Identity theft and refund fraud remains an ongoing concern among taxpayers and tax professionals. With that, the IRS has added additional protections for tax professionals to increase security for the Centralized Authorization File (CAF) program and placed new guidelines on requesting client transcripts by phone.
There is risk that fraudsters could use a compromised CAF to obtain transcripts and other sensitive taxpayer personally identifiable information (PII) to commit identity theft refund fraud and other crimes. In many cases, the fraudster has not only obtained a practitioner’s CAF number but also has the practitioner’s sensitive personal information.
To address this issue, the IRS has a process in which suspected compromised CAF numbers are placed into a suspended status pending further review. Once placed into a suspended status, the owner of the CAF number will be contacted to confirm if the CAF number has been compromised. If the compromise is confirmed, the IRS will take the appropriate actions to address the compromised CAF number. The IRS recognizes the significance of the CAF process and is continuously working on ways to expedite this review process for impacted practitioners.
More information about this issue can be found in a special alert issued by the IRS Office of Professional Responsibility.
In addition to the changes being made to protect tax professionals from a compromised CAF number, the IRS has also taken related security steps to change how tax professionals can order transcripts by phone through the Transcript Delivery System (TDS).
Tax professionals now need to call the Practitioner Priority Service (PPS) line to request transcripts to be deposited into their Secure Object Repository (SOR) mailbox. IRS employees on other phone lines may not be authorized to provide transcripts through the SOR delivery method. Tax professionals will need to pass enhanced authentication. If the identity of the caller cannot be verified, transcripts will not be delivered using the SOR delivery method but will instead be mailed to the taxpayer’s address of record.
Tax professionals should also be on the lookout for unsolicited scam emails asking to provide credential information such as CAF number, EFIN information and driver’s license. These emails may look like they are coming from the IRS or a tax software company. Tax professionals who receive these unsolicited emails should report them to phishing@irs.gov.