AICPA identifies problems with IRS’s electronic signature rules

By Alistair M. Nevius, J.D.

Verification through records checks and authentication questions may risk clients’ data security and be impractical for some.

Jeffrey Porter, CPA, chair of the AICPA’s Tax Executive Committee, sent a letter to IRS Commissioner John Koskinen in late September raising concerns about the IRS’s recently issued guidance on electronic signatures. The letter addresses the electronic signature standards that apply when a taxpayer does not appear in person before the tax return preparer to present a valid form of identification.

In March, the IRS updated Publication 1345, Handbook for Authorized IRS e-File Providers of Individual Income Tax Returns, to authorize taxpayers to sign, and practitioners to accept, e-file authorization forms containing electronic signatures. (For more on the new standards, see “E-File and Digital Signatures: Where Are We Now?The Tax Adviser, June 2014, page 430.)

The IRS guidance requires the practitioner to record the taxpayer’s name, Social Security number, address, and birthdate and to verify that this information is “consistent with the information provided through record checks with the applicable agency or institution or through credit bureaus or similar databases.” The key to this verification, for taxpayers who do not appear in person, is that it conform to Level 2 assurance in National Institute of Standards and Technology (NIST) Special Publication 800-63, Electronic Authentication Guideline, and knowledge-based authentication or higher assurance level.

Level 2 assurance under this standard entails verifying the taxpayer’s identity through records checks with credit bureaus and other databases and includes dynamic knowledge-based authentication, which involves generating questions from U.S. public records and credit reports and requiring the taxpayer to correctly answer those questions.

In the context of electronically signing a tax return, the AICPA letter says, this implies it will require the tax return preparer to send the taxpayer’s data to an identity verification vendor before the taxpayer can sign the return.

The AICPA asked the IRS to clarify whether dynamic knowledge-based authentication is required in all cases where a taxpayer is electronically signing a return without appearing before the return preparer to show a valid form of identification. If dynamic knowledge-based authentication is required, the AICPA has identified three problems with it.

First, introducing a third-party identity verification vendor into the process increases the risk of compromising the taxpayer’s private data. Second, the process itself can harm the CPA’s trusted relationship with the taxpayer. And, third, dynamic knowledge-based authentication will not work for certain taxpayers who would most benefit from electronic signatures, such as children and expatriates, because they do not have enough personal information in U.S. public databases to allow the authentication to work.

The AICPA in its letter suggested some alternatives to dynamic knowledge-based authentication that the IRS should consider:

  1. Provide an exception to the dynamic knowledge-based authentication requirement for Circular 230 practitioners (i.e., CPAs, attorneys, and enrolled agents);
  2. Consider the taxpayer’s identity to be authenticated if the return preparer has a secure client portal requiring a strong password or shared secret questions for verifying the taxpayer’s identity; or
  3. Allow dynamic knowledge-based authentication to draw data only from within the return preparer’s secure firewall, so that sensitive taxpayer information does not have to be shared outside the firewall.
  • Letter, Jeffrey A. Porter, CPA, chair of the AICPA Tax Executive Committee, to IRS Commissioner John Koskinen, Sept. 24, 2014

By Alistair M. Nevius, J.D., the JofA’s editor-in-chief, tax.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.