To protect against identity theft, IRS adds additional protections to Centralized Authorization File, Transcript Delivery System; changes designed to protect sensitive tax pro,[...]

IR-2024-136, May 8, 2024

WASHINGTON - With identity theft and refund fraud an ongoing concern, the Internal Revenue Service today highlighted additional protections for tax professionals being taken to increase security for the Centralized Authorization File (CAF) program and placed new guidelines on requesting client transcripts by phone.

"Tax professionals continue to present a tempting target to identity thieves and fraudsters," said IRS Return Integrity and Compliance Services Director James Clifford. "With identity theft an ongoing concern, the IRS has taken additional steps needed to protect both tax professionals and their clients given the sensitivity and importance of the information involved. The IRS will continue working with the tax professional community on these issues to minimize burden on practitioners while also working to ensure the safety and security of this information."

The IRS has become increasingly concerned about the risk a compromised CAF number presents to tax professionals and taxpayers. In these cases, there is risk that fraudsters could use a compromised CAF to obtain transcripts and other sensitive taxpayer personally identifiable information (PII) to commit identity theft refund fraud and other crimes. In many cases, the fraudster has not only obtained a practitioner's CAF number but also has the practitioner's sensitive personal information.

To address this issue, the IRS has a process in which suspected compromised CAF numbers are placed into a suspended status pending further review. Once placed into a suspended status, the owner of the CAF number will be contacted to confirm if the CAF number has been compromised. If the compromise is confirmed, the IRS will take the appropriate actions to address the compromised CAF number. The IRS recognizes the significance of the CAF process and is continuously working on ways to expedite this review process for impacted practitioners.

More information about this issue can be found in a special alert issued today by the IRS Office of Professional Responsibility.

In addition to the changes being made to protect tax professionals from a compromised CAF number, the IRS has also taken related security steps to change how tax professionals can order transcripts by phone through the Transcript Delivery System (TDS).

Tax professionals now need to call the Practitioner Priority Service (PPS) line to request transcripts to be deposited into their Secure Object Repository (SOR) mailbox. IRS employees on other phone lines may not be authorized to provide transcripts through the SOR delivery method. Tax professionals will need to pass enhanced authentication. If the identity of the caller cannot be verified, transcripts will not be delivered using the SOR delivery method but will instead be mailed to the taxpayer's address of record.

Tax professionals should also be on the lookout for unsolicited scam emails asking to provide credential information such as CAF number, Electronic Filing Identification Number (EFIN) information and driver's license. These emails may look like they are coming from the IRS or a tax software company. Tax professionals who receive these unsolicited emails should report them to [email protected].

As work in this important area continues, the IRS will remain in contact with national tax professional organizations and others in the tax community.