3.42.8 Secure Access and E-Services Procedures for Electronic Products and Services Support (EPSS)

Manual Transmittal

September 09, 2021

Purpose

(1) This transmits revised IRM 3.42.8, Electronic Tax Administration, Secure Access and E-Services Procedures for Electronic Products and Services Support (EPSS).

Material Changes

(1) IRM 3.42.8.1, Program Scope and Objectives - In (2) added employees located in Martinsburg, WV. In (3) added language for Audience. Added program owner, primary stakeholders and program goals language.

(2) IRM 3.42.8.1.2 Authority - Added new section.

(3) IRM 3.42.8.1.3 Roles and Responsibilities - Added new content to describe support provided by e-help, Technical Services and Operations Support Chiefs. The Taxpayer Bill of Rights (TBOR) content updated.

(4) IRM 3.42.8.1.4 Program Management and Review - Added new section.

(5) IRM 3.42.8.1.5 Program Controls - Added new section.

(6) IRM 3.42.8.1.7 Related Resources - Added new section.

(7) IRM 3.42.8.4.2, Password Problems - In (1) removed reference to answering security questions.

(8) IRM 3.42.8.4.5, Disable Account - In (3) added note to ensure you disable correct account when same names are listed. In (7) removed reference to security questions/answers.

(9) IRM 3.42.8.5, Secure Access Digital Identity (SADI) for Taxpayer, IPU 21U0869 issued 06/22/2021- Subsection describing new modernized identity proofing and authentication solution (Secure Access Digital Identity (SADI)). EPSS will provide limited support after initial account creation.IRM 3.42.8.5, E-Services - In (2), removed note referring to Registration is no longer an e-Services product.

(10) IRM 3.42.8.5.1, Restricting an Account, IPU 21U0869 issued 06/22/2021 - Subsection with information and steps to restrict SADI created IRS online account.

(11) IRM 3.42.8.5.2, Un-Restricting (Enabling) an Account, IPU 21U0869 issued 06/22/2021 - Subsection with information and steps to un-restrict (enable) SADI created IRS online account.

(12) IRM 3.42.8.7, Secure Access Authentication for Tax Professionals - Removed mention of e-Services Registration migration behind SAA in December of 2017.

(13) IRM 3.42.8.7.2.1, Existing E-Services Users - In (3) under Circular 230 Participant, replaced link with Note: Enrolled Agents (EA) verified systemically. In (4) If/Then chart under Met and Not Met, removed instruction to add a comment in the applicable application.

(14) IRM 3.42.8.7.2.2, New E-Services Users - In (3) added language to determine if caller is an existing e-Services user using IRM 3.42.8.6.2.1 before completing the exception process.

(15) IRM 3.42.8.8, Taxpayer Identification Number (TIN) Matching - In (2) added Form 1099-G and Form 1099-NEC to list of forms where applicant must be a payer of income subject to backup withholding.

(16) IRM 3.42.8.8.3, Replace a Principal - In (1) added language in second sentence to ensure you authenticate callers properly.

(17) IRM 3.42.8.9.7, Income Verification Express Service (IVES) Users, IPU 21U0729 dated 05/14/2021 - In (1) and (4) replaced Form 4506-T and 4506T-EZ with form from the Form 4506 family.

(18) IRM 3.42.8.10.3, Missing Links - In (2) third bullet, added instruction for when application was not documented correctly.

(19) Exhibit 3.42.8-1 - Added ACA, CAF, DOD, EPSS, IDT, IP PIN, OLS, OPA, OSA, RAIVS, SOR, and TSO to list of acronyms.

(20) Editorial changes made throughout the IRM section including:

  • Incorporation of plain language standards

  • Correction to hyperlinks, website addresses, IRM references, and typographical errors

  • Updated terminology

Effect on Other Documents

IRM 3.42.8 dated 09/17/2020 (effective 10/01/2020) is superseded. This IRM also incorporates IRM Procedural Update (IPU) 21U0729 issued 05/14/2021 and IPU 21U0869 issued 06/22/2021.

Audience

EPSS e-help desk assistors, Technical Services Operation (TSO) employees, and managers, analysts, business owners, and others who provide support to users of IRS electronic products and services.

Effective Date

(10-01-2021)

Sasha Lanes
Director, Electronic Products and Services Support
Wage and Investment Division

Program Scope and Objectives

  1. Purpose: This IRM section provides instructions for Electronic Products and Services Support (EPSS) phone assistors working in Andover MA, Atlanta GA, Austin TX, Cincinnati OH, Martinsburg WV and Ogden UT who respond to external customers needing assistance or information when using e-Services web based products.

  2. Audience: EPSS tax examining technicians and information technology specialists who respond to secure access and e-Services inquiries.

  3. Policy Owner: Director, EPSS

  4. Program Owner: EPSS, Operations Support, Program Management

  5. Primary Stakeholders: All IRS users of electronic products and services.

  6. Program Goals: To support customer-valued e-solutions for Servicewide electronic products and services.

Background

  1. In 2007, Electronic Products and Services Support (EPSS) was created. One of the primary programs in EPSS is e-Services, which is a suite of web-based products that provides customers with electronic options for interacting with the IRS. Customers include tax professionals, financial institutions, state agencies, IRS employees, and other qualified business partners.

  2. EPSS provides electronic products and services support to individuals, businesses and e-file providers.

  3. EPSS support includes:

    • Electronic Filing (e-file)

    • Electronic Federal Tax Payment System (EFTPS)

    • Electronic Services (E-Services)

    • Filing Information Returns Electronically (FIRE)

    • Acceptance Agent Application

    • Foreign Account Taxpayer Compliance Act (FATCA) online registration and International Compliance Management Module (ICMM) Error Notifications

    • Affordable Care Act (ACA) Form Acceptance

Authority

  1. EPSS is guided by the following legal and regulatory authorities:

    • IRC Section 7803(a)(3), Taxpayer Bill of Rights

    • IRC 6103, Confidentiality and Disclosure of Returns and Return Information

    • Treasury regulation section 301.6011-2(c)(1)

    • Protecting Americans from Tax Hikes (PATH) Act

    • Restructuring and Reform Act of 1998 (RRA 98)

    • Taxpayer First Act Section 2301

Roles and Responsibilities

  1. The Taxpayer Bill of Rights (TBOR) lists rights that already existed in the tax code, putting them in simple language and grouping them into 10 fundamental rights. Employees are responsible for being familiar with and acting in accord with taxpayer rights. See IRC 7803(a)(3), Execution of Duties in Accord with Taxpayer Rights. For additional information about the TBOR, see www.irs.gov/taxpayer-bill-of-rights.

  2. The Director of Electronic Products and Services Support (EPSS) is responsible for the development and delivery of policy and guidance that impacts assistors.

  3. The e-help Operations Chief offers technical assistance to the users of IRS electronic products and services: such as Electronic Return Originators (EROs), Software Developers, Transmitters, etc.

  4. The TSO Chief serves as a focal point for electronic processing of Form 1099 series, Form 1098, Form 5498, Form 1042-S, and all other Information Returns.

  5. The Operations Support (OS) Chief offers program management oversight to ensure the effectiveness of all programs under the jurisdiction of the EPSS Director.

  6. All employees complete duties following this IRM section and in accordance with Policy Statement 1-236, Fairness and Integrity in Enforcement Selection; see IRM 1.2.1.2.35.

Program Management and Review

  1. EPSS oversees and maintains programs by performing reviews and certification as described below:

    • Continual E-help Support System (EHSS) Knowledge Article Certification

    • EPSS Program Letter - documents expectations for telephone and paper inventory programs including quality review guidelines, goals and employee certification

    • Quality Measures - goals based on five quality attributes: Customer Accuracy, Procedural, Regulatory, Professionalism, and Timeliness. Quality review goals include frequency, method of sampling and performance targets. Reviews performed with the use of Contact Recording (CR) and Embedded Quality Review System (CQRS)

Program Controls

  1. CR and CQRS reviews of completed calls ensure compliance with IRM guidelines.

  2. Senior managers and program and policy analysts perform annual program reviews on a rotating basis to ensure adherence to policies and procedures.

Terms and Acronyms

  1. For a list of acronyms used in EPSS, see Exhibit 3.42.8-1.

  2. The table below lists only approved IRS business partners that are eligible to participate in e-Services

    • Figure 3.42.8-1

      Customer E-Services Product
      Tax professionals who register transcripts through Secure Object Repository (SOR) as an e-Services Product. Online e-file application
      Electronic Return Originators (ERO) who have e-filed 5 or more accepted returns Transcript Delivery System (TDS)
      Low Income Tax Clinics TDS
      Circular 230 Practitioners who qualify as Attorneys, CPAs or EAs TDS
      Reporting Agents TDS
      State Taxing Authorities TDS
      Payers of income subject to back-up withholding TIN Matching Application, Interactive TIN Matching, Bulk TIN Matching

Related Resources

  1. Resources available to help assistors in the performance of their duties include: Training, publications, Internal Revenue Manuals, EPSS communications and EPSS SERP Portal. Assistors must report their time under the right Organization, Function, and Program (OFP) codes for tracking purposes. See Exhibit 3.42.7-1, Organization, Function and Program (OFP) Codes (Phones and email), and Exhibit 3.42.7-2, e-help Organization, Function and Program (OFP) Codes (Paper), for programs to use when working telephones, email, and paper.

  2. Use the publications, IRMs, and websites below to resolve issues related to this IRM section:

    • Publication 1281 - Backup Withholding for Missing and Incorrect Name/TIN(s)

    • Publication 2108A, On-Line Taxpayer Identification Number (TIN) Matching Program.

    • Publication 3112 – IRS e-file Application and Participation

    • Rev. Proc. 2007-40 – Requirements of Participants in the IRS e-file Program

    • Rev. Proc. 2003-9 – E-Services Online TIN Matching Program

    • Rev. Proc. 97-22 – Guidance on Electronic Records

    • IRM 3.42.7 - EPSS Help Desk Support

    • IRM 3.42.10 - Authorized IRS e-file Providers

    • The Servicewide Electronic Research Portal (SERP) is designed to give all IRS employees intranet access to IRMs and other reference materials, and to retrieve frequently-referenced documents required to perform their jobs. Use the IRMs posted on SERP for the most up-to-date procedures.

Taxpayer Advocate Service

  1. The Taxpayer Advocate Service (TAS) is an independent organization within the IRS. TAS helps taxpayers who are experiencing economic harm, who are seeking help resolving tax problems the IRS has not resolved through normal channels, or who believe an IRS system or procedure is not working as it should be.

  2. In general, the e-help Desk does not answer account-specific questions (e.g., calls received regarding individual tax accounts). If the e-help Desk assistor cannot resolve an inquiry, referring the issue to TAS may be appropriate. Refer taxpayers to TAS (see IRM Part 13, Taxpayer Advocate Service) when the contact meets TAS criteria (see IRM 13.1.7, Taxpayer Advocate Service (TAS) Case Criteria) and you cannot resolve the taxpayers issue the same day. The definition of "same day" is within 24 hours. "Same day" cases include cases you can completely resolve in 24 hours, as well as cases in which you have taken steps within 24 hours to begin resolving the taxpayer's issue. Do not refer these cases to TAS unless they meet TAS criteria and the taxpayer asks to be transferred to TAS. Refer to IRM 13.1.7.5, Same Day Resolution by Operations. When referring cases to TAS, use Form 911, Request for Taxpayer Advocate Service Assistance (and Application for Taxpayer Assistance Order), and forward to TAS in accordance with your local procedures.

  3. There is a Service Level Agreement (SLA) between TAS and the Commissioner, Wage and Investment (W&I) Division, as well as SLAs between TAS and the other Operating Divisions. These agreements outline the procedures and responsibilities for the processing of TAS casework when either the statutory or Delegated authority to complete the case transactions rests outside of TAS. The W&I SLA is available at https://irssource.web.irs.gov/TAS/SitePages/SLA.aspx.

  4. TAS emphasizes the polite and respectful treatment of taxpayers and practitioners by IRS employees. See IRM 3.42.7.14.2, Telephone Etiquette, for e-help Desk policies.

  5. Congressional inquiries are referred to TAS.

Disclosure

  1. The Office of Disclosure administers the provisions of IRC 6103, "Confidentiality and disclosure of returns and return information." All IRS employees are responsible for ensuring taxpayer confidentiality is protected, and tax records are properly safeguarded and disclosed only as provided by law.

  2. E-help Desk assistors must prevent unauthorized disclosure of prohibited information when providing support to e-Services users. When giving information, confirm the identity of the person you’re speaking to on the telephone. Verify that the caller is authorized to receive the information. Disclose only what is necessary when giving information to third parties.

  3. See IRM 3.42.7.3.1, Office of Disclosure, for additional information on e-help Desk disclosure procedures. In addition, see IRM 3.42.7.14.5, Authentication and Authorization Guidelines. This section and the subsections that follow provide specific guidance for authenticating customers calling the e-help Desk including e-Services users.

  4. Complete information on disclosure, the Freedom of Information Act (FOIA), and the Privacy Act, may be found in IRM 11.3, Disclosure of Official Information. For questions or additional information use the Disclosure Contacts Link https://portal.ds.irsnet.gov/sites/vl003/Lists/DBasicsContacts/LandingView.aspx. The Disclosure Help Desk number and e-mail address are for internal use only.

Authorized Users

  1. Five categories of authorized users can access e-Services products:

    • Principal - a sole proprietor, a partner who has a 5 percent or more interest in a partnership, or a corporate officer (e.g., a President, Vice President, Secretary, Treasurer). A Principal for an entity that is not a sole proprietorship, partnership or corporation is an individual authorized to act for the entity in legal and/or tax matters.

    • Responsible Official - an individual designated by a Principal to perform specific duties of a Principal. In TIN Matching, this includes modifying an existing TIN Matching Application.

    • Delegated User - an individual authorized by a Principal or Responsible Official to perform duties for which they have been granted authority.

    • Authorized Agent - an individual that, with a payer's written authorization, matches name and TIN combinations on behalf of a payer.

    • Reporting Agent - an accounting service, franchiser, bank, service bureau or other entity that complies with Rev. Proc. 2012-32 and is authorized to prepare electronically Form 940, Employer's Annual Federal Unemployment (FUTA) Tax Return; Form 940-PR, Planilla para la Declaracion Anual del Patrono de la Contribucion Federal para el Desempleo (FUTA); Form 941, Employer's QUARTERLY Federal Tax Return; Form 941-PR, Planilla para la Declaracion Federal TRIMESTRAL del Patrono; Form 941-SS, Employer's QUARTERLY Federal Tax Return - American Samoa, Guam, the Commonwealth of the Northern Mariana Islands, and the U.S. Virgin Islands; Form 943, Employer's Annual Federal Tax Return for Agricultural Employees; Form 943-PR, Planilla para la Declaracion Anual de la Contribucion Federal del Patrono de Empleados Agricolas; Form 944, Employer's Annual Federal Tax Return; and Form 945, Annual Return of Withheld Federal Income Tax, for a taxpayer. Reporting Agents sign all the electronic returns that they file with a single Personal Identification Number (PIN) signature.

Caller Authentication
  1. IRM 3.42.7.14.5, Authentication and Authorization Guidelines, gives procedures for authentication and authorization for different types of e-Services customers.

Compromised Secure Access Account
  1. Users cannot log in to an e-Services application (i.e., IRS e-file application, TIN Matching, TDS, etc.) using another person's username and password. If it is determined the caller has accessed the system using another user's login credentials, do the following:

    • Advise the caller that this is a security violation and violation of the e-Services terms of agreement and that the login ID is a personal login, not a company login.

    • Ask to speak to the person who owns the login credentials. Advise owner of the security violation and advise them to change their password. Only after properly authenticating the caller, may you proceed with the call.

    • If the owner of the credentials does not come to the phone, advise caller that the call must be terminated. Request that the owner of the login credentials call the e-help Desk to enable the account. Determine what application the caller has accessed and document in the description. Do not disable the Secure Access Authentication account. Escalate to an incident and assign to e-Services Technical Level 2 provider group.

      Note:

      If the owner of the credentials calls in later to enable an account disabled by level 2 due to a security violation, complete High-Risk Authentication (HRA) and enable the account. To enable an account, follow the instructions in IRM 3.42.8.4.6, Enable Account. Advise the caller that this is a security violation and that the login ID is a personal login, not a company login. After the account is enabled, resolve any other account issues such as activating any inactive applications.

  2. If the caller believes, or the assistor discovers through discussion and/or research that their account was compromised, advise the caller to re-register and suggest using IRS2Go. Suggest their account be disabled. If the caller needs time to obtain a new mobile device (i.e., phone or tablet), they will need to call back to reactivate the account before they begin the Secure Access Authentication process. If caller would like their account disabled, follow steps in IRM 3.42.8.4.5 (4), Disable Account.

Secure Access Authentication for Taxpayers

  1. The Secure Access Authentication application is a shared service that allows a user to create an account to access IRS Online Applications (e.g., Get Transcript ONLINE, Identity Protection PIN (IP PIN), Online Payment Agreement (OPA), e-Services, ePostcard). The information required to create an account and level of validation varies based on the Online Application being accessed.

  2. Users "register" for Secure Access by creating an account. By creating an account, the user establishes a Username/password combination which expedites future access to IRS online applications as their authentication information is retained. For more information see "Secure Access: How to Register for Certain Online Self-Help Tools" https://www.irs.gov/individuals/secure-access-how-to-register-for-certain-online-self-help-tools. Additional Secure Access Authentication Information as it relates to e-Services users can be found in IRM 3.42.8.5.

  3. EPSS provides limited support for the following Secure Access related issues for inquiries received after the initial account creation:

    • Login issues (password, Username, locked out)

    • Customer believes they did not create account

    • Customer needs account disabled/enabled

    • Customer is experiencing problems with accessibility (508) software (Dragon, ZoomText, etc.)

    • Technical difficulties

      Note:

      All other Taxpayer related SAA issues are out of scope. See IRM 21.2.1.58, Secure Access eAuthentication, for more information.

  4. The taxpayer can designate a representative to act for them in enabling or disabling the taxpayer’s Secure Access/Online Services Account by submitting Form 2848. On the form, the taxpayer must indicate specific-use and indicate Disable or Enable Online Services Account in the "Matter" column (tax form/years would be marked "N/A" ).

  5. Follow all EPSS procedures for Interaction/Incident creation, solutions and authentication found within IRM 3.42.7.

Login Issues

  1. Research IDRS CC INOLES or IMFOLE to determine if the Date of Death (DOD) indicator is preventing access to the online account. If the DOD is preventing access to the online account, refer the caller to the Social Security Administration.

  2. If you cannot determine why the taxpayer is receiving the error message, provide the customer with an alternative online and/or telephone resource depending on the product they need.

Password Problems

  1. The password must meet the following requirements:

    • Be between 8 and 20 characters

    • Be case sensitive

    • Contain at least one numeric and one special character (excluded characters are the colon, semi colon, single quote, quotations, less than, greater than, period, question mark, parenthesis, slash and brackets)

    • Have at least one uppercase and at least one lowercase letter

    • Be entered twice

  2. If the customer does not remember their password or is unsuccessful after three attempts, have them use the ‘Forgotten Password’ link on the sign-in page.

    Note:

    If the taxpayer did not create an account, and previously entered as a guest, they will need to create an account.

  3. If the customer receives locked/re-register message, advise the customer to re-register or if they believe they have the correct password, they may re-enter it after waiting 24 hours.

  4. If customer cannot resolve their password issue, provide the customer with an alternative online and/or telephone resource depending on the product they need.

    Note:

    There are no limitations to using previous passwords.

Forgotten Username

  1. The Username is not case sensitive. Users who previously registered using the guest option cannot recover a Username; they must create an account.

  2. If the caller previously created an account and has forgotten their Username, direct them to the ‘Forgot Username’ link on the sign-in page. They will be asked to enter the last four digits of their SSN or ITIN, and the original email address they registered with, to get an email with their forgotten Username.

  3. If the caller did not receive an email with their Username after requesting it, their email provider may be blocking the message OR they may have made an error when entering the last four digits of their SSN (or ITIN)/original email address. Direct them back to the Forgot Username link and ask them to try and recover their Username again. If they still don’t receive the email with their Username, direct them to the re-register link on the Forgot Username page and have them click on the link to re-register.

  4. If the caller can no longer access the email address used during initial Secure Access account creation or does not remember their email address, they must re-register by clicking the “Forgot Username” link and then selecting the “reregister” link.

    Note:

    If user believes they used a different email address than first thought, they can try to recover their Username again by using the other email address.

Re-Registration

  1. Customers may need to re-register on occasion to gain access to online information.

  2. Customers can re-register with the same or different email address.

  3. When the customer re-registers, they will receive an email with a confirmation code, and their previous Username will no longer be valid.

  4. When the customer re-registers, they will receive an email at the email address used for their previous and new account.

  5. The customer must complete the required entries and follow the online guidance.

  6. The customer must completely re-register in one online session to eliminate problems.

  7. If the customer receives a message that they’re already registered, direct them back to the Forgotten Username page and click on re-register. The system should allow them to re-register during the second attempt.

Disable Account

  1. Differences in security requirements for the online applications (Get Transcript, Get an IP PIN, OPA) result in different customer experiences. The customer may receive an email or letter (CP 301) indicating an account was created, their profile has changed, or they passed IRS validation but were not eligible for an IP PIN or did not pass additional authentication.

  2. Explain the email/letter they received is related to IRS Online Services. Ask customer if they recall creating or updating an online account (did they self lock their OLA account or register for an online account to request a transcript, request an OPA, or obtain an IP PIN, but forgot?). If customer recalls creating an online account, close Interaction.

  3. If customer does not recall registering or updating their profile, or requests their account be disabled, advise the customer that you will disable the account.

    • If asked about how this account was used, explain we do not have the capability to research historical records associated with an online product.

    • If the caller is concerned that they may be a victim of identity theft (IDT) they can consider filing an Identity Theft Affidavit with the IRS (Form 14039/Form 14039SP) which is available online at IRS.gov (keyword identity theft). If the customer requests assistance in completing Form 14039, you can help the customer navigate to the form. If asked about mailing address or fax number, advise the caller to follow guidance in Form 14039 instructions. Advise the customer to wait 90 days before contacting the Identity Protection Specialized Unit (IPSU).

    Note:

    If it’s determined there are multiple individuals with the same name that share mailing address, make sure to only disable the impacted user’s account.

  4. Access the Secure Access Authentication System and disable the account using the steps in Figure 3.42.8-1 below:

    Figure 3.42.8-2

    Steps to View/Enable/Disable Online Services Account
    1. Select Enable/Disable User tab
    2. Select eAuth Admin Tool
    3. Select Enable/Disable User tab again
    4. Select drop down to search/view user by SSN (no dash 123456789), Name (all upper case FIRST LAST), Login ID or e-mail address
    5. Once user information is displayed, click on "Select" to proceed.

    Note:

    If no user information is displayed, inform the customer that the account does not exist.

    6. Select Enable or Disable
    7. In the Comments section, manually enter the following then click Submit:
    • Date of contact

    • Interaction number

    • Notate the caller’s phone number. If the caller will not provide one, notate phone number not provided.

    Note:

    Do not use the drop-down menu in the OSA system to enter the reason for the call.

  5. Enter TC 971 AC 522 using IDRS Command Code REQ77 in customer’s individual account when disabling the online account (OLA) due to possible Identity Theft or customer stating they did not request an online account. Include the following reason codes in the Miscellaneous field when entering TC 971 or TC 972:

    • WI EPSS DISABLE - Use when entering TC 971 AC 522.

    • PPDS OPIP IRSERR - Use when entering a TC 972 to reverse a TC 971 entered in error.

    • PPDS OPIP NOIDT - Use when entering a TC 972 to reverse a TC 971 previously input by EPSS and caller is now stating they were not a victim of identity theft.

    Note:

    Use the date of the CP 301 for the secondary date if known or use the previous day of the account disable.

  6. Before closing the Interaction, you must select the appropriate disable problem type and enter the required information in e-help Support System (EHSS).

  7. The customer may deactivate their IRS account through the ‘Update Security Profile’ link after logging in. The customer can also change their Username, email address, phone number, password, site image, and site phrase using this link.

  8. First time and returning users who have concerns about identity theft (IDT) or unauthorized access to their data are able to self-lock or disable their OLA using the Lock or Disable Your Account link on the sign in screen. Customers will be required to authenticate by answering questions used to establish an OLA to use this feature. Once an account is disabled, a customer cannot re-register or access any of the associated applications.

Enable Account

  1. To enable an online account (OLA), follow the steps in Figure 3.42.8-1.

    Caution:

    The customer must pass HRA before you enable their OLA account.

Previously Disabled Account

  1. Customers who successfully complete authentication and lock/disable their account cannot re-enable access to their online account (OLA) account at this time. You will need to enable the customer's account in this situation.

  2. The customer will receive a message to contact us when they attempt to login to an account that was previously manually disabled by EPSS. The account must be manually enabled, and the user has to re-register.

  3. Customers who were impacted by the Get Transcript or other IRS Incidents may not be able to establish an OLA. If the caller indicates they received a letter regarding the Incident, access the Secure Access Authentication System and follow the steps above to check the status of the account by viewing the comments section. If the comments show a “bulk disable message” do not enable the account. Inform the caller their online account was locked for their protection and they can’t register for an online account at this time. Reassure them their account is protected from any further suspicious activity. Provide the customer with an alternative online and/or telephone resource depending on the product they need.

Technical Problems

  1. If the customer receives a "Technical Difficulties" message which is preventing them from successfully resetting their password or updating their profile, document which error message the customer is receiving. Advise the customer to try again later and if needed, provide the appropriate referral information based on the product they need.

Problems with Accessibility Software

  1. If customer states they’re having trouble with their accessibility (508) software (software designed to enhance access to technology for people with disabilities e.g., Dragon, Text, etc.) interfacing with the Secure Access Authentication application:

    1. Document Interaction with customer’s first and last name, phone number (with time zone), Username, and indicate which software the customer is using and any details the customer can provide.

    2. Escalate Interaction to Incident and assign to e-Services Technical Level 2 Provider Group.

Secure Access Digital Identity (SADI) for Taxpayer

  1. Secure Access Digital Identity (SADI) is the new modernized identity proofing and authentication solution for public facing Internal Revenue Service (IRS) applications. This solution will eventually replace the existing Secure Access Authentication (SAA)/eAuthentication (eAuth). There will be an overlapping period where both systems will be active. The first application will be deployed behind SADI on June 20, 2021.

  2. With the rollout of SADI, the IRS will no longer be the organization that provides ID proofing and authentication services. This process will be handled by Credential Service Providers (CSPs). CSPs are third parties that will provide the ID proofing/authentication services and the login credentials for the SADI process.

  3. When a user creates an account through the CSP, the system will generate a CP 303, Your Secure Access Acknowledgement Notice. The CP 303 is the same as CP 301, Online Services eAuthentication Acknowledgement Notice, generated by the SAA/eAuthentication system.

  4. EPSS provides limited support for the following Secure Access Digital Identity related issues for inquiries received after the initial account creation:

    • Customer believes they did not create account

    • Customer needs account restricted/un-restricted (enabled)

      Note:

      All other taxpayer related SADI issues are out of scope. See IRM 21.2.1.58.2, Secure Access Digital Identity (SADI).

  5. The taxpayer can designate a representative to act for them in unrestricting (enabling) or restricting the taxpayers’ SADI Account by submitting a Form 2848. On the form, the taxpayer must indicate specific-use and indicate "Restrict SADI Account" or "Un-Restrict/Enable SADI Account" in the “Matter” column (tax form/years would be marked as “N/A”).

  6. Follow all EPSS procedures for Interaction/Incident creation, solutions and authentication found in IRM 3.42.7.

Restricting an Account

  1. Differences in security requirements for the online applications will result in different customer experiences. The customer will receive a CP 303 indicating an account has been created to login to the various online systems.

  2. Explain the letter they received is related to requesting an IRS online account. Ask the customer if they recall creating an online account. If the customer recalls creating an online account, close Interaction.

  3. If the customer does not recall registering or requests their account be disabled, advise the customer you will restrict their account.

    • If asked about how this account could have been used, explain we do not have the capability to research historical records associated with an online product.

    • If the caller is concerned they may be a victim of identity theft (IDT) they can consider filing an Identity Theft Affidavit with the IRS (Form 14039/Form 14039SP) which is available online at IRS.gov (keyword: identity theft). If the customer requests assistance in completing Form 14039, you can help the customer navigate to the form. If asked about the mailing address or fax number, advise the caller to follow the guidance in Form 14039 instructions. Advise the customer to wait 90 days before contacting the Identity Protection Specialized Unit (IPSU).

  4. Access the Secure Access Digital Identity (SADI) Admin Console and restrict the account using the steps in Figure 3.42.8-2 below:

    Figure 3.42.8-3

    Steps to Restrict an IRS Online Account using the SADI ADMIN Console
    1. On the SADI Admin Screen, access the drop-down menu to select the search criteria then enter the identifying information:
    • TIN XXXXXXXXX or XXX-XX-XXXX,

    • Last Name, First Name (Smith, John),

    • Universally Unique Identifier (UUID)

    • Email Address

    2. To view the user’s account, select "View Details"
    3. Once in the user’s account, expand the "Restrictions" section and click on "Apply a Restriction"
    4. Complete the required fields:

    Note:

    The TIN field will be pre-populated and grayed out.

    • Reason: Drop down list of all available restrictions. Select the restriction that applies to the customer’s needs.

    • Admin Comments:

      • Date of Contact

      • Interaction number

      • Notate the caller’s phone number. If the caller will not provide one, notate phone number not provided.

    5. Click Submit. The system will show a message at the top of the Account Details page confirming the restriction has been added. "Account Status" will then change to "Restricted" .

  5. Enter TC 971 AC 522 using IDRS Command Code REQ77 in customer’s individual account when restricting an online account due to possible Identity Theft or customer stating they did not request an online account. Include the following reason codes in the Miscellaneous field when entering TC 971 or TC 972:

    • WI EPSS Disable – Use when entering TC 971 AC 522.

    • PPDS OPIP IRSERR – Use when entering a TC 972 to reverse a TC 971 in error.

    • PPDS OPIP NOIDT – Use when entering a TC 972 to reverse a TC 971 previously input by EPSS and caller is now stating they were not a victim of identity theft.

      Note:

      Use the date of the CP 303 for the secondary date if known or use the previous day of the account disable.

  6. Before closing the Interaction, you must select the appropriate restriction reason code problem type.

Un-Restricting (Enabling) an Account

  1. A customer may contact the IRS to have their account un-restricted (enabled). If the customer would like their account un-restricted (enabled) complete High-Risk Authentication. Follow Guidance in IRM 3.42.7.14.5.7, Authentication/Authorization for Secure Access Authentication and for Secure Access Digital Identity.

  2. Access the Secure Access Digital Identity (SADI) Admin Console and un-restrict (enable) the account using the steps in Figure 3.42.8-3 below:

    Figure 3.42.8-4

    Steps to Un-restrict (Enable) an IRS Online Account using the SADI ADMIN Console
    1. On the SADI Admin Screen, access the drop-down menu to select the search criteria then enter the identifying information:
    • TIN XXXXXXXXX or XXX-XX-XXXX,

    • Last Name, First Name (Smith, John),

    • Unique Identifier (UUID)

    • Email Address

    2. To view the user’s account, select "View Details"
    3. Once in the user’s account, expand the "Restrictions" section and click on "Remove Restriction" if the option is available.

    Note:

    If the option to "Remove Restriction" is not next to the restriction, it cannot be removed by a Level 1 assistor.

    4. Complete the required fields:
    • Admin Comments:

      • Date of Contact

      • Interaction number

      • Notate the caller’s phone number. If the caller will not provide one, notate phone number not provided.

    5. Click Submit. The system will show a message at the top of the Account Details page confirming the restriction has been removed. "Account Status" will then change to "Active" .

E-Services

  1. E-Services is available 24 hours a day, 7 days a week from any computer with an Internet connection. The e-help Desk assistors must provide quality service to external customers who encounter problems or need information about e-Services.

  2. The e-help Desk assistors provide support for the following e-Services products:

    • IRS e-file Application - permits users to submit a new or revised IRS e-file Application to become an Authorized IRS e-file Provider and to update their application as needed. See IRM 3.42.10, Authorized IRS e-file Providers, for information on adding a new location, closing an office, etc.

    • Taxpayer Identification Number (TIN) Matching Application - allows payers of income subject to backup withholding to apply for the TIN Matching Program.

    • TIN Matching Program - allows authorized users to match TINs and names directly against IRS records.

    • Transcript Delivery System (TDS) - allows users to electronically request and receive transcripts, wage and income documents for a taxpayer's account, and verification of non-filing. Tax preparers using TDS must have an unmodified Power of Attorney (POA) on file.

  3. Products and Services Support (PSS) is responsible for the e-Services Technical Level 2 Provider Group and works e-Services issues that the e-help Desk cannot resolve on first contact.

    Reminder:

    Document the Interaction per IRM 3.42.7.6.8.1, Writing Descriptions for Level 2, when escalating to e-Services Technical Level 2. Escalate the interaction to obtain an Incident Management (IM) case number and provide the IM case number to the customer.

Accessing E-Services

  1. The e-Services system is fully compatible with Internet Explorer versions 9.0 and above. Users may experience problems with pages not populating correctly when using other browsers.

  2. Employees access e-Services via the Employee User Portal (EUP).

  3. Customers access e-Services via the Integrated Enterprise Portal (IEP). Access e-Services applications by one of the following:

    • www.irs.gov > "Tax Pros" > "Access e-Services" button > select application

    • www.irs.gov > Keyword search "e-Services" > "e-Services" > select application

Employee User Portal (EUP)
  1. The Employee User Portal (EUP) is a Web hosting infrastructure. It supports an Intranet portal that allows IRS employees to access business applications and data [e.g., e-Services and Modernized e-file (MeF)]. The EUP communicates with MeF via Application Message and Data Access Service (AMDAS). The EUP infrastructure is located on the IRS Intranet.

  2. Employee registration and authentication is required for the EUP. An OL5081 is not required for EUP access but is required for access to individual applications within EUP. To access the EUP, you will need the following information:

    • Standard Employee Identifier (SEID). If you do not know your SEID, locate it using the Discovery Directory at http://discovery.directory.enterprise.irs.gov/discovery/.

    • Appropriate e-Services roles. Obtain these from your manager. Request the roles through the Online 5081 at https://ol5081.enterprise.irs.gov/.

Integrated Enterprise Portal (IEP)
  1. The IRS Integrated Enterprise Portal (IEP) (previously referred to as "Registered User Portal (RUP)" ) allows registered individuals, third-party users and self-authenticated individual taxpayers access to selected specific tax information and other sensitive applications and data. User interactions are encrypted from the user's workstation or system to the portal. The IEP also supports the exchange of bulk files of information with the IRS. The IEP communicates with the backend modernization application system.

Clear Cache
  1. Customers may receive an error such as "URL not found" , "Target not found" or "Response empty" when accessing and using e-Services because they need to clear their cache. Recommend the customer do the following:

    • completely close their web browser, clear the cache, and sign in again

    • set www.irs.gov as their only shortcut/favorite

    • get to login page by clicking on Tax Professionals and then e-Services for Tax Pros or searching using "e-Services" to get to the e-Services for Tax Pros link

  2. If the customer does not know how to clear the cache, determine which version of Internet Explorer (IE) the customer is using and provide the following assistance. E-Services will only support Internet Explorer (IE) 9.0 and above.

  3. For Internet Explorer (IE) 9.0 or above:

    • Go to Tools

    • Select Internet Options

    • Under Browsing History, select Delete. Make sure the Preserve Favorites Web site data check box is not checked, and the Temporary Internet Files and Cookies check boxes are both checked.

    • Click OK

    • Close and reopen the browser

Secure Access Authentication for Tax Professionals

  1. Secure Access Authentication (SAA) is the first step to access e-Services products. New and existing users must complete the SAA process by creating an online account using personal information before they can access e-Services https://www.irs.gov/e-services.

  2. Offer the following alternatives when a new user cannot pass authentication:

    1. Paper returns may be filed. EROs required to file electronically must attach Form 8948, Preparer Explanation for Not Filing Electronically, to paper filed return. Form 8944, Preparer e-file Hardship Waiver Request, is not required. This qualifies as an administrative exemption; therefore, Form 8944 should not be filed. Large Taxpayers mandated to electronically file must file the appropriate e-file waiver.

    2. For transcript alternatives, refer caller to irs.gov, search "transcripts" .

  3. Existing e-Services users (users with active accounts or inactive accounts and associated to an active application) will use their existing username to login as a returning user. Users will be required to:

    • Complete the Secure Access Authentication process (re-register) and pass basic ID proofing, financial verification, and mobile phone validation (or have ability to receive activation code by mail).

    • Change their password. Users must keep their existing username.

    • Create a site image and phrase.

    Existing e-Services users who have not completed the Secure Access Authentication process in eAuthentication cannot recover their username. If they do not remember the username, their username will be pre-populated when they create their user profile. Existing e-Services users aren’t required to create a new PIN or modify their existing PIN. Existing e-Services customers who cannot pass the Secure Access Authentication process may qualify for an exception process, see IRM 3.42.8.7.2, Exception Process.

  4. To become a registered user, the customer must provide personal information to establish their identity. The user must pass:

    • Basic Identity (ID) Proofing

    • Financial Verification

    • Mobile Phone Validation including Activation Code by mail

    The user will finish by creating a profile by selecting the following:
    • Username

    • Password

    • Site Phrase

    • Site Image

    Note:

    Some users may be prompted to update their username if it does not meet Secure Access username validation criteria.

  5. To successfully verify their identity, first time users will need the following:

    • Readily available email address.

    • Legal Name**.

    • Taxpayer Identification Number (Social Security Number (SSN) or Individual Taxpayer Identification number (ITIN))**, taxpayers on a joint account should use their own SSN and financial information.

    • Date of Birth (DOB)**.

    • Filing status and address (from their most recently filed tax return, unless a non-filer then they should enter their current address) and

    • Active account number from one of the financial services listed in (6) below.

    • U.S. based text enabled mobile phone linked to their name or ability to receive an activation code by mail.

    **Verified using Social Security Administration (SSA) and/or IRS records

    Note:

    Due to system limitations, customers with a foreign address may be unable to successfully register online and should be instructed to use the alternative options.

  6. An acceptable financial service account number includes one of the following:

    • Last 8 digits from a credit card (no American Express, Barclay, debit or corporate cards)

    • Auto loan account number

    • Mortgage or home equity account number

    • Home Equity Line of Credit (HELOC) account number

    • Student loan account number (Unable to verify Nelnet student loan accounts)

  7. A foreign individual with a SSN or ITIN may not meet all the above requirements; and therefore, may not be able to successfully create a Secure Access account. If they can’t pass Secure Access Authentication (SAA), inform the caller they can use a third-party to process returns electronically. Advise them to check the e-Services landing page for updates.

  8. If user calls and requests their account be disabled, follow steps in IRM 3.42.8.4.5 (4), Disable Account.

    Note:

    Once the account is disabled, the user will not be able to access e-Services.

Recertification

  1. A Secure Access user who is inactive in the system for two years or more is required to complete recertification.

Exception Processing

  1. An exception process may be available for new and existing e-Services users who cannot pass Secure Access Authentication. This exception process allows you to manually authenticate a user when they can’t pass the online requirements (financial verification or mobile phone validation).

  2. Assistors should determine the point of failure for the customer and always try to resolve the issue before completing the exception process. For example, If the customer is unable to pass the phone validation, advise the caller to request the activation code by mail.

Existing E-Services Users
  1. This exception process provides most existing users an alternative path to pass the authentication process and continue to use e-Services products. Once authenticated, to pass the exception process, they must meet the trusted customer criteria and pass High-Risk Authentication (HRA).

    Note:

    You are required to use the EPSS Authentication and Authorization Job Aid prior to determining trusted customer criteria.

  2. After authenticating the caller, you must complete two required steps before you can manually complete the caller’s Secure Access Authentication process.

  3. The first step is determining if the caller is a trusted customer by verifying the caller is listed on an e-Services application in an authorized role of Principal, Responsible Official, Delegated User or Affordable Care Act (ACA) Contact or ACA Responsible Official.

    Figure 3.42.8-5

    If caller is ... Then ...
    Electronic Return Originator (ERO), Transmitter, Large Taxpayer or Software Developer
    • Research the e-file application to determine the Provider Status is accepted for one or more years and Electronic Filing Identification Number (EFIN) status is active.

    • Research EFIN status page to determine if at least one accepted IMF or BMF return was filed.

      Note:

      Software Developer with no returns filed must have passed software testing within the last two years.

    • Special Circumstances

      • If the customer closed their office in error, use their previous status to determine if the caller is a trusted customer

      • If the customer had to submit a new application because of business structure, you may use the previous EFIN to determine their provider status and return filing history. For the new application, the EFIN must be active and the provider status must be accepted or applied. If the caller’s EFIN was compromised, assign a new active EFIN and determine if all other trusted customer criteria is met.

    Circular 230 Participant
    • Research the e-file application to determine the Provider Status is accepted for one or more years and EFIN status is active.

    • Verify credentials for Circular 230 Participants:

      1. Certified Public Accountant (CPA) search: CPA Verify https://www.cpaverify.org/

      2. Attorney search: PublicRecordCenter.com http://www.publicrecordcenter.com/lawyers.htm

        Note:

        Enrolled Agents (EA) are verified systemically.

    For ACA (TCC) Issuer, Transmitter or Software Developer.
    • Research the ACA Application for TCC to determine the TCC is active.

    • Research the Affordable Care Act Information Returns (AIR) Management Console (AMC) to determine if at least one AIR transmission has been accepted, accepted with errors, or partially accepted.

    • Research the ACA Application for TCC to verify that the Software Developer has passed testing.

    For State (TDS and/or EFIN)
    • Verify the caller has an application on file.

      Note:

      These users are credentialed by the state and covered by Memorandum of Understanding (MOU).

    Income Verification Express (IVES) User
    • Research IVES application to verify participant number.

    TIN Matching User
    • Verify the caller is listed as a Principal, Responsible Official, Delegated user or Authorized Agent on the TIN Matching Application by researching TIN Matching Application (EUP>eserv-ESAM-Applications> Search TIN Matching Application.)

    1. If the caller meets Trusted Customer Criteria, continue to High-Risk Authentication.

    2. If the caller does not meet Trusted Customer Criteria, refer to the Taxpayer Assistance Center (TAC) appointment line to make an appointment to visit a TAC for in-person identity proofing. Follow TAC Referral Procedures in IRM 3.42.8.6.2.4 .

  4. The second step is "Use the EPSS Authentication and Authorization Job Aid to perform High-Risk Authentication (HRA)" .

    Note:

    The caller must pass the trusted customer criteria before HRA is performed.

    1. Follow the guidance in the table below:

      If HRA is Then ...
      "Met" Create the user’s profile by entering the following information in the eAuthentication module:
      • TIN

      • Name

      • Address

      • Filing Status

      • Date of Birth

      • Email address - User will receive a temporary password via email.

      • Temporary Site Image/Name

      Mail activation code to caller.
      "Not Met" Refer caller to the Taxpayer Assistance Center (TAC) appointment line to make an appointment to visit a TAC for in-person identity proofing. Follow TAC Referral Procedures in IRM 3.42.8.6.2.4 .

  5. If the caller does not qualify for exception processing, for example a foreign user, advise the caller of the following:

    • They cannot have access to e-Services.

    • They can use a third-party to transmit returns electronically.

    • Paper returns may be filed.

      Note:

      EROs required to file electronically must attach Form 8948, Preparer Explanation for Not Filing Electronically, to paper filed return. Form 8944, Preparer e-file Hardship Waiver Request, is not required and should not be filed as this qualifies as an administrative exemption.

    • Large Taxpayers or ACA filers mandated to file electronically must file their return(s) using an approved e-file provider.

    • For transcript alternatives, refer caller to irs.gov search "transcripts"

New E-Services Users
  1. The user exception process allows individuals to authenticate at a TAC when they can’t pass the online SAA process (ID proofing, Financial Verification or Mobile Phone Validation).

  2. Assistors should determine the SAA point of failure for the customer and always try and resolve the issue before completing the exception process. For example, if the customer is unable to pass the phone validation, advise the caller to request the activation code by mail.

  3. Determine if the customer is an existing e-Services user using IRM 3.42.8.6.2.1 before completing the user exception process. Follow Exception Processing for Existing e-Services Users if applicable.

    • While you have the caller on the phone, make sure they have access to their email and have their return information to complete HRA. If they don’t have that information advise them to call back. Do not refer them to the TAC or update ENMOD.

    • Ensure caller’s address matches Integrated Data Retrieval System (IDRS) CC INOLES. If the address is different, the caller must complete Form 8822, Change of Address, and wait for the change to take place (up to six weeks) before they can complete the exception process.

    Note:

    If the caller files a joint return and that address is not reflected on the secondary taxpayer’s account on CC INOLES, refer the caller to Accounts Management (800-829-1040) to have the secondary taxpayer’s address corrected.

  4. Complete the following steps to exception process a new user:

    1. Research Online Services Administration (OSA) to determine if the caller already has an existing e-Services flag (eSvc) in OSA.

    2. Use the EPSS Authentication and Authorization Job Aid to perform High-Risk Authentication (HRA). If caller does not pass HRA advise the caller of alternatives, otherwise continue.

    3. Refer the caller to the Taxpayer Assistance Center (TAC) to complete ID proofing. Follow TAC Referral Procedures in IRM 3.42.8.7.10, Taxpayer Assistance Center (TAC) Exception Processing Support.

  5. Once the caller has completed the TAC process and called back, complete the following:

    • Access OSA to complete their SAA profile:

      1. Click on System

      2. Click on Manage Users

      3. Click on eAuth Send Confirmation Code for e-Services (new user)

      • Ask the caller for his/her First Name, Last Name, SSN/ITIN, and email address, and enter it into the fields. Enter the SSN/ITIN (no hyphens) and email address twice to confirm they’re entered accurately

      • Click submit to email the confirmation code to the address provided

      • If an error is returned because the user has already attempted an account under the SSN, then send the confirmation code using: eAuth Send Confirmation Code for eServices.

        Click on EAuth Create User for eServices:

        • Search by TIN without hyphens and click select

        • Have the caller read the confirmation code from their email and verify this against the email confirmation code field

        • Once the confirmation code has been verified, complete all the necessary fields. If the caller previously completed some of the SAA process some fields may be pre-populated

        1. Login ID - A username must be created. Ask the user to create one according to the rules (between 8-10 characters long; it cannot be an email address, SSN, or contain a space or special character); you may then enter it into the Login ID field. Upon successful submission, it becomes their permanent Login ID. If the username is already in use the system will return an error message and the user will need to select another username

        2. Username - If the username pre-populates, you may need to remove unneeded spaces at the end of the username or retype the username before the system will accept the username

        3. Password and Password Confirm - This is only a temporary password, examples: Password1!, Abcd123!, Greatday17!

        4. First and Last Name - As it is on their last tax return.

        5. Date of Birth - must be in yyyymmdd format

        6. Address - The address must match what is on IDRS INOLES. If it does not, the caller must complete Form 8822, Change of Address, and wait for it to process up to 6 weeks before they can exception process.

        7. Level of Assurance - Select F from the drop down

          Reminder:

          This step is important and can cause the user to need to re-register if the field is not updated to F.

        8. Email Address - This field should pre-populate but if it does not the assistor will need to complete

        9. Mobile Phone - Should be left blank

        10. Site Phrase - 5 character minimum, the assistor will request this information from the caller

        • Click submit. A CP 301 with an activation code should arrive within 15 business days. The caller will need to enter this code in the system to complete their profile.

  6. Advise caller of the following:

    • Sign into SAA and change the temporary password. Assistor should attempt to have the caller change the password during the call. If the user is unable to change the password and locks the account or is unable to update the password, advise the caller to wait 24 hours to update the password.

    • Once the Activation Code is received, the caller will need to sign in to complete the Secure Access Process. This includes registering the mobile phone, using Voice One Time Password (Voice OTP) or downloading the IRS2Go app to receive their recurring security code.

    • Advise the caller they need to wait 15 business days before contacting us if they did not receive their Activation Code by mail.

Taxpayer Assistance Center (TAC) Exception Processing Support
  1. Taxpayer Assistance Center (TAC) employees provide in person identity proofing for individuals registering or re-registering for e-Services. TAC employees assist individuals referred by EPSS who cannot successfully register for an e-Services Secure Access Account.

  2. To refer an e-Services user to the TAC, complete the following:

    • Open an IDRS Control Base on ENMOD using EPSS_SAA activity code and update the control base with "SENTTOTAC" .

      Note:

      Do not update a previously opened ENMOD control base (i.e., from the Revalidation project (Letter 5903).

    • If the caller has not tried to complete the online Secure Access process, have them try before making an appointment with the TAC.

      Refer domestic callers to the TAC Appointment Line at 844-545-5640 to make an appointment. Inform the caller of the following:

      • The caller must tell the TAC representative they were referred to make an appointment because they were unable to verify their identity for Secure Access Authentication (e-Services).

      • The caller must bring a government-issued photo ID and Social Security Card or an original or certified embossed birth certificate to the appointment.

      • After completing the in-person ID proofing at the TAC, the caller must call the e-help Desk again to complete their profile. They must have their ID proofing documents readily available when they call back.

    • For international callers who cannot complete their Secure Access Authentication account, provide them with the alternatives based on the product they’re accessing.

  3. After successfully identity proofing a customer for e-Services, TAC personnel will document the action in Accounts Management Services (AMS) as a history item with the following information:

    • E-Services Identity Proofed

    • The type of identification presented and the last 4 digits of the ID number from one form of identification

    • Date the identity proofing was completed

    The TAC will then advise the customer to contact the e-help Desk toll free at 888-841-4648 for assistance in establishing their Secure Access account profile.

  4. When the caller contacts us after they’ve ID Proofed with the TAC, complete the following:

    • Use AMS Narrative History Item to compare TAC comments/documentation used to ID proof customer. Follow the guidance below to determine if the caller completed TAC Validation.

    • If the narrative states "e-Services Identity Proofed" , verify the last four digits of the customer’s ID they used to ID proof. After verifying, complete the caller’s profile. Close the IDRS EPSS_SAA Control Base on ENMOD with "TACPASSED" activity code.

    • If there is no ID number entered in AMS and the caller went to the TAC within the last 30 days, verify the city and state of the TAC location they visited. After verifying, complete the caller’s profile. Close the IDRS EPSS_SAA Control Base on ENMOD with "TACPASSED" activity code.

    • If customer states they completed ID Proofing and there are no comments in AMS, document the username, date of TAC visit, TAC office and location and escalate the interaction to an incident, provide incident number to the caller and assign to SAA Tax Pro provider group.

TAC Referral Procedures
  1. Complete the following to refer a caller to the TAC:

    1. Open an IDRS Control Base on ENMOD using EPSS SAA activity code and then update the control base with SENTTOTAC. Follow guidance in the Secure Access Authentication Desk Guide.http://serp.enterprise.irs.gov/databases/portals.dr/epss/secure-access-authentication/secure-access-authentication-desk-guide.pdf.

    2. If the caller has not attempted to complete the online Secure Access process, suggest they attempt this process before making an appointment with the TAC. If they’re successful, the caller will not need to go to the TAC.

    3. For domestic calls, refer to the TAC Appointment Line at 844-545-5640 to make an appointment.

      Note:

      Inform the caller they must bring a government issued picture ID and Social Security card or an original or certified embossed birth certificate.

Secure Access Account Creation Issues

  1. Some e-Services customers request assistance because they have been unsuccessful completing the process on their own. Be aware of lockout conditions and associated timeframes when assisting customers with their issues, see Figure 3.42.8-5 below.

  2. If the customer is having difficulty passing basic ID proofing, verify the customers SSN/ITIN, name, and DOB using command code INOLES. If the SSN, name, and/or the DOB of the customer do NOT match the information the customer provides, advise the customer to contact the Social Security Administration at 800-772-1213 to resolve the discrepancy.

    Note:

    Do NOT tell them what information is showing on the system.

    The filing status and address must match their most recent tax return. If their tax return was recently filed:
    • For e-filed returns: The caller should wait at least two weeks after they have received acknowledgement of an Accepted Return.

    • For paper filed returns: The caller should wait at least six weeks after they have mailed their return.

      Note:

      If the system doesn't match the address they entered, advise the user to try using their old or new address instead.

  3. If the customer does not receive their email confirmation, advise the customer to check their spam or junk folder. If needed, provide the caller with the email address IRS.online.services@irs.gov so they can have it removed as spam. The caller may need to contact their service provider or use an alternate email address. The confirmation code is only valid for 24 hours. If the 24-hour timeframe elapses, advise the user to click on the link try resending the email. Remind the caller they should not close the browser window. If needed, they should open their browser page, or tab to receive email. If they closed their browser, they will need to start the process over.

  4. The caller may have trouble passing financial verification because their credit report contains little or no information about them. If they have one of the required pieces of financial information and they can’t pass validation, advise them to try a different account number if they have one. If they continue to have trouble, advise the caller to contact the credit bureau to correct the information. If the caller is using a debit card, corporate card, Barclay card, American Express card or Nelnet Student loan account, advise the caller to use another financial account; the IRS is currently unable to verify these types of cards or accounts.

  5. The caller may have trouble validating their mobile phone. Advise the caller that a text-enabled U.S. based mobile phone is required for the SAA process. Their name must be associated with the mobile phone account. Landlines, Skype, Google Voice, or similar virtual phones will not work. Participating carriers include AT&T, T-Mobile, Verizon Wireless, Sprint, Boost, U.S. Cellular, MetroPCS, Virgin Mobile, and Cricket. During the initial SAA process, the six-digit activation code is received by text and is only valid for 15 minutes. If the code was not received or the 15-minute timeframe has elapsed, advise the customer to click the "Try Again" link to resend a new activation code. Callers cannot copy and paste activation codes into the system. If caller does not receive the activation code by text it’s possible the mobile phone wasn’t verified with the caller’s name. After two attempts of requesting the activation code, the user will be prompted to request the activation code by mail. If unable to complete in a one-time session or the caller does not have a text enabled mobile phone in their name:

    • The caller may choose the alternative verification option of "activation code by mail" . The code can take 15 business days to arrive. The activation code is valid for 30 days.

    • A text enabled mobile phone, Voice One Time Password (Voice OTP) or the IRS2Go app is still needed for the recurring security code. This security code is needed for the login process.

  6. To receive the recurring security code, users will choose one of the following:

    • Mobile phone - The caller may register a U.S. based mobile phone (not in their name) that is text enabled so they can receive the recurring security code. Users who have successfully registered for e-Services will receive a six-digit security code, via text message each time they log into e-Services. The code is only valid for 15 minutes. If the code was not received or the 15-minute timeframe has elapsed, advise the customer to click the "Try Again" link to resend a new security code. Requesting the security code multiple times may cause a lockout.

    • IRS2Go Application - The caller must select "Set up a security code using IRS2Go mobile app instead" on the "Add your mobile phone number" screen in Secure Access and download the IRS2Go mobile app. In the App, have user click on the "Security Option" and enter their username and key from the SAA page and click "Add" . A security Code will generate every 60 seconds and the caller will need to enter the code into the Secure Access Screen. This synchronizes the mobile app and system together. Once IRS2Go is configured, the mobile device does not require data or an Internet connection. Only one user per device is allowed.

    • Voice OTP - Users who have successfully registered for e-Services and selected Voice OTP for the recurring security code, will receive a six-digit security code via voice message each time they log into e-Services. The code is only valid for 15 minutes. If the code was not received or the 15-minute timeframe has elapsed, advise the customer to click the "Try Again" link to resend a new security code. Requesting the security code multiple times may cause a lockout.

      Note:

      Currently the Voice OTP is not fully implemented in Secure Access and the system will send a recurring security code by text message. The user can still request the Voice OTP recurring security code but the user is required to select the link for Voice OTP within Secure Access at each login attempt.

  7. If the customer requested but did not receive their activation code by mail and it has been more than 15 business days since they created their account, advise the caller the activation code is mailed to their address of record. If the user has moved and has not notified the IRS of their address change, they can submit Form 8822, Change of Address; however, they will need to wait until the address change has been updated (up to six weeks) before they request a new activation code. If the customer’s address has not changed, advise the user to request a new activation code. When the user clicks the link to request a new activation code, the old activation code is disabled. The user will need to create their user profile after entering the six-digit activation code by text or after they request mailing of the activation code. Failure to create their user profile will result in the customer not being able to login when the activation code arrives by mail.

  8. If the caller has an "x" for a site image and a ‘blank’ site phrase, after entering their username, it means the caller did not complete their profile. Advise the caller to re-register. They will need to request a new activation code. Advise the caller to create their profile before exiting.

  9. Multiple attempts to complete the steps above may cause the user to lock their SAA account, see Figure 3.42.8-5 for lockout conditions and timeframes.

    Figure 3.42.8-6

    Step Attempts Lockout Period System
    Unsuccessful Login Attempts 3 24 hours eAuth
    Text Activation Code 3 24 hours eAuth
    Request Activation Code by Mail 5 Rolling 12 months (12 months from last attempt) eAuth
    Basic ID Proofing Integrated Customer Communication Environment (ICCE) 3 24 hours eAuth
    Financial Verification Lockout 3 24 hours eAuth

    Note:

    Lockout periods apply to all online accounts.

Invalid Username or Password

  1. The customer may have trouble selecting a username or password and receive a message that states, The Username or Password is not valid.

    Note:

    Existing e-Services users who have an e-Services account and have not completed the Secure Access Authentication process cannot recover their username. If they don’t remember the username, their usernamepre-populates when they create their user profile.

  2. If caller receives the error message "Username cannot contain a space, an @ sign or a Social Security Number" , escalate to an incident, provide the incident number to the caller and assign to the e-Services Technical Level 2 provider group.

  3. See IRM 3.42.8.7.8, Username Rules/Inquiries, and IRM 3.42.8.7.7, Password Rules/Inquiries, for username and password rules.

Modify an Existing Password

  1. If the caller wants to update their existing password, they need to

    • Go to IRS.gov > Keyword "Get Transcript" > "Welcome to Get Transcript" > click "Get Transcript Online" . This will redirect them to the Get Transcript system.

    • Sign into the system and click the Profile link.

    • Enter their existing password, then enter a new password and then re-enter the new password.

    • Click on the update button to save changes.

      Note:

      If the user receives an error when modifying the password, have them try inputting a new password.

Update Profile

  1. If the caller would like to update their profile or add/remove IRS2GO to receive the recurring security code, explain the following:

    • Go to irs.gov > Keyword Get Transcript > Welcome to Get Transcript > Get Transcript Online

    • This will redirect them to the Get Transcript system where they can sign into the system to see the Profile link

      Note:

      Explain to the caller when IRS2Go is set up, it becomes the default method for the security code.

  2. The user can update the following profile settings:

    • email address

    • mobile phone number for recurring security code

    • site image

    • site phrase

    • password

    The user will receive an email notifying them of the profile change.

    Note:

    If the caller needs to make changes to their name, they must re-register.

Password Rules/Inquiries

  1. The password must meet the following requirements:

    • Between 8 and 20 characters

    • Is case sensitive

    • Must contain at least one numeric and one special character (excluded characters are the colon, semi colon, single quote, quotations, less than, greater than, period, question mark, parenthesis, slash and brackets)

    • Must have at least one uppercase and at least one lowercase letter

    • Must enter password twice

  2. Assistors cannot obtain the caller’s password. Advise the user to click the forgot password link. They must provide their date of birth. The system sends a temporary password to their email address. The user must change the password at login. If the customer cannot access the email account they used to create their Secure Access online account, they must complete the process again as a new user. The system generates an email to the user notifying them of the password change. If the customer fails three times, they system locks their account for 24 hours. For additional lockout conditions, see Figure 3.42.8-3 Lockout Conditions in IRM 3.42.8.5.3, Secure Access Account Creation Issues.

    Note:

    There are no limitations to using previous passwords.

Username Rules/Inquiries

  1. The username must meet the following requirements:

    • Must be between 8 and 10 characters

      Note:

      Other SAA applications can use between 8-24 characters. If the caller has an existing SAA profile for another product and the username is over 10 characters, the system will prompt them to change their username.

    • Cannot be an email address

    • Cannot be the user’s TIN

    • Cannot contain a space or a special character (!@#$%"&")

    • Must be a unique username; it can’t be the same as another user’s username.

  2. Assistors will not provide the customer’s username. The user will need to click the forgot username link. The user can only recover their username if they completed the Secure Authentication Authorization process. The user will need to provide:

    • Their email address as listed on their SAA profile

    • The last four digits of their TIN

  3. The IRS will send the username to their email address. If the customer cannot remember or access the email account they used to register, they must click on the re-register link and complete the registration process again.

E-Services Error Codes

  1. If e-Services User is receiving an error code 114, assign incident to e-Services Technical Level 2 Provider Group.

  2. If e-Services User, is trying to complete the Terms of Service (TOS) and the page is not appearing, the page is looping or the page takes the user straight back to the e-Services page on irs.gov without offering the user a chance to sign the TOS, assign incident to e-Services Technical Level 2 Provider Group.

Taxpayer Identification Number (TIN) Matching

  1. The e-Services TIN Matching Program is intended to assist those members of the third party payer community, and their authorized agents, with meeting their obligation for filing accurate and complete annual information return documents. In addition to financial institutions, other eligible entities are credit card companies, state agencies, third-party settlement organizations, and third-party network transaction companies. The system allows authorized users to match TINs and names directly against IRS records. The TIN Matching system allows for a proximal match for SSN’s, meaning the first letter of the name control must match, the second and third letters can be swapped, the third and fourth letters can be swapped, and any valid character in the second, third, or fourth position will create a proximal match (example: AXCD, ABXD, and ABCX would all be valid proximal matches for name control ABCD).

  2. TIN Matching does not divulge a taxpayer’s SSN or a business’s EIN. It only verifies whether the TIN and name combination which the user submitted matches IRS records. To participate in this program, authorized users must complete a TIN Matching Application through e-Services and meet the following eligibility requirements:

    • Applicant must be a payer of income subject to backup withholding submitted on Form 1099-B, Form 1099-DIV, Form 1099-G, Form 1099-INT, Form 1099-K, Form 1099-MISC, Form 1099-NEC, Form 1099-OID or Form 1099-PATR.

    • Payer must have filed Form 1096, Annual Summary and Transmittal of U.S. Information Returns, reporting income paid on Form 1099, or use the Filing Information Returns Electronically (FIRE) system to submit information returns electronically, in one of the last two years.

  3. Use IDRS CC PMFOL to research Payer Master File and verify payer is eligible to participate in TIN Matching.

  4. TIN Matching Roles:

    1. Principal - a partner or an individual who owns at least five percent of the firm that is applying to participate in the TIN Matching Program. The "Principal" may also be a corporate officer of a publicly traded firm, such as President, Vice President, Secretary, or Treasurer. The "Principal" must be the person who can legally bind the firm in matters before the IRS and must complete the original application to TIN Match on behalf of the firm. Principals may modify any section of the application. They may add and/or remove locations and authorized users and change the firm/organization information.

    2. Responsible Official - an individual who holds a supervisory position within the firm. A "Responsible Official" has the authority to update an application on behalf of their listed firm and firm "Principal" . The "Responsible Official" may change the firm/organization information, assign/disable "authorized agent" and "Delegated user" roles, add and/or remove locations and perform TIN Matching. Responsible Officials may modify any section of the application.

      Note:

      Only a Principal or Responsible Official can add another Principal or Responsible Official. It is a good practice to list a second person. The Responsible Official can be a different individual from the Principal. More than one Principal and/or Responsible Official can be listed.

    3. Authorized Agent - a person or firm that, with the payer’s authorization, transmits specific information return documents to the IRS on behalf of the firm and may match name/TIN combinations on behalf of the payer.

    4. Delegated User - an individual who will utilize the TIN Matching session options on behalf of the firm. A "Delegated User" may not assign or disable users or update applications on behalf of their assigned firm. A "Delegated User" may only perform TIN Matching on behalf of their assigned firm.

  5. Publication 2108A, On-Line Taxpayer Identification Number (TIN) Matching Program, provides guidelines for the TIN Matching Program.

TIN Matching Access Inquiries

  1. When the customer (payer) indicates that they cannot access TIN Matching even though their employer has named them as an authorized user, take the following steps:

    1. Verify the user has completed Secure Access Authentication and is Level of Assurance F.

    2. Verify the caller is using the correct link on IRS.gov.

    3. Verify the caller is listed on the TIN Matching Application.

      Note:

      If they aren’t listed on the application, explain they need Principal to add them. If the application is not in Completed status, explain the principal must submit the application before they can see their links.

    4. Many users forget to resubmit the application after making additions or changes. Unlike an IRS e-file Application, the TIN Matching Application requires a PIN entry only at the initiation of the application, not after each subsequent change. If the authorized user fails to submit the application, the assistor will submit the application in the interest of good customer service. Remind the caller, they must resubmit the application after any changes to avoid future problems.

    5. If the caller is still receiving the error after trying all the above, escalate incident to e-Services Technical Level 2 Provider Group.

Delete/Revoke/Restore a TIN Matching Application

  1. If the customer inquires about the ability to remove a firm's TIN Matching Application from the system or requests restoration of a previously deleted application, determine their role on the application. If they are not the Principal, advise the caller that only Principals can make such a request.

  2. If the caller is the Principal and still needs assistance with revoking, deleting, or would like to restore a previously deleted TIN Matching Application, advise the customer that you will refer their request to the e-Services technical staff for resolution. Escalate Interaction to e-Services Technical Level 2 Provider Group. Document Interaction with the following information:

    • Name of Principal

    • Username of Principal

    • Telephone number (with time zone) of Principal

    • Position in the company (president, vice president, owner, etc.)

    • Company name as shown on the TIN Matching Application

    • Company TIN as shown on the TIN Matching Application

    • Reason for revoking, deleting or restoring the application

Replace a Principal

  1. If there is only one Principal or Responsible Official on the application and they are no longer with the company or the application was started without a Principal or Responsible Official, advise the caller that only an owner, officer, or partner of the company can replace/add the new Principal. If the caller qualifies as a principal, after authenticating using the SAM, EFTPS, Business On-line Filer section of the EPSS AA Job Aid, make the necessary changes. Advise the new principal to submit the application.

Bulk TIN - Valid Response

  1. When submitting a Bulk TIN Request (up to 100,000 TIN and name combinations), as well as an Interactive TIN Request (up to 25 TIN and name combinations), there are nine possible result codes. If the customer calls in for an explanation of these codes, offer the following definitions:

    1. 0 - Name/TIN combination matches IRS records

    2. 1 - Missing TIN or TIN not a nine-digit number

    3. 2 - TIN not currently issued

    4. 3 - Name/TIN combination does NOT match IRS records

    5. 4 - Invalid request (e.g., contains alphas, special characters). Must have TIN Type, TIN, Name (Name field is limited to 50 characters).

    6. 5 - Duplicate request

    7. 6 - Matched on SSN, when the TIN type is (3), Unknown

    8. 7 - Matched on EIN, when the TIN type is (3), Unknown

    9. 8 - Matched on SSN and EIN, when the TIN type is (3), Unknown

  2. If customer does not see the result code they were expecting, and asks for the correct TIN, explain we are not authorized to disclose that information and they will need to verify with their client.

Bulk TIN - No Response

  1. When a customer submits a Bulk TIN request, they will receive an acknowledgement page with tracking number. The customer will receive a response within 24 hours. If a customer calls because a response has not been received, or the results are illegible, ask the customer to resubmit their Bulk TIN request. Have them record the tracking number and the date/time stamp of their submission. If they still have not received a response after an additional 24 hours have passed, they should call the e-help Desk again.

  2. When the customer calls back because they still have not received a response, escalate Interaction to e-Services Technical Level 2 Provider Group. Include tracking number and date/time stamp provided by customer, username, and company EIN in Interaction documentation.

TIN Matching Suspended and/or Locked Out

  1. When the customer is suspended and/or locked out while performing Interactive TIN matching, they will receive a pop-up message indicating they are locked and the reason (e.g., Results Code 5 - Duplicate). Inform customer:

    1. The TIN Matching program contains a built-in security feature that detects when a taxpayer EIN, SSN or ITIN is being researched using different names.

    2. Account access is blocked for four days (96 hours).

    3. They will have to wait for the system to unlock them.

  2. When the customer is locked out while performing Bulk TIN Matching, the system will generate a tracking number for the submission and a message referencing this tracking number is sent immediately to their Secure Mailbox. The bulk lockout does not return result codes.

  3. General Services Administration (GSA) is the organization responsible for the System for Award Management (SAM) web site. If a GSA customer is locked out:

    1. Verify customer information (customer name, telephone number, firm name and EIN) in EHSS. If not correct, document correct information in Interaction description along with the username and EIN.

    2. Escalate Interaction to e-Services Technical Level 2 Provider Group.

TIN Matching Error Messages

  1. Sometimes the customer will receive an error message when attempting to use TIN Matching. The two most common errors are:

    • Line %1 contains invalid data or has more or less semicolons

    • 96 Hour Lockout

  2. If the customer receives "Line %1 contains invalid data or has more or less semicolons" error message, they must correct and resubmit file.

  3. If the customer receives "96 Hour Lockout" error message, they must wait for the system to unlock them.

Transcript Delivery System (TDS)

  1. Transcript Delivery System (TDS) allows specific tax professionals, Reporting Agents, Low Income Tax Clinics (LITC), state and local governmental agencies, and internal IRS users to request and receive transcripts electronically. Large Taxpayers are not entitled to use TDS even though they may have submitted five or more accepted returns electronically. Tax professionals and LITC representatives must have a Form 2848 or Form 8821 on file to access client transcripts. Reporting Agents need a valid Form 8655, Reporting Agent Authorization.

  2. The e-Services product is available to:

    • an ERO who has successfully submitted five accepted e-file returns.

    • Circular 230 Participants, CPAs or attorneys that do not e-file and are applying only for TDS access.

      Note:

      The EUP user must select the "Do Not Cleanup" button on the "Summary" page to prevent these EFINs from getting inactivated during the EFIN Cleanup process.

    • Reporting agents with no minimum number of returns needed to gain access.

      Note:

      TDS is manually assigned by an IEP EUP user if necessary. Prior to accessing TDS, a user must have or create an online account using Secure Access Authentication. See IRM 3.42.8.7 Secure Access Authentication for Tax Professionals for additional information. The TDS link defaults to principals, responsible officials and Principal consents but must be manually assigned to a delegated user.

    • Low Income Tax Clinics (LITC) - the LITC Program Office inputs these e-file applications and can also make any necessary updates through the IEP EUP.

      Note:

      You must select the "Do Not Cleanup" button for these applications.

  3. The following individual transcripts are available through TDS:

    • Account Transcripts show the information posted on the account, including payments, adjustments, etc., and are available for any account that is active on the IRS Master File.

    • Return Transcripts include most lines from the original return, including attached forms and schedules, and are available for returns filed during the current and three prior years.

    • Record of Account Transcripts are a combination of the account and return transcripts and are available for returns filed during the current and three prior years.

    • Wage and Income Documents show income reported by payers on forms such as Form W-2 and Form 1099. Available for the current and nine prior tax years.

    • Verification of Non-Filing generates a letter when a taxpayer needs verification that a tax return was not filed, and is available for the current and three prior tax years.

    • Additional information on Transcripts is available in IRM 21.2.3.3.1, Assistor Provided through Transcript Delivery System.

  4. The following business transcripts are available through TDS:

    • Account transcripts are available for any account that is active on the IRS Master File.

    • Return transcripts are available for the current year and returns processed during the prior three processing years. BMF forms are available for Forms 1065, 1120, 1120-H, 1120-L and 1120-S.

    • Record of account transcripts are a combination of the account and return transcripts and available for returns filed during the current and three prior years.

      Note:

      Wage and income documents are NOT available for business.

Access to Client Information

  1. To access client information via e-Services, the user must have a Form 2848, Power of Attorney and Declaration of Representative or Form 8821, Tax Information Authorization (TIA), on file. This authorization can be viewed on IDRS using CC CFINK and the taxpayer's TIN. Review the CC CFINK response screen for the following:

    • The Powers field must contain a "U" for Unmodified.

    • The information must be complete. If the information is not complete, the customer must mail or fax the Form 2848 or Form 8821 to the Centralized Authorization File (CAF) Unit.

  2. If the customer is using TDS and receives a CAF Failure error, research and provide the CAF number as follows:

    1. Request his/her name and address to research IDRS CC RPINK or CC CFINK.

    2. Verify the name control on IDRS matches the name control on the eFile Application.

    3. Confirm there is an existing CAF number(s) for the caller.

    4. Authenticate the caller's identity by following probes found in IRM 21.1.3.3, third-party (POA/TIA/F706) Authentication.

    5. Provide the correct CAF number when the caller is using the wrong CAF number, ONLY after verifying the practitioner's name and address match what is shown on the CAF database. If they don’t match and the practitioner is actively working with their client to resolve a tax account issue as outlined in IRM 21.3.10.2 (2) , Practitioner Priority Service (PPS) Overview, they may call the Practitioner Priority Service (PPS) at 866-860-4259 to secure transcripts. PPS is a nationwide toll-free, account related service for all practitioners and serves as the first point of contact for assistance regarding their clients' account related issues.

    Note:

    You will only look up and provide the correct CAF number when providing support for TDS rejects. Refer all other requests to PPS.

Centralized Authorization File (CAF)
  1. The following forms must be mailed or faxed to the CAF Unit.

    • Form 2848, Power of Attorney and Declaration of Representative (POA) - A taxpayer can grant authority to representatives to receive tax data and represent them before the IRS. Form 2848 covers specific tax forms and tax periods.

    • Form 8821, Tax Information Authorization (TIA) - A taxpayer can grant authority to any individual or organization to inspect or receive the taxpayer's confidential tax information. Form 8821 covers specific tax forms and tax periods.

      Note:

      A signed copy of Form 2848 or Form 8821 must be retained in the authorized representative's files.

  2. The authorization must post to the CAF database prior to them submitting a TDS request for transcripts through e-Services.

  3. Direct customer inquiries regarding multiple CAF numbers, name change requests, etc. to CAF. You will direct callers to the appropriate CAF unit for their state. You will find CAF Unit mailing addresses and fax numbers on the CAF Unit Addresses, Fax Numbers, and State Mapping page of IRS.gov, form instructions, and in IRM 21.3.7.1.5, Audience - Processing Sites (CAF Function).

Rejected TDS

  1. TDS will reject requests for transcripts if any one of the following conditions is present on the taxpayer's CAF record:

    • Designation level under the column LV shows "X" .

    • Powers Code under the column AUTHS shows anything other than "U" (Unmodified).

    • Column RCTS shows "R" (authority to receive a refund), this is a modification for e-Services purposes.

  2. TDS will reject requests for transcripts if any one of the following conditions is present on the representative's CAF record in the CAF STATUS or STATUS field:

    • Undeliverable

    • Deceased

    • Disbarred

    • Suspended

    • Resigned

    • Ineligible

    • Inactive

  3. Programming changes were made to allow transcripts for tax years not impacted by identity theft. TDS does not generate transcripts for any tax year where there is an Identity Theft Indicator on the account. Programming changes in January 2017 stopped letters from going to clients when a transcript is requested by the POA and the account has been affected by identity theft for that year. The letter to the practitioner will direct them to call the Practitioner Priority Service at 866-860-4259 for assistance in obtaining a transcript for years affected by identity theft.

Married Taxpayers

  1. A valid POA or TIA is required for at least one of the joint filers for the following transcripts: Account Transcript, Tax Return Transcript, and Record of Account Transcript. However, a representative is only entitled to Verification of Non-Filing and Wage and Income Transcripts for the joint filer for which they have a valid POA or TIA.

IRS Employees

  1. Advise IRS employees who experience problems using TDS to contact the Information Technology Support Desk at 866-743-5748, to open a Knowledge, Incident/Problem Service Asset Management (KISAM) ticket.

State Users

  1. Advise state users to contact the Disclosure Manager for their state to apply for the TDS product. IRS Disclosure offices may be found at the Disclosure Contacts Link https://portal.ds.irsnet.gov/sites/vl003/Lists/DBasicsContacts/LandingView.aspx. The Disclosure Help Desk number and email address are for internal use only.

Common TDS Problems

  1. Sometimes the user has problems transmitting and receiving their TDS information. The following subsections may help to resolve those issues. If the problem is still not resolved, escalate Interaction to e-Services Technical Level 2 Provider Group. Always include the username in the description when elevating to Level 2.

Bulk Request Upload Error Message
  1. When the customer is sending a bulk file, it should not contain more than one megabyte (MB) of information. If the customer calls because of the "Bulk file contains errors" message, follow the chart below:

    Figure 3.42.8-7

    If ... Then ...
    The file name is not lowercase and the extension is not .txt Advise the customer that their file name must be lowercase and the extension on the file must be .txt regardless of what software (Word, Excel, Notepad, etc.) was used to create the file. Save the file in Plain text using Notepad and the extension .txt. Then try to upload the file again.
    The file is larger than 1 MB of information Advise the customer to lower the size of the file and try to upload the file again.

Unable to Receive Business Master File (BMF) Return Transcripts
  1. Sometimes the customer will request BMF return transcripts currently not available through TDS. A limited number of BMF return transcripts are available through TDS. If the forms the customer is requesting are available, look up the authorities in IDRS using CC CFINK. If the customer's POA is not posted for the year(s) and form(s), advise them to submit a POA to update the CAF authorities.

  2. For state users: if the product, form number, and tax period (year and month) is available on TDS, the product is within the years available through TDS, and the customer still cannot get the product, escalate Interaction to e-Services Technical Level 2 Provider Group.

TDS Letters Cut Off or Cannot Print
  1. Customers may experience problems with printing transcripts. If the transcript is cut off in part, or will not print at all, assist the customer based on the type of browser the customer is using.

  2. For the Internet Explorer (IE) browser:

    1. Determine the version of Internet Explorer.

    2. Select Help in the web browser.

    3. Select About Internet Explorer (the version number of the browser software is listed in the window that appears).

    4. Determine which version is listed.

    5. If lower than 9.0, update Explorer; download a new version of Internet Explorer from the Web site at http://www.microsoft.com. If the printout drops off from the right side of the page, even though the browser window shows everything and the version is 9.0, change the margins by clicking on File, Page Setup, change the left margin to .25, then print.

  3. If another browser is used, advise the customer e-Services is designed to work in Internet Explorer version 9.0 or above.

Income Verification Express Service (IVES) Users

  1. IVES is a partially automated service that provides two to three business day processing and delivery of transcripts to participants who pay a fee for this service. Each company must complete Form 13803, Application To Participate in the Income Verification Express Service (IVES) Program, which is reviewed for suitability then entered into the EUP by IVES Coordinators in the Return and Income Verification Services (RAIVS) unit. IVES customers request transcripts by faxing a valid form from the Form 4506 family to the appropriate RAIVS unit. Once an IVES Application is established for them by the RAIVS unit, and they are given a Participants/Consolidator Number, you will treat them the same as any other customer. The IRS will deliver transcripts to the customer's e-Services Secure Mailbox (Secure Object Repository (SOR)).

  2. The Principal, Responsible Official and Delegated User assigned to use e-Services products must register individually to create and have access to a Secure Mailbox. Only the Principal can access the IVES Detail and Summary Reports.

  3. IVES users may maintain and revise their application by logging into e-Services and clicking on the IVES Consolidator Application link, which will bring up the Main screen showing all links within the application.

    1. Principals can make changes to the following screens: Firm/Organization Information, Firm/Organization Address, Business Point of Contact, Establish Location(s), and Authorized User(s).

    2. Responsible Officials can only update authorized user(s).

    3. Delegated Users cannot make changes to the application but can retrieve transcripts.

    4. The user will submit all other application changes (including Principal Information changes) on a revised Form 13803, Income Verification Express Service (IVES) Application, and fax it to the RAIVS unit.

      Note:

      Even though the "IVES Consolidator Application: Principal Information" page shows an edit button, changes to Principal Information will not be made using e-Services. These changes must be completed by submitting a revised Form 13803 to RAIVS.

  4. If the customer received transcripts without an approved form from the Form 4506 family, refer the customer to the RAIVS unit where they faxed their request.

  5. Refer the customer to the RAIVS Program office for the following issues:

    1. Application was previously sent to RAIVS and there has been no response.

    2. Customer has trouble accessing the reports (transcripts).

    3. Customer has questions about billing or is disputing a billed amount.

    Note:

    Raise disputes with the program office within 15 days from the date of the invoice.

  6. For more information about the RAIVS process see Income Verification Express Services page athttps://www.irs.gov/individuals/international-taxpayers/irs-income-verification-express-service-ives Assistors should also refer to KM000593, Income Verification Express Services (IVES).

Miscellaneous E-Services

  1. The following sections provide general information related to e-Services.

PIN Rules/Inquiries

  1. Once the caller has completed the SAA process, the new e-Services user is prompted to create a PIN. This PIN is used to electronically sign their e-Services applications.

  2. If a user already has a PIN, no change is necessary.

  3. The customer may voluntarily change their PIN by logging in and selecting the "Modify PIN" link. The customer will: .

    • Enter a new five-digit numeric PIN

      Note:

      The PIN can’t be all the same numbers and can’t be the same as the last PIN.

    • Re-enter the PIN

    • Click the "submit" button to save the changes

  4. Once the PIN is affixed to an electronic document, it indicates that the person making any changes is authorized to do so.

Secure Mailbox

  1. The system assigns each registered user a Secure Mailbox (Secure Object Repository (SOR)) to place or deposit data. Users access this data by clicking the Mailbox link found in the navigation tool bar along the top of each e-Services page. For most of the products, the system sends an email to the user alerting them it placed data in their Secure Mailbox. Depending on the type of data, and whether it shows read or left unread, the system automatically deletes the files. The delete timeframes follow:

    Figure 3.42.8-8

    Product Read Unread
    TDS 3 business days 30 business days
    TIN Matching 3 business days 30 business days
    Business Rule Changes 3 business days 30 business days

Missing Links

  1. To see links, the caller must have created a Secure Access Authentication (SAA) account and the Assurance Level Achieved must show "F" . If caller completed the SAA process today, have them log out and then log back into the application or product they were attempting to access to see if this resolves the issue. To trouble shoot missing links follow the guidance below based on type of user.

  2. ERO

    • Verify the caller is using the correct link on IRS.gov.

    • Verify the correct Organization Link was selected. If they previously selected their Responsible Official (RO) (DBA name with Address) link, have them try their Principal link (Legal Name without Address).

    • In EUP, verify the "Services Authorized For" tab has Transcript Delivery System and/or Reporting Agent Transcript Delivery System checked. If user created the application correctly as Circular 230 but didn’t document correctly (i.e., comment was not added to e-file application), assistor can check the Transcript Delivery System box under "Services Authorized For" .

    • Verify the caller has "Authorities" checked by selecting the View icon next to their Name on the "Authorized Users" page.

  3. Circular 230 User

    • Verify the caller is using the correct link on IRS.gov. The caller should select "Transcript Delivery System (TDS)" then "Access TDS" button and login.

    • Verify the e-File Application was created and documented correctly for Circular 230 access.

    • In EUP verify the "Services Authorized For" tab has Transcript Delivery System checked. If the box is checked and everything above is verified, toggle the checkbox next to Transcript Delivery System and have the caller log back into the system.

  4. TIN Matching User, TDS State User, or State EFIN User

    • Verify the caller is using the correct link on IRS.gov.

    • Verify the caller is listed on the appropriate application.

  5. Affordable Care Act (ACA) Application for Transmitter Control Code (TCC) user

    • Verify the caller is using the correct link on IRS.gov.

    • Verify the correct Organization Link was selected. The organization will have "(ACA)" in front of the Company Name.

    • Verify the caller is listed on a current ACA Application for TCC (RO or Contact) by completing either a Person or Application Search.

  6. To troubleshoot missing Organization Links:

    • Close browser and clear cache/cookies. See IRM 3.42.8.6.1.3, Clear Cache, for more information

    • Verify the caller is a Principal, Principal Consent, RO and/or Delegated User with authorities. Only 14 organization links can be seen.

  7. If the caller continues to receive an error or cannot see the appropriate links or Organization links after following the guidance above, document the issue and what steps were taken to resolve the issue. Escalate to an incident, provide the incident number to the caller and assign to e-services Technical Level 2 Provider group.

Acronyms

ACRONYM MEANING
ACA Affordable Care Act
CAF Centralized Authorization File
EFIN Electronic Filing Identification Number
EPSS Electronic Products and Services Support
ERO Electronic Return Originator
EUP Employee User Portal
FIRE Filing Information Returns Electronically
FPC Fingerprint Card
HELOC Home Equity Line of Credit
HRA High-Risk Authentication
IDT Identity Theft
IEP Integrated Enterprise Portal
IP PIN Identity Protection PIN
IVES Income Express Services
OLA Online Account
OPA Online Payment Agreement
OSA Online Services Administration
PIN Personal Identification Number
POPS Proof of Professional Status
PUB Publication
RAIVS Return and Income Verification Services
RO Responsible Official
SAA Secure Access Authentication
SOR Secure Object Repository
TAC Taxpayer Assistance Center
TDS Transcript Delivery Service
TSO Technical Services Operation
TIN Taxpayer Identification Number
Voice OTP Voice One Time Password