Any tax practitioner who has contacted the IRS after January 3, 2018 to obtain client information has received an unpleasant surprise. The IRS is asking the practitioner to provide his or her social security number and date of birth for authentication purposes. There is no doubt this is an attempt to address security concerns, including concerns about compromised CAF numbers, but the change has caught many in the tax community off guard and led to unpleasant exchanges with IRS personnel.
Although the IRS has not released a formal statement concerning these new procedures, it has reached out directly to the tax professional community via the following email from its Stakeholder Liaison offices:
The IRS continues to review its procedures to better protect sensitive taxpayer data. As part of this effort, the IRS will request additional information from tax professionals who contact us through the Practitioner Priority Service or any toll-free IRS telephone number.
This procedural change will require tax practitioners to provide personal information so that our customer service representatives may confirm their identities. This additional information may include data such as your Social Security number and your date of birth. This personal information, in addition to the CAF number, is necessary to verify the identities of the person to whom we are releasing taxpayer information.
We’ve also made an update to Form 2848, Power of Attorney, and Form 8821, Tax Information Authorization, that will require you to inform your client if you are using an Intermediate Service Provider to access client transcripts via the Transcript Delivery System. A box must be checked if you are using a third party. We define Intermediate Service Providers as privately owned companies that offer subscriptions to their software and/or services that the taxpayer’s authorized representative can use to retrieve, store, and display tax return data (personal or business) instead of obtaining tax information directly from the IRS. The IRS must know who is using our tools; and taxpayers must know when a party other than their authorized representative is involved in accessing their sensitive data.
We realize there have been a number of changes for tax professionals in recent weeks. But each change is intended to enhance protections for you and your clients. Unfortunately, business as usual is no longer an option. Cybercriminals are well-funded, persistent and adept at stealing data from outside the IRS and using it to eventually file fraudulent tax returns. As cybercriminals evolve, so must we.
As part of our efforts, we also have strengthened protections for IRS e-Services. If you are an e-Services account holder, we urge you to immediately upgrade your account through our new two-factor identity verification process. Some of you may need to complete this process by mail which could add 10 days or more to the process. Please, do not wait until the start of filing season or until you have an urgent need for one of the e-Services tools before updating your account.
In the future, we will be asking each e-Service user to sign a new user agreement intended to ensure that all tax professionals understand their security obligations. We will share this information with you in advance.
Protecting you and your clients from identity theft is a paramount issue for us. But we can’t do it alone. We need your help and your understanding as we continue to review and enhance our procedures.”
Security and identity theft continue to be a challenge for the IRS and tax practitioners and the IRS will continue to introduce procedures to protect itself and taxpayer information. However, in the future, notifying the tax community of changes prior to implementation would be advisable.
If you have any questions related to this blog post or any other civil tax or criminal tax-related matter, please feel free to call me at (214) 749-2456 or by email at firstname.lastname@example.org.