security and e-services-how to protect your efin, ptin ......security and e-services-how to protect...
TRANSCRIPT
Security and e-services-How to Protect Your EFIN, PTIN, and CAF Number
Diane Garibado: Good morning, everybody! How are you this morning? It is bright and early, really bright up here on this stage. So, thank you for joining me and welcome to E-Services and Security, How to Protect Your EFIN, PTIN and CAF number. My name is Diane Garibado, as Kim mentioned, and I work in Electronic Products and Services Support or EPSS.
At the end of our presentation today you will know and understand what secure access is and what the two factor authentication requirements are, how to maintain your e-file application and know how to monitor and protect your EFIN, PTIN and CAF number.
So, some of your tax forum veterans may recall a few decades ago the tax form concept was developed around electronic filing and getting people to participate in e-file. We were here encouraging you all to get EFINs and participate in electronic filing. How many of you here in the room this morning have EFINs? Great! Wonderful! So, we have some great experience here.
So, in 2011 E-File became mandatory for most of us and so it's been a while since we've done a presentation here at the forums, but we think it's time that we come back and talk to you about protecting your E-Services account and your EFINs as well.
Okay, so the biggest change in the EFIN arena is not so much to the program itself, but more around the rise of security threats, putting both you and your clients at risk.
The last time we did a presentation, identity theft was just emerging in the tax world and in recent years there's been an evolution of attacks, identity theft, criminals posing as tax payers and filing fraudulent refunds. Today's cyber criminals are part of highly organized, sophisticated, tax savvy criminal syndicates based both here and abroad.
Our criminal investigation team is doing a presentation here as well on scams and data theft. I hope you go by and see that presentation and learn some tips on how to protect yourself, your business and your clients. Our criminal investigative agents tell us that on the dark web, the part of the world wide web that's hidden
1
from search engines, criminals sell tax payer data, names, social security numbers and addresses and also sell everything a criminal might need in order to file fraudulent tax returns, including EFINS, PTINs and CAF numbers.
A couple of years ago it became very clear to us that we needed to do more to protect E-Services.
So, we had some security upgrades last year in 2017, and after a year of careful planning and communication, we had two major projects that went off almost essentially at the same time. First, we were migrating E-Services to a new digital platform. This completed a multi-year project. This was the last phase of the project and the most complex. We had to migrate over 300,000 user accounts, e-file applications, user names, passwords and more. This was very challenging and it took us longer than we anticipated. If you've accessed your e-file application recently though you'll notice that it has a better look and feel, it's more intuitive, and we think you'll have better experience with that now.
How many of you have accessed your e-file application since around December? Okay, okay, we're getting there. So, we had to complete this E-Services upgrade before we could take our next major step of the year which was to move these services behind the protection of secure access. Secure access protects all of the E-Services accounts by ensuring that they've reregistered and completed this rigorous identity proofing process.
The process is used by the IRS to protect not only tax professional services, but also some of the tax payer services like "Get a transcript online," "Get an IP Pin," "Direct Pay," and others.
So secure access protects in two ways; first, it ensures the person creating the account is who they say they are.
And then the second way is through the two-factor authentication requirement. It ensures that the user is the account holder that created the account by requiring a security code to be sent back that comes either through your cell phone or through your IRS To Go app. Two factor authentication means returning users need both their credentials, their user name and their password, and that
2
security code in order to access E-Services.
So even if a thief can steal your user name and password through a phishing scam, it's highly unlikely that they're also going to have your cell phone. So today more than 120,000 users have re-registered with secure access and more are joining us and re-registering every day. So, I'm going to ask you again, show of hands, how many of you have logged into your E-Services account since December? Okay, so successful registrations? Good.
Great! If you haven't re-registered, I urge you to do some immediately. Updating your E-Services account is critical to protecting your account and preventing criminal takeover of that account and the criminal getting access to your information and to your clients' information.
If you're new to secure access, we have step by step tutorials available on IRS.gov. If you go to HYPERLINK "http://www.irs.gov/secureaccess" www.irs.gov/secureaccess, the tutorials are located there. I'll give you a few tips about what you need to get started. First you need a readily available email address; you also need your social security number and your filing status from your filed return, personal financial account information from either a credit card, home mortgage, a line of credit or from a car loan.
And then, lastly, you'll need a cell phone registered in your name to complete the process in one session. Some people are unable to complete that process. The purpose is to set a high bar to protect these sensitive accounts. Existing E-Services users have access to an exception process which is a manual process that allows us to validate you in a different way than would occur online.
For technical reasons, we could not provide that same exception process to new users; however, we are working on a process right now that will allow us to exception process new users who fail to authentication through secure access. We do realize that this has been a hardship for some tax professionals.
So before go on and get into the heart of the security issues, let me take a few minutes to talk to you about E-Services.
3
E-services is a suite of web based tools used by tax professionals, reporting agents, mortgage industry partners, payers and others to complete online transactions with the IRS. State tax personnel, software developers, transmitters, Vita volunteers, large businesses and payroll providers all use E-Services. The tools include e-file application, transcript deliver system, TIN-Matching or taxpayers identification number matching, and it also has a secure mailbox, and there's more.
Most of you here probably use e-file application and the transcript delivery system. These services are only available to IRS approved business partners and not to the general public. The E-Services account is the gateway to some of the most sensitive information we have online.
So, there are two critical publications that you should bookmark, save and reference often; first is the Publication 3112, IRS e-file application and participation. This is a step by step guide to the application process and it helps you identify who needs to be listed on that application and also what role you might play in e-file.
The second publication is Publication 1345. It's the handbook for authorized e-file providers of individual tax returns. This provides the rules of the road for electronic filers, approved providers, once you have received your EFIN. These publications are both available on IRS.gov and available on PDF and web content. We're in the process of updating these publications, so I would urge you to check back often and look for updates in those publications.
So, the IRS is the only legitimate source for that EFIN.
It is critical that providers go through the process that's outlined in Publication 3112. We have learned that some practitioners are trying to skip the e-file application process and they're buying their EFINs from tax preparers. They are either unaware of or refuse to follow the rules. This poses a security threat to e-file in general. If we learn of this violation, we will remove those providers.
If you know of anyone that's selling, renting or otherwise misusing their EFIN, please call us at the E-Help desk at 866-255-0654. I'm going to give that number again and I'm going
4
to give it throughout the presentation. So, it's 866-255-0654. I'm just going to take a little sip of water.
Does everybody have some coffee? I know it's early.
So, the e-file application is a three-step process which, first, the responsible officials and principles register through that secure access process that I described earlier, then the firm submits and e-file application identifying the provider option that they will use as part of e-file, so maybe you're a transmitter or maybe you're a software developer, or maybe you're an electronic return originator like most of you are here.
You're also going to include those responsible officials, principles and delegates on that application. It does take a little time for us to process that application. It can take up to 45 days, so make sure if you have to submit a new application, or your first application, that you're allowing plenty of time to do that.
So, a few words about the people that are listed on the application; the responsible official is a person with authority over the e-file program at a specific site. This person is responsible for ensuring adherence to the e-file rules, publications, revenue procedures and any e-file notices that are issued at that particular site. A responsible official can sign an amended or changed application and also maybe the first point of contact on an application.
The principle is an individual or individuals authorized to represent the firm in any legal and tax matters, so if you're a sole proprietor, that's you; if you're part of a partnership, one or more of the partners will be listed on the application, and in a corporate structure it would be a president, vice president, secretary or treasurer that’s authorized to take any actions on behalf of the firm.
There's also very often a primary contact that's listed on the application; this may be a principle or responsible official, or it can be somebody else designated by the firm. We also have delegated users that are listed on the applications. So, these are the people that are identified by the firm to have the authority to use the E-Services tools allocated to the firm. Delegated users can also have principle consent, which means they can have the authority of the principle delegated to them by the principle and take any actions
5
that that principle might need to take, like submit new applications or make changes to the application.
So, the third step in the process, or the final step in the process, is passing a suitability check. The responsible officials, principles and the firm itself all must pass suitability checks. Delegates on the application do not undergo suitability checks, however a delegated user is not – sorry, the principles and responsible officials are responsible for all of the activities taken by a delegated user.
So, it's very important that we take real consideration about who we're listing on the application and who we're giving those permissions to because ultimately the principles and the responsible officials are responsible for their actions. So, suitability checks include a criminal background check, tax checks to ensure compliance with all required tax returns and pay in that they're paid and then we also look to see whether or not there are any fraud penalties assessed.
Lastly, we check for any noncompliance history with e-file itself. So, again, this can take up to 45 days. Make sure that you allow time to submit those applications. Once you're approved we send you a letter in the mail issuing the EFIN to the firm which is now the authorized e-file provider.
Even with all this activity around your application, your work isn't done yet. Okay, so maintaining your e-file application. So, once you've completed the application process and you've received your EFIN, it's important that you keep your account up to date. Review your application periodically and make sure that you're making the required changes. Review the individuals that are listed on that application; make sure that nobody has changed positions or roles within your company or maybe has moved on to another position.
Failure to make updates to your application can result in the inactivation of your EFIN. So, let's make sure, again, we have the appropriate individuals listed on the application, their contact information is listed appropriately, the address for your firm is correct and that those delegated users are listed appropriately on your application.
6
Please remember that your EFIN is not transferable. If you sell your business, you cannot sell the EFIN; the new principle must apply for their own EFIN.
There must be an EFIN for each office location where there will be EFIN transmission, so if you expand your business and you add another location, if you're transmitting to the IRS, then you'll be required to obtain a new EFIN.
So, monitoring your EFIN. You want to help us make sure that you're safeguarding your EFIN. During the filing season you can check your EFIN status and be sure that it's not being used by others. The e-file application displays the number of tax returns filed by each EFIN so you can match that information against your own records to determine whether or not your EFIN is being misused.
Our statistics are updated weekly. If you're transmissions statistics do not match your records and are significantly different, please contact that e-help desk at 866-255-0654; again 866-255-0654. So how do check your EFIN status? You're going to login into your E-Services account going to the E-Services landing page and you're going to select application and e-file application. You're going to log in through that secure access process, receiving your security code and entering that information, and then you're going to be brought to your organizational page.
Some of you might be listed on multiple EFINs so you want to make sure that you select the correct company that you're trying to look at, and then once you're into the application you will see the EFIN status along that navigational tool bar that will allow you to click on that page and then the information about the tax returns by type of return will be displayed on your page.
ERO’s also affect the acknowledgements that are issued from the IRS. Every time you transmit a tax return, we send an acknowledgement back to you. It tells you the status was accepted or rejected and if it was rejected, what the business rule was and what the appropriate action for you to take is. It's also a way of seeing whether or not your EFIN is being misused. So, every acknowledgement should be checked by someone in your office to make sure that the transmission was appropriate and was valid.
7
So, tax professionals who are also CPAs, enrolled agents or who participate in the annual filing season and file more than 50 returns can also check the status of their PTIN. This also will show the number of returns filed by your PTIN and all you need to do to access that information is go online to IRS.gov and select your PTIN account and then access your "View returns filed per PTIN."
So, both these CAF and EFIN checks are like a really quick way for you to determine if something is amiss. Looking at these on a weekly basis, schedule it on your calendar, will help you keep track of what's going on.
So, the CAF number. This is a unique nine-digit number that's assigned when the first time a representative submits a third-party authorization to the IRS and then that number is used on any subsequent authorizations that your file. How many of you here have submitted third-party authorizations to the CAF?
Okay, great! So how many of you think once you've submitted that power of attorney your work is done and you can just go on your merry way in your work? Anybody think that? I love this. Good, excellent.
Tax professionals must make an annual review of their authorizations and their clients and compare them and make sure that if any of the clients that you've submitted an authorization for that you withdraw your representative once that person is no longer your client or if your work with them is done.
There are instructions on Form 2848 and Form 8821 on how to withdraw your representative. We also have Publication 947, Practice before the IRS and the Power of Attorney, there's an entire section on how to withdraw your representative. So please go ahead and check those pieces of information out.
We contacted a small sample of taxpayers this year and they had third-party representative on their account and we reached out and asked them if they had given permission for the representative to act on their behalf, and unfortunately many of the taxpayers said "no," they did not give their permission.
So obviously we suspended those accounts, those authorizations right away when the taxpayers reported that they had not given
8
their permission, but this also was a strong indicator to us that authorizations may also now be in the hands of identify thieves. So, we added some additional identify proofing questions when representatives call the 1-800 line.
So now we ask for both the date of birth and the social security number when you call us. These are the same questions that we might ask a third-party on the 1040 line. And we know that some folks found this burdensome and were not really comfortable with that. We did look at some alternatives, but the risk that cyber criminals might be impersonating tax practitioners was just too great and we knew we need to take some more actions.
So, if you are reluctant to give out your information while your client is in your room or in the office with you, you can always have them step out when you're connected with an assister and provide that information or your can have your client provide oral authorization to the assister over the phone granting your permission to received whatever information you're looking for.
So, if you, again, don’t want to share your social security number or your date of birth with your client in the office, because that is sensitive information and we get it, then certainly oral authorization while that customer is in the office might be the best option for you.
So, it's critical that you make sure that your authorizations are up to date. Some of that might have contributed to taxpayers saying, "I hadn't given permission," because they might have been authorizations that were years old, right?
So, let's make sure that we're checking that and doing at least an annual check, maybe more often depending on the turnover in your office. So, we had one other change that we made to the power of attorneys and the authorizations this year about – it's all about making taxpayers aware of when you might be sharing information with another vendor. We call these vendors intermediate service providers and they are companies who offer services to tax professionals such as the ability to process client transcripts through the transcript delivery system on your behalf. When you use those types of vendors, you must notify your client by including that information on your authorization.
9
So, there's information again in the instructions on the Form 2848 and the 8821 on how to include that notification to your client if you're using one of these services.
Okay, so protecting. Now we're getting down to the security issues. So increasingly identify thieves are targeting tax professionals to gain access to client data or sensitive account information. A common scam includes efforts by criminals to steal information from the E-Services account or from the EFIN sometimes even posing as the IRS. We have a page on IRS.gov for you called "Identity Theft for Tax Professionals" with tips on how you can protect your clients' sensitive data.
We also have the Security Summit, which is a partnership between the IRS, the state tax agencies and the tax industry and they've made some recommendations that we're going to share with you today on how to protect your EFIN. Their number one thing is learn to recognize phishing emails, especially those pretending to be the from the IRS from E-Services, the tax industry, a software provider or a cloud storage provider.
Never open a link or any attachment in an email that you find suspicious. Remember the IRS will never contact a tax professional, initiate contact to a tax professional via email. You should create a data security plan using Publication 4557, "Safeguarding Tax Payer Data," or use the small business information security fundamentals published by the National Institute of Standards and Technology. Make a review of your internal controls. Be sure to install malware and anti-virus software on all devices, laptops, desktops, routers, tablets and phones, and make sure that your security updates are always set to automatic.
Create complex passwords, 8 characters or more; 8 is great, 10 is better. Use your special characters, your alphanumeric characters and use phrases for strong passwords. Use different passwords for different accounts. Consider password manager programs. Password protect your wireless devices and encrypt all sensitive and files and emails. Make sure that you backup sensitive data to a safe and secure external source not connected to a full-time network. Wipe, clean or destroy all hard drives or printers that have access or contained sensitive information. Limit access to taxpayers' data to individuals that have a need to know. Not
10
everybody in your office probably has a need to know the information about the clients that are on your desk so make sure that your information is locked up and secure if it's printed or certainly password protected on any electronic device.
Be sure to check your EFIN status, as we discussed earlier, by logging in to E-Services and accessing your e-file application and selecting e-file status. Report data loss to the appropriate IRS stakeholder liaison. Stakeholder liaison information can be found, again, on IRS.gov by googling "IRS stakeholder liaison." Stay connected to the IRS; subscribe to our emails and to our news channels like Quick Alerts and E-news for Tax Professionals and join us on social media.
Remember the IRS does our part. We continuously review EFINs and take necessary actions to inactivate any EFINs found to be compromised. When an EFIN appears to be compromised, the EFIN will receive the 905-business rule. It cannot be resolved without contacting the e-help desk, and very often this is the way we identify when somebody might be using an EFIN by mistake or for fraudulent reasons.
So certainly, call the e-help desk at 866-255-0654 to resolve any issues related to the 905.
So, protecting e-file. Safeguarding taxpayer information and protecting e-file is a priority for the IRS. Identity theft fraud requires providers be diligent in detecting schemes and patterns related to identity theft. Early detection of these schemes and patterns is the best way to protect your client and your business. While all providers must be on the lookout for fraud and abuse in the IRS, tax professionals, as the first point of contact for a taxpayer filing a return, must be extra diligent in recognizing fraud and abuse and reporting it to the IRS.
Cooperate with our investigations. Make available upon request any information related to returns with potential fraud or abuse. The IRS monitors through IRS records and through site visits. During monitoring visits, the IRS may look for compliance with IRS e-file rules and they also may include reviewing quality of e-file submissions including looking at rejects and other defects. We also look at adherence to signature requirements. We scrutinize advertising material, examine records and observe your office procedures.
11
The IRS may also monitor your compliance with due diligence related to earned income tax credits. Know when you need to apply for a new EFIN. The EFIN is assigned to a firm at a specific location where returns are being transmitted.
ERO’s may need to submit applications for any additional locations, fixed locations, whether they be owned or leased; for example, if you open a second location and offer full tax preparation services, you prepare and collect tax information and then transmit return information to the IRS, you need a second EFIN for that new location. However, if you're not transmitting your returns from that second location, you do not require a new EFIN.
This can be confusing, and if you have questions certainly call us at the e-help desk again at 866-255-0654. Please remember that EFINs are not transferable so if you purchase someone else's business or they have purchased yours, you must obtain your own EFIN and undergo that suitability process.
So, I've given you lots of examples about when to call the e-help desk, but we're going to talk a little bit more about that. You're likely familiar with both the e-help desk and the Practitioner Priority toll free service. Both are toll-free lines dedicated to assisting tax professionals, but there are separate representatives with distinctly different training. The Practitioner Priority Service is to resolve your clients' account issues. If you have authorization on the CAF file, you can contact the Practitioner Priority Service and discuss a tax account issue. The Practitioner Priority Service telephone number is 866-860-4259. Again, 866-860-4259.
The e-help desk is a technical help desk where you can receive assistance with E-Services, e-file rejects, transcript delivery issues, TIN matching situations, any assistance related to any electronic product or service.
And again, the e-help desk telephone number is 866-255-0654. Okay, some best practices. So, to protect your clients' information and protect your E-Services tools remember to update your account and your application within 30 days of any changes. Keep your user name, password and PIN confidential. Never share your
12
user name, password or a PIN with anyone. Make sure that no one in your office is sharing a user name, password or PIN. If you have two people on your e-file application listed as delegated users, they both need to have their own account and undergo that identity proofing process we talked about earlier.
Contact that IRS at the e-help desk is there is any unauthorized use of your EFIN or your E-Services account. One more time 866-255-0654. Be sure that you're protecting the data that you are protecting the data that you accessed through E-Services. It's your obligation to protect all tax information. As I mentioned earlier, we went through that multi-year upgrade of E-Services and I urge you to familiarize yourself with that e-file application and make sure that you're aware of where your EFIN status information is in preparation is for the upcoming filing season. We encourage you to access your e-file application frequently and make those updates and make sure that you're monitoring your EFIN status. Previously your E-Services account password had to be reset every 90 days. Under secure access that is no longer the case, however you should periodically look at your profile and make sure you’ve made any necessary changes.
Again, the Security Summit and the IRS state tax agencies and the tax industry have been working to combat identity theft. You may have noticed that some software providers now require that you provide your EFIN to purchase tax preparation software. Some providers are asking you to submit a copy of your e-file application summary page to verify your EFIN and issue what's called a vendor control number or VCN. This verification process is indicative of the IRS's approach to security. We need to know who you are and what access to our systems that you have.
Much of the Security Summit activity has been around strengthening that verification and making sure that we know and have higher confidence in the person who is accessing IRS e-file. That's what secure access and the VCN process are all about.
So, we're asking you to do your part about keeping your information up to date and monitoring your activities. Just think for one second about how many social security numbers have been stolen in recent years. Last year the credit bureau breach alone involved 143 million social security numbers, names and addresses. Securing taxpayer data is not something the IRS can do
13
by itself. We can't do it even with working with our state tax partners and our tax industry. We need everybody working together to secure the IRS tax eco-system. We've made some missteps along the way and we're committed to working with you to make everything more secure.
So, let me share this final slide and then I'll go ahead and take some questions. These are critical publications that we ask again that you bookmark and share with everyone in your office.
So first, again, is that Publication 3112, the IRS E-File Application and Participation and the Step-by-Step Guide to Submitting your E-File Application and knowing who needs to be listed on your application and what your role in e-file may be. Publication 1345, the Handbook for Authorized E-File Providers of Individual Tax Returns. Again, the Rules of the Road for Approved Providers. Publication 4557, Safeguarding Taxpayer Data. This provides easy to use step by step information about security steps you should take and how to take them. It also includes the requirement by the Federal Trade Commission, also known as the Safeguard Rule which is a law that passed in 1998 that gave the FTC authority to require certain financial institution, which includes tax preparers to create and maintain a written data security plan.
Publication 5293 is a data security resource for tax professionals. It's a new publication that we created which pulls together many of our resources on security that we have on IRS.gov. You can download this publication and share it with your staffs. You can tell by this presentation that security is a priority for the IRS. In addition to my seminar, my colleagues in RIC’s are hosting one on identity theft victim assistance process for you and your clients, which includes several policy changes that may be of interest to you.
Our CI agents are also hosting two presentations, one on common scams and one on steps you can take to protect your business and recovery if you are a victim. Our CI agents see tax professionals who are victims every day and you can learn from them.
We also have a security booth in the exhibition hall. Myself and some of my colleagues will be down there to answer your
14
questions. I'll be down there today as well as tomorrow, so certainly stop by and ask any questions that we don't get to today. On Thursday there'll be a seminar hosted by cyber security experts who will explain how you can better secure your office and your data. I also one more time want to urge you to stay in touch with the IRS.
How many of you subscribe to Quick Alerts? All right. How about the E-News for Tax Professionals? Wonderful! If you don't, please go out and sign up for these now and also join us on social media. Very often we use these channels to transmit information to you or give you information in real time. So, if there's a scam going on or there's a system outage or there's something we want to make you aware of, these are the first places you want to go to check that information.
So, let me go ahead and pause and I'll take some questions. Please go up to the microphones for any questions. No questions? Okay. Go ahead, sir!
Male 1: Is there any reason why a PTIN number has to be on the forms given to the clients?
Diane Garibado: The PTIN number does not have to be; it can be masked on the copy to the client. It does not have to be on there.
Female 1: If we ever did open up our e-file EFIN section and discover that we had too much, what's going to happen when we call in? Will we like all the sudden lose our tax office EFIN? What's going to happen?
Diane Garibado: Oh, no, no. There is a process. So, you'll work with your stakeholder liaison to identify which clients might have been affected. Again, sometimes something being off can certainly just be a result of somebody transposing a number, right? So, there are different situations. You still want to be aware of it. So, when you contact that e-help desk, likely what they'll do is shut down that EFIN and assign a good new EFIN to you so that your work can continue and your clients – you're still moving forward and moving on. And then the stakeholder liaison will work with you if there's an issue that is involving fraud or some potential
15
hack or something like that. So, they'll work with you in any criminal investigation agents that need to get involved in that.
Female 2: May I ask a question please?
Diane Garibado: Yes.
Female 2: On the 2848 I have some difficulty when I no longer was representing the client because sometimes a client leaves for various reasons and it's my understanding that I'm supposed to have the clients sign off to take her off my representation and that's not always practical.
Diane Garibado: Okay, all right. I think I have some information that I can share with you at the security booth. I don't want to give you an incorrect answer. So, if you'll come downstairs to the tax exhibition hall either today or tomorrow, I'll be there all day. Anyone else? All right, well thank you very much.
16
=
Security and e-services-How to Protect Your EFIN, PTIN, and CAF Number-Glossary
Centralized Authorization File CAF number- A CAF number is a unique nine-digit identification number and is assigned the first time you file a third party authorization with IRS. A letter is sent to you informing you of your assigned CAF number. Use your assigned CAF number on all future authorizations.CAF numbers are different from the third party's TIN (Taxpayer Identification Number), EIN (Employer Identification Number) or PTIN (Preparer Identification Number). CAF numbers may be assigned to an individual or a business entity.
Electronic Filing Identification Number EFIN- is a number assigned by the Internal Revenue Service to preparers that are accepted into the fed/state e-file program. To become an authorized IRS e-file provider, preparers must submit an application and undergo a screening process.
Electronic Products and Services Support EPSS- The Electronic Products & Services Support (EPSS) organization is a stand-alone organization reporting to the Director, Customer Accounts Services (CAS) in the Wage & Investment (W&I) Division. EPSS is a centralized office for the management of IRS electronic products and services within W&I CAS. The EPSS vision is to Advance IRS electronic business opportunities to meet the changing demands of the future while delivering a positive customer experience. The mission is to support customer-valued e-solutions for Service-wide electronic products and services. Visit the EPSS web site at http://win.web.irs.gov/epss_home.html for more information.
An Electronic Return Originator ERO- is the Authorized IRS e-file Provider that originates the electronic submission of a return to the IRS. The ERO is usually the first point of contact for most taxpayers filing a return using IRS e-file.
E-Services- is a suite of web-based tools that allow tax professionals, reporting agents, mortgage industry, payers and others to complete transactions online with the IRS.
The Preparer Tax Identification Number PTIN- is an identification number that all paid tax return preparers must use on U.S. federal tax returns or claims for refund submitted to the Internal Revenue Service (IRS).
Vendor Control Number VCN-is a new data element transmitted with Individual 1040 returns starting with tax year 2016. It is a safeguard to prevent fraudulent returns from being filed.
17
Security and e-services-How to Protect Your EFIN, PTIN, and CAF Number-Index
Centralized Authorization File CAF number 1-15
Electronic Filing Identification Number EFIN 1-15
Electronic Products and Services Support EPSS 1 An Electronic Return Originator ERO 7, 11 E-Services 1-15 The Preparer Tax Identification Number PTIN 1, 7, 14 Vendor Control Number VCN 12
18