This blog was last updated on June 26, 2021
Update from the IRS as of October 24th
Revised Date Information for e-Service Users To ensure a smooth transition, the IRS has decided to delay the October 24 date for requiring e-services users to re-register and validate their identities through Secure Access authentication. In the next few weeks, the IRS plans to have discussions with key stakeholders affected by the e-services changes to discuss security protocols and next steps in this process. A new implementation date has not been set. When a new date is set, the IRS will share the information widely with e-Services users. The IRS is strengthening the e-Services registration process as part of a wider effort to ensure the protection of taxpayer data and IRS systems. For more information on this update, visit https://www.irs.gov/individuals/important-update-about-your-eservices-account
Organizations filing ACA returns and using the IRS’s TIN matching system should be made aware that users will need to re-register with the IRS’s e-services system later this month. The IRS announced on September 29, 2016 that it will require current users of its online e-services system to re-register in late October. Re-registration is required, as the IRS is implementing two-factor authentication security.
- Nearly all current IRS e-services users will need to re-register with the IRS to maintain their e-service accounts.
- Even if an individual already has an active e-services account, re-registration will be required unless the e-services account was initially opened after June 2016.
Set time aside now to review these requirements so you and your organization will be prepared when registration opens.
Two-Factor Authentication Intends to Improve Security
This change is intended to tighten security on the e-services system and to help prevent identity theft and account takeovers. Two-factor authentication is significantly more secure than the current model because in addition to a standard username and password, it requires an additional code sent by SMS text message to a phone specified by the e-services user. The additional security will make it much more difficult for hackers and other unauthorized parties to access a legitimate user’s e-services account.
New Authentication Procedure Emphasizes Individual Identification
The IRS’s upcoming two-factor authentication requirement focuses on identifying individuals who obtain e-services accounts. Because of this, parties will need to provide personally identifiable information to maintain their e-services accounts. Those re-registering will need the following items, all of which are directly associated with the individual registrant:
- An email address
- Social Security number
- Filing status and address from most recently filed tax return
- Personal account number from a:
- credit card, or
- home mortgage loan, or
- home equity loan, or
- home equity line of credit, or
- car loan
- A mobile phone capable of receiving SMS text messages:
- Only US mobile phones will be supported initially; virtual lines from companies such as Skype may not be used
- The phone must be associated with an account in the name of the party in question; phones in the name of an organization or a family member may not be used
- Phones associated with pay-as-you-go plans will not be supported initially
Users who cannot meet these requirements may re-register by mail. A user registering by mail will still need to associate a mobile phone with the account, but this can be any phone capable of receiving SMS text messages, including pay-as-you-go phones or those not in the account holder’s name. Complete instructions on how to register can be found on the IRS website.
Impact on ACA Filers and Users of the IRS’s TIN Matching Service
Organizations making Affordable Care Act (ACA) filings electronically will need to be particularly attentive to this change. All parties making ACA filings electronically require a Transmitter Control Code (TCC). Each organization with a TCC must name three individuals (one responsible officer and at least two contacts) as points of contact for the IRS. These individuals must have their own active e-services accounts. Similarly, parties using the IRS’s TIN matching service will need to re-register with the IRS following this change. The TIN matching service requires an IRS e-services account, and the security changes affecting e-service accounts generally apply to TIN matching service users as well. Sovos Compliance will continue to monitor developments and IRS communications closely and will provide updates via our Blog as circumstances dictate.
Take Action
- Contact a Sovos ACA compliance representative for a complimentary review of your company’s ACA reporting plan.