The issue I have with it is it's completely unsurprising. They just don't care and are testing the waters with the consequences or the lack thereof for these types of lies. It's going to get a lot worse before it gets better.
What is frustrating to me is the IRS was scammed. They sent my refund to some identity thief. This from an institution that if I owed them 10 cents, they could track down all of my financial accounts but they decide to deposit in some rando's account.
Sorry that happened to you, but these verifiers won't solve that problem. It's pretty easy to get a picture of someone's face and irises. Especially once a few more data bases inevitably leak so the government can get the data for free use.
That doesn't solve anything when the fraudster is filing a fake return. They are under no obligation to include all of your carefully chosen income and deductions that get you to $1000 owed.
What? In order to get a refund, that means you have to overpaid what you owe. It's pretty simple. If you are not putting in enough, the fraudster cannot get a refund as you still owe. Like, where is the break down? They would have to know how much you have paid, and then file so many deductions that it'd probably trigger an audit. If you file that many audits not with an account signing off of them, I could only imagine that would trigger an audit as well. Then again, the IRS has been beaten so badly that they barely have enough employees to function.
The fraudster claims that you installed energy efficient home improvements that qualify for the max $3,200 tax credit. Now that $1,000 in tax owed is a $2,200 refund. Maybe you get audited, but the IRS is certainly not auditing everyone who claims a tax credit.
I mean, the US is the country that doesn't want a national id.
So instead the defacto ID is your SSN. This was never designed with that in mind, lacks all security mechanisms/checksums and all.
And if you were born before a certain time, all digits except the last few were determined by where you were born. And those last digits are the ones they frequently ask for...
In DK they just send it to your "nem konto", the same bank account that also gets your wages. More or less a sym link, so even if you move bank it will follow. Makes life easy.
In a sane world, this would just be a case of fraud between the IRS and the fraudster, and the person whose information was used would have nothing to do with it. It's unfortunate that we have this need to call it "identity theft" in order to try to shift the responsibility to some unrelated third party.
Here in Denmark we have MitID, which you kind of use for everything. Taxes, every private banking login (you switch banks, keep the login), signing documents, all kinds of healthcare websites and apps, student loans and what not.