To use electronic signatures on Form 4506-C submissions, please contact your assigned servicing site. The service does not endorse nor recommend any electronic signature provider, however any provider used must adhere to all the criteria established below. Income Verification Express Service (IVES) electronic signature requirements This document includes the requirements for the suggested framework all IVES Participants must follow to participate in the electronic signature program for IRS Form 4506-C submissions. Background Since a growing number of transactions now occur online, a legal debate in recent years over the validity of electronic contracts and the enforceability of electronic signatures. The Electronic Signature in National and Global Commerce Act, commonly referred to as E-Sign, Public Law 106-229- June 30, 2000, resolves this debate by authorizing the creation of electronic contracts, as well as the use of electronic records relating to such agreements. In the process, it provides uniform national standards for the use of electronic signatures, which have grown in use and importance over the past few years. The most promising electronic-signature technology comes in the form of “digital signatures,” which use public key cryptography. This involves two related keys: a unique “private key” for the user, that encrypts the information, and a corresponding “public key” that unlocks the information and verifies the user’s identity. Other currently popular types of electronic signatures include clickwrap signatures (e.g., an “I accept” button on a website), passwords, and biometric signatures (e.g., voice prints and fingerprints). An electronic signature is defined as an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. The Electronic Signature Act as a general matter states the following: Applies to all transactions if the consumer affirmatively consents to the use of electronic procedures unless the transaction is specifically excluded under the terms of the act itself. Permits the use of an electronic signature in any transaction if both parties consent to the usage. Dictates that any document in electronic form or executed with an electronic signature is fully enforceable. Sets forth electronic record retention requirements. Provides that electronic records are fully admissible in any legal proceeding. Definition of electronic signature A technologically neutral term indicating various methods of signing an electronic message that (a) identify and authenticate a particular person as source of the electronic message, and (b) indicate such person's approval of the information contained in the electronic message (definition from GPEA, Public Law 105-277). Examples of electronic signature technologies include PINs, user identifications and passwords, digital signatures, digitized signatures, and hardware and biometric tokens. E-Sign law requirements There are currently five requirements of the E-Sign law which we propose to implement: The signature must be under the sole control of the individual. Password based signatures should be used in conjunction with PKI, signature stamps, electronic seals as well as simple click-wrap. For IVES we are requesting use of an electronic signature. The signature must be verifiable. Electronic signature technology will verify in real time using complex algorithms or through forensic analysis of the signature dynamics or measurements. The signature must be unique to the individual. Each signature gathered must be unique to an individual regardless of whether it is a physical measurement like a fingerprint or virtual measurement like the click of a mouse. The signature must establish the individual’s intent to be bound to the transaction. Signatory must be fully aware of the purpose for which the signature is being provided, regardless of underlying technology. The signature must be applied in a tamper-evident manner. Industry standard encryption must be used to protect the users’ signatures and the integrity of the documents to which they are affixed. IVES participants must follow the suggested framework for IVES electronic signature requirements Authentication: IVES participants must validate that the signer is who they say they are and that the document has made it into the correct hands. The most common form of authentication is “Two Factor,” referring to something the signer has (e.g., emailed successfully into their in-box) and something the signer knows (e.g., a pass code). Other common authentication options include Knowledge based Authentication (KBA) where the signer is presented with multiple choice questions, and Single Sign-On (SSO), where “keys” or credentials are passed along from another website. Consent: IVES participant must get consent from signer to receive and sign documents electronically prior to moving forward with the viewing and signing ceremony. This is typically done with a one-page consent form presented to the signer after authentication and prior to gathering signatures. Signer must either accept or reject the consent. Electronic aignature: Must be an electronic symbol logically associated with a record and executed or adopted by a person with the intent to sign the record. For IVES purpose, we will require an electronic signature to validate the name(s) against the name(s) listed on either the Form 4506-C. Tamper proof seal: After the electronic signature is collected, the document must be made tamper proof to ensure its validity. (A tamper proof seal is an electronic seal which is a piece of data attached to an electronic document or other data, which ensure data origin and integrity). Non-repudiation: An audit log of the entire electronic signing ceremony must accompany the document for future use as needed for non-repudiation. Data in the log must include date and time of creation, IP address of the signer, document lifecycle notifications, result of authentication, result of consent, and result of each electronic signature in the document. IVES participant retention of documentation: All audit log information as well as the associated Form 4506-C, must be retained by the IVES participant for a period of 2 years. Quality review: All IVES participants using electronic signatures must use an independent party to audit and ensure all electronic signature requests meet all requirements stated throughout this document. This audit along with its findings will be provided annually to the IVES Headquarters (HQ) analysts. IVES participants with findings showing a failure to meet all requirements will not be allowed to continue using electronic signatures. Each month the participant will select the first electronically signed request for review. The skip interval will apply from there. All IVES participants will develop their own skip interval each month by dividing their total number of requests by the sample size of 125. The participant can stop the selection process once 125 electronically signed Form 4506-C requests have been verified against the audit log for the month. The only exception is for months where fewer than 125 requests were processed. Participants should select and review all requests in a month where fewer than 125 requests were processed. Monthly results must be submitted with annual audit findings and computations. Annual audit findings must be submitted by January 31 of the following year unless a request for an extension of time is submitted and granted prior to the due date. The audit findings should compare the audit log information against the Form 4506-C, to validate the name(s) and date(s). Submit the e-signature audit report to the following e-mail address: ts.ives.participant.assistance@irs.gov. Upon request the audit logs and the Form 4506-C, will be made available throughout the year to the IVES HQ analysts. Income Verification Express Service (IVES)
