secretary of the Treasury shall submit to Congress a report analyzing the effectiveness of the program described in subsection (a) in reducing tax fraud.
Electronic filing opt out
Not later than 180 days after the date of enactment of this Act, the Secretary of the Treasury, or the Secretary’s delegate, shall implement a program under which a person who has filed an identity theft affidavit with the Secretary may elect to prevent the processing of any Federal tax return submitted in an electronic format by a person purporting to be such a person.
Shutting down abusive identity theft and tax fraud schemes
Restrictions on ability to use prepaid cards for tax fraud
Accounts with elevated risk of identity theft
In general
Not later than 360 days after the date of the enactment this Act, the Federal primary financial regulatory agencies, in consultation with the Secretary of the Treasury, shall jointly prescribe regulations requiring newly issued deposit or transaction account numbers, as the case may be, to be distinguishable between verified accounts and at-risk accounts.
Definitions
As used in this section—
the term
at-risk account
means any deposit account or transaction
account, including accounts associated with a prepaid access arrangement, that
is not a verified account;
the term
primary financial regulatory agency
has the same meaning as in
section 2(12) of the Dodd-Frank Wall Street Reform and Consumer Protection Act
(
12 U.S.C. 5301(12)
); and
the term
verified account
means any deposit account or transaction
account in which the identity of the account holder and any prepaid access
customer associated with the account is verified by—
customer identification procedures that comply with section 5318(l) of title 31, United States Code; and
direct review of an original, unexpired government-issued form of identification bearing a photograph or similar safeguard, such as a driver’s license or passport.
GAO audit of debit card issuers To ensure compliance with customer identification requirements
Review and evaluation
The Comptroller General of the United States shall review and evaluate the effectiveness of the current Customer Identification Program rules implementing the customer identification program requirements under section 5318(l) of title 31, United States Code, as such rules apply to the prepaid card industry.
Required considerations
The review and evaluation required under paragraph (1) shall—
consider whether weaknesses in current customer identification programs are contributing to identity theft and financial loss, particularly with respect to tax fraud; and
review whether—
current risk-based standards for customer identification are the best means to prevent criminal use of prepaid cards and provide sufficient guidance and certainty to the sellers and providers of prepaid access;
current exclusions from customer identification requirements, such as exclusions for government benefit programs, are appropriate; and
Federal regulatory agencies exercise adequate oversight and supervision of customer identification practices of the prepaid card industry.
Report to Congress
Not later than 360 days after the date of the enactment this Act, the Comptroller General of the United States shall submit to Congress a report—
on the findings of the review and evaluation required under paragraph (1); and
containing any recommendations or proposals for legislative or administrative action to improve the customer identification practices of the prepaid card industry.
Limitation on multiple tax refunds to the same account
In general
Not later than 180 days after the date of enactment of this Act, the Secretary of the Treasury, or the Secretary's delegate, shall issue regulations that restrict the delivery or deposit of multiple tax refunds from the same tax year to the same individual account or mailing address.
Exception
The regulation promulgated under subsection (a) shall provide that the restrictions shall not apply in cases and situations where the Secretary determines there is not a likelihood of tax fraud.
Adding critical new protections to safeguard social security numbers
Restriction on access to the death master file
In general
Not later than 90 days after the date of the enactment of this Act, the Commissioner of the Social Security Administration shall vest all responsibilities for the release of Social Security death records to non-governmental persons or entities with the Secretary of Commerce through a memorandum of understanding.
Prohibition
The Secretary of Commerce shall not disclose information contained in Social Security death records to any non-governmental person or entity with respect to any individual who has died at any time during the calendar year in which the request for disclosure is made or the succeeding 2 calendar years unless such person is certified under the program established under subsection (c).
Certification program
In general
The Secretary of Commerce shall establish a program—
to certify persons who are eligible to access the information described in subsection (b) contained on the Death Master File, and
to perform periodic and unscheduled audits of certified persons to determine the compliance by such certified persons with the requirements of the program.
Certification
A person shall not be certified nor remain certified under the program established under paragraph (1) unless—
the Secretary of Commerce determines that access to the information described in subsection (b) is appropriate because—
such person has a legitimate interest in preventing fraud or unauthorized financial transactions,
such access will facilitate compliance by such person with an applicable law, regulation, court order, or fiduciary duty,
such access will facilitate timely and proper administration by such person of an insurance policy or benefit program, or
such person is subject to disclosure requirements under section 502 of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6802 ), section 620 of the Fair Credit Reporting Act (15 U.S.C. 1681r), or any other Federal statute that the Secretary determines, following notice and comment rulemaking, provides sufficient protection against improper disclosure of information described in subsection (b), and
the Secretary of Commerce verifies that such person has facilities and procedures in place to safeguard such information, and experience in maintaining the confidentiality, security, and appropriate use of such information.
Fees
The Secretary of Commerce shall establish under section 9701 of title 31, United States Code, for the charge of fees sufficient to cover all costs associated with evaluating applications for certification and auditing, inspecting, and monitoring certified persons under the program.
Imposition of penalty
In general
Subject to paragraph (2), any person who is certified under the program established under subsection (c), who receives information described in subsection (b), and who during the period of time described in subsection (b)—
discloses such information to any other person, or
uses any such information to commit, or aid or abet, any criminal offense,
Exception
A person who—
is certified under the program established under subsection (c),
upon request by another person, verifies that an individual is or is not deceased pursuant to information contained on the Death Master File, and
does not disclose any additional information described in subsection (b),
Exemption from Freedom of Information Act requirement with respect to certain records of deceased individuals
In general
Subsequent to the date on which the Secretary of Commerce establishes the program described in subsection (c)(1), the Social Security Administration shall not be compelled to disclose any information described in subsection (b) to any non-governmental person or entity who is not certified under such program.
Treatment of information
For purposes of section 552 of title 5, United States Code, this section shall be considered a statute described in subsection (b)(3)(B) of such section 552.
Prohibiting the display of Social Security account numbers on newly issued Medicare identification cards and communications provided to Medicare beneficiaries
In general
Not later than 2 years after the date of the enactment of this Act, the Secretary of Health and Human Services, in consultation with the Commissioner of Social Security, shall establish and begin to implement procedures to eliminate the unnecessary collection, use, and display of Social Security account numbers of Medicare beneficiaries.
Newly issued medicare cards and communications provided to beneficiaries
Newly issued cards
In general
Not later than 4 years after the date of enactment of this Act, the Secretary of Health and Human Services, in consultation with the Commissioner of Social Security, shall ensure that each newly issued Medicare identification card meets the requirements described in subparagraph (B).
Requirements
In general
Subject to clauses (ii) and (iii), the requirements described in this subparagraph are, with respect to a Medicare identification card, that the card does not display or electronically store (in an unencrypted format) a Medicare beneficiary’s Social Security account number.
Exception
The Secretary may waive the requirements under clause (i) in the case where the health insurance claim number of a beneficiary is the Social Security number of the beneficiary, the beneficiary's spouse, or another individual.
Use of partial account number
The Secretary of Health and Human Services, in consultation with the Commissioner of Social Security, may provide for the use of a partial Social Security account number on a Medicare identification card if the Secretary determines that such use does not allow an unacceptable risk of fraudulent use.
Communications provided to beneficiaries
Not later than 4 years after the date of enactment of this Act, the Secretary of Health and Human Services shall prohibit the display of a Medicare beneficiary’s Social Security account number on written or electronic communication provided to the beneficiary unless the Secretary, in consultation with the Commissioner of Social Security, determines that inclusion of Social Security account numbers on such communications is essential for the operation of the Medicare program.
Medicare beneficiary defined
In this section, the term Medicare beneficiary means an individual entitled to, or enrolled for, benefits under part A of title XVIII of the Social Security Act (42 U.S.C. 1395c et seq.) or enrolled for benefits under part B of such title (42 U.S.C. 1395j et seq.).
Conforming amendments
Reference in the Social Security Act
Section 205(c)(2)(C) of the Social Security Act (42 U.S.C. 405(c)(2)(C)) is amended—
by moving clause (x), as added by section 1414(a)(2) of the Patient Protection and Affordable Care Act ( Public Law 111–148 ), 6 ems to the left;
by redesignating clause (x), as added by section 2(a)(1) of the Social Security Number Protection Act of 2010 ( 42 U.S.C. 1305 note), as clause (xii); and
by adding after clause (xii), as redesignated by subparagraph (B), the following new clause:
Subject to section 302 of the Identity Theft and Tax Fraud Prevention Act of 2013 , social security account numbers shall not be displayed on Medicare identification cards or on communications provided to Medicare beneficiaries.
.
Access to information
Section 205(r) of the Social Security Act (42 U.S.C. 405(r)) is amended by adding at the end the following new paragraph:
To prevent and identify fraudulent activity, the Commissioner shall upon the request of the Attorney General or upon the request of the Secretary of Health and Human Services enter into a reimbursable agreement with the Attorney General or the Secretary to provide information collected under paragraph (1) if—
the requirements of subparagraphs (A) and (B) of paragraph (3) are met; and
such agreement includes appropriate provisions to protect the confidentiality of information provided by the Commissioner under such agreement.
.
Pilot program
Establishment
The Secretary shall establish a pilot program utilizing smart card technology to evaluate—
the applicability of smart card technology to the Medicare program under title XVIII of the Social Security Act ( 42 U.S.C. 1395 et seq. ), including the applicability of such technology to Medicare beneficiaries or Medicare providers; and
whether such cards would be effective in preventing fraud under the Medicare program.
Implementation
Initial implementation
The Secretary shall implement the pilot program under this subsection not later than 1 year after the date of enactment of this Act.
Scope and duration
The Secretary shall conduct the pilot program—
in not less than 2 States; and
for a period of not less than 180 days or more than 2 years.
Report
Not later than 12 months after the completion of the pilot program under this subsection, the Secretary shall submit to the appropriate committees of Congress and make available to the public a report that includes the following:
A summary of the pilot program and findings, including—
the costs or savings to the Medicare program as a result of the implementation of the pilot program;
whether the use of smart card technology resulted in improvements in the quality of care provided to Medicare beneficiaries under the pilot program; and
whether such technology was useful in preventing or detecting fraud, waste, and abuse in the Medicare program.
Recommendations regarding whether the use of smart card technology should be expanded under the Medicare program.
Definitions
In this subsection:
Medicare provider
The term Medicare provider includes a provider of services (as defined in section 1861(u) of the Social Security Act ( 42 U.S.C. 1395x(u) )) and a supplier (as defined in section 1861(d) of such Act ( 42 U.S.C. 1395x(d) )).
Secretary
The term Secretary means the Secretary of Health and Human Services.
Smart card
The term smart card means identification used by a Medicare beneficiary or a Medicare provider that includes anti-fraud attributes. Such a card—
may rely on existing commercial data transfer networks or on a network of proprietary card readers or databases; and
may include—
cards using technology adapted from the financial services industry;
cards containing individual biometric identification, provided that such identification is encrypted and not contained in any central database;
cards adapting technology and processes utilized in the TRICARE program under chapter 55 of title 10, United States Code, or by the Veterans’ Administration; or
such other technology as the Secretary determines appropriate.
Prohibition of the display, sale, or purchase of Social Security numbers
Prohibition
In general
Chapter 47 of title 18, United States Code, is amended by inserting after section 1028A the following:
Prohibition of the display, sale, or purchase of Social Security numbers
Definitions
In this section:
Display
The term display means to intentionally communicate or otherwise make available (on the Internet or in any other manner) to the general public an individual’s Social Security number.
Person
The term person means any individual, partnership, corporation, trust, estate, cooperative, association, or any other entity.
Purchase
The term purchase means providing directly or indirectly, anything of value in exchange for a Social Security number.
Sale
The term sale means obtaining, directly or indirectly, anything of value in exchange for a Social Security number.
State
The term State means any State of the United States, the District of Columbia, Puerto Rico, the Northern Mariana Islands, the United States Virgin Islands, Guam, American Samoa, and any territory or possession of the United States.
Limitation on display
No person may display any individual’s Social Security number to the general public without the affirmatively expressed consent of the individual.
Limitation on sale or purchase
Except as otherwise provided in this section, no person may sell or purchase any individual’s Social Security number without the affirmatively expressed consent of the individual.
Prerequisites for consent
In order for consent to exist under subsection (b) or (c), the person displaying or seeking to display, selling or attempting to sell, or purchasing or attempting to purchase, an individual’s Social Security number shall—
inform the individual of the general purpose for which the number will be used, the types of persons to whom the number may be available, and the scope of transactions permitted by the consent; and
obtain the affirmatively expressed consent (electronically or in writing) of the individual.
Exceptions
Nothing in this section shall be construed to prohibit or limit the display, sale, or purchase of a Social Security number—
required, authorized, or excepted under any Federal law;
for a public health purpose, including the protection of the health or safety of an individual in an emergency situation;
for a national security purpose;
for a law enforcement purpose, including the investigation of fraud and the enforcement of a child support obligation;
if the display, sale, or purchase of the number is for a use occurring as a result of an interaction between businesses, governments, or business and government (regardless of which entity initiates the interaction), including, but not limited to—
the prevention of fraud (including fraud in protecting an employee’s right to employment benefits);
the facilitation of credit checks or the facilitation of background checks of employees, prospective employees, or volunteers;
the retrieval of other information from other businesses, commercial enterprises, government entities, or private nonprofit organizations; or
when the transmission of the number is incidental to, and in the course of, the sale, lease, franchising, or merger of all, or a portion of, a business;
if the transfer of such a number is part of a data matching program involving a Federal, State, or local agency; or
if such number is required to be submitted as part of the process for applying for any type of Federal, State, or local government benefit or program;
Limitation
Nothing in this section shall prohibit or limit the display, sale, or purchase of Social Security numbers as permitted under title V of the Gramm-Leach-Bliley Act, or for the purpose of affiliate sharing as permitted under the Fair Credit Reporting Act , except that no entity regulated under such Acts may make Social Security numbers available to the general public, as may be determined by the appropriate regulators under such Acts. For purposes of this subsection, the general public shall not include affiliates or unaffiliated third-party business entities as may be defined by the appropriate regulators.
.
Conforming amendment
The chapter analysis for chapter 47 of title 18, United States Code, is amended by inserting after the item relating to section 1028 the following:
1028B. Prohibition of the display, sale, or purchase of Social Security numbers.
.
Study; report
In general
The Attorney General shall conduct a study and prepare a report on all of the uses of Social Security numbers permitted, required, authorized, or excepted under any Federal law. The report shall include a detailed description of the uses allowed as of the date of enactment of this Act, the impact of such uses on privacy and data security, and shall evaluate whether such uses should be continued or discontinued by appropriate legislative action.
Report
Not later than 1 year after the date of enactment of this Act, the Attorney General shall report to Congress findings under this subsection. The report shall include such recommendations for legislation based on criteria the Attorney General determines to be appropriate.
Effective date
The amendments made by this section shall take effect on the date that is 30 days after the date on which the final regulations promulgated under section 5 are published in the Federal Register.
Criminal penalties for the misuse of a Social Security number
Prohibition of wrongful use as personal identification number
No person may obtain any individual’s Social Security number for purposes of locating or identifying an individual with the intent to physically injure, harm, or use the identity of the individual for any illegal purpose.
Criminal sanctions
Section 208(a) of the Social Security Act ( 42 U.S.C. 408(a) ) is amended—
in paragraph (8),
by inserting or
after the semicolon; and
by inserting after paragraph (8) the following:
except as provided in subsections (e) and (f) of section 1028B of title 18, United States Code, knowingly and willfully displays, sells, or purchases (as those terms are defined in section 1028B(a) of title 18, United States Code) any individual’s Social Security account number without having met the prerequisites for consent under section 1028B(d) of title 18, United States Code; or
obtains any individual’s Social Security number for the purpose of locating or identifying the individual with the intent to injure or to harm that individual, or to use the identity of that individual for an illegal purpose;
.
Civil actions and civil penalties
Civil action in State courts
In general
Any individual aggrieved by an act of any person in violation of this Act or any amendments made by this Act may, if otherwise permitted by the laws or rules of the court of a State, bring in an appropriate court of that State—
an action to enjoin such violation;
an action to recover for actual monetary loss from such a violation, or to receive up to $500 in damages for each such violation, whichever is greater; or
both such actions.
Statute of limitations
An action may be commenced under this subsection not later than the earlier of—
5 years after the date on which the alleged violation occurred; or
3 years after the date on which the alleged violation was or should have been reasonably discovered by the aggrieved individual.
Nonexclusive remedy
The remedy provided under this subsection shall be in addition to any other remedies available to the individual.
Civil penalties
In general
Any person who the Attorney General determines has violated any section of this Act or of any amendments made by this Act shall be subject, in addition to any other penalties that may be prescribed by law—
to a civil penalty of not more than $5,000 for each such violation; and
to a civil penalty of not more than $50,000, if the violations have occurred with such frequency as to constitute a general business practice.
Determination of violations
Any willful violation committed contemporaneously with respect to the Social Security numbers of 2 or more individuals by means of mail, telecommunication, or otherwise, shall be treated as a separate violation with respect to each such individual.
Enforcement procedures
The provisions of section 1128A of the Social Security Act (42 U.S.C. 1320a–7a), other than subsections (a), (b), (f), (h), (i), (j), (m), and (n) and the first sentence of subsection (c) of such section, and the provisions of subsections (d) and (e) of section 205 of such Act ( 42 U.S.C. 405 ) shall apply to a civil penalty action under this subsection in the same manner as such provisions apply to a penalty or proceeding under section 1128A(a) of such Act (42 U.S.C. 1320a–7a(a)), except that, for purposes of this paragraph, any reference in section 1128A of such Act ( 42 U.S.C. 1320a–7a ) to the Secretary shall be deemed to be a reference to the Attorney General.
Strengthening laws and improving enforcement against tax-related identity theft
Criminal penalty for using a false identity in connection with tax fraud
In general
Section 7206 of the Internal Revenue Code of 1986 is amended—
by striking
Any person
and inserting the following:
In general
Any person
, and
by adding at the end the following new subsection:
Use of false identity
Any person who willfully misappropriates another person's taxpayer identity (as defined in section 6103(b)(6)) for the purpose of making any list, return, account, statement, or other document submitted to the Secretary under the provisions of this title shall be guilty of a felony and, upon conviction thereof, shall be fined not more than $250,000 ($500,000 in the case of a corporation) or imprisoned not more than 5 years, or both, together with the costs of prosecution.
.
Aggravated identity theft
Section 1028A(c) of title 18, United States Code,
is amended by striking or
at the end of paragraph (10), by
striking the period at the end of paragraph (11) and inserting ;
or
, and by adding at the end the following new paragraph:
section 7206(b) of the Internal Revenue Code of 1986 (relating to use of false identity in connection with tax fraud).
.
Effective date
The amendments made by this section shall apply to offenses committed after the date of the enactment of this Act.
Increased penalty for improper disclosure or use of information by preparers of returns
In general
Section 6713(a) of the Internal Revenue Code of 1986 is amended—
by striking
$250
and inserting $1,000
, and
by striking
$10,000
and inserting $50,000
.
Criminal penalty
Section 7216(a) of the Internal Revenue Code of 1986 is
amended by striking $1,000
and inserting
$100,000
.
Effective date
The amendments made by this section shall apply to disclosures or uses after the date of the enactment of this Act.
Authority to transfer Internal Revenue Service appropriations to use for tax fraud enforcement
For any fiscal
year, the Commissioner of Internal Revenue may transfer not more than
$10,000,000 to the Enforcement
account of the Internal Revenue
Service from amounts appropriated to other Internal Revenue Service accounts.
Any amounts so transferred shall be used solely for the purposes of preventing
and resolving potential cases of tax fraud.
Local law enforcement liaison
Establishment
The Commissioner of Internal Revenue shall establish within the Criminal Investigation Division of the Internal Revenue Service the position of Local Law Enforcement Liaison.
Duties
The Local Law Enforcement Liaison shall serve as the primary source of contact for State and local law enforcement authorities with respect to tax-related identity theft and other tax fraud matters, having duties that shall include—
receiving information from State and local law enforcement authorities;
responding to inquiries from State and local law enforcement authorities;
administering authorized information-sharing initiatives with State or local law enforcement authorities and reviewing the performance of such initiatives;
ensuring any information provided through authorized information-sharing initiatives with State or local law enforcement authorities is used only for the prosecution of identity theft-related crimes and not re-disclosed to third parties; and
any other duties as delegated by the Commissioner of Internal Revenue.
Accelerating transition to a real-time tax system that protects taxpayers and reduces fraud
Improvement in access to information in the National Directory of New Hires for tax administration purposes
In general
Paragraph (3) of section 453(i) of the Social Security Act ( 42 U.S.C. 653(i) ) is amended to read as follows:
Administration of Federal tax laws
The Secretary of the Treasury shall have access to the information in the National Directory of New Hires for purposes of administering the Internal Revenue Code of 1986.
.
Effective date
The amendment made by this section shall take effect on the date of the enactment of this Act.
Plan of action for transitioning to a real-time tax system
Not later than 270 days after the date of enactment of this Act, the Secretary of the Treasury, or the Secretary's delegate, shall submit to Congress a report analyzing and outlining options and potential timelines for moving toward a tax system that reduces burdens on taxpayers and decreases tax fraud through real-time information matching.
