In an attempt to stem the tide of identity theft and refund fraud, the IRS has announced increased security measures for the Centralized Authorization File (CAF) program and has adopted new guidelines for tax professionals requesting client transcripts by phone. (IR 2024-136, 5/9/2024)
Compromised CAF numbers.
According to the News Release, the IRS has become increasingly concerned about compromised CAF numbers. A CAF number is a nine-digit number the IRS assigns to practitioners who are authorized to represent clients before the IRS. The IRS uses CAF numbers to determine and verify the extent of a practitioner’s authority to represent a taxpayer and to receive and inspect that taxpayer’s confidential tax information. The IRS also uses CAF numbers to keep track of requests for client information (like transcripts), while safeguarding both the client’s and the tax professional’s personal information.
The IRS appears to be particularly concerned that fraudsters could use a compromised CAF number to obtain transcripts and other sensitive taxpayer personally identifiable information (PII) to commit identity theft, refund fraud, and other crimes.
Suspended practitioners can’t obtain client info.
To address this issue, the IRS suspends CAF numbers it suspects are compromised. A practitioner’s CAF number can be compromised in various ways, such as when a practitioner sends a Form 2848, Power of Attorney and Declaration of Representative, to a client who is then subject to a data breach. A practitioner may not know that their CAF number has been compromised until they call the IRS asking to discuss a client matter and are told that the discussion cannot occur because the practitioner’s authority to represent the client can’t be verified.
Once the IRS suspends a practitioner’s CAF number, the IRS will contact the practitioner to determine if their CAF number has been compromised. If the practitioner confirms their CAF number has been compromised then, after verifying the practitioner’s identity, the IRS will assign the practitioner a new CAF number and move their clients to the new CAF number.
There is more information about the process of verifying practitioner’s with compromised CAF numbers in OPR Alert 2024-05.
Security changes to TDS.
In addition to making changes to protect tax professionals from a compromised CAF number, the IRS has also changed how tax professionals can order transcripts by phone through the Transcript Delivery System (TDS).
Now tax professionals will need to call the Practitioner Priority Service (PPS) line to have client transcripts deposited into their Secure Object Repository (SOR) mailbox. The IRS has stated that employees on other phone lines may not be authorized to provide transcripts through SOR.
Tax professionals will also need to pass an enhanced authentication process to access client information.
Note. When the tax professional’s identity can’t be verified, the IRS will not deliver transcripts to the practitioner’s SOR mailbox but instead will mail transcripts to the taxpayer’s address of record. Failure to authenticate may also trigger the IRS to suspend the tax professional’s CAF number.
Email scams.
The News Release also reminds tax professionals to be on the lookout for unsolicited scam emails asking them to provide information such as CAF numbers, Electronic Filing Identification Number (EFIN) information, and driver’s licenses. These emails may look like they are coming from the IRS or a tax software company. Tax professionals who receive these unsolicited emails should report them to phishing@irs.gov.
For more information about the power-of-attorney information recorded in the IRS’ central authorization file (CAF), see Checkpoint’s Federal Tax Update ¶ T-1167.
Get all the latest tax, accounting, audit, and corporate finance news with Checkpoint Edge. Sign up for a free 7-day trial today.