Due to an increase in phishing attacks directed at preparers, the IRS announced that many of those who have e-services access to transcripts and have used the service will in the past year will need to revalidate their accounts or risk losing access (IRS Website, Important Update about Your e-Services Account). However, those who registered after May 2016 will not be required to validate their identity, since the IRS has been using the “Secure Access” validation system since that date.
The IRS will mail letters to affected e-Services account holders starting the week of November 28, 2016. Those individuals will have 30 days from the date of the letter to validate their identity of they will lose access to e-Services.
The IRS notes the procedures to be taken as follows:
You must validate your identity using one of two options. The preferred option is to validate your identity online by registering for Get Transcript Online, which uses Secure Access to authenticate your identity. This option is solely to validate your identity through Secure Access. If you cannot validate your identity online, you may revalidate your identity by calling the IRS e-Services Help Desk. You must have a copy of the IRS letter you received when you call. You will have access to e-Services throughout the 30-day period.
The IRS describes the Secure Access validation process as follows:
You must register through Get Transcript Online, which allows you to validate your identity through our identity authentication process called Secure Access. The purpose is solely to authenticate your identity. You must have an email address, knowledge of your most recently filed tax return and financial information from either a credit card or other loan numbers. You also must have a mobile phone in your name to complete the process in one session, or you must request an activation code by mail. Before you start, please review Secure Access: How to Register for Certain Online Self-Help Tools.
If a professional is unable to complete the Secure Access validation, then the professional will need to turn to the e-Services Help Desk. The IRS describes that process as follows:
You must have the IRS letter you received when you call the e-Services Help Desk. It contains a unique code that you must provide to the Help Desk assistor. You must provide the code from your letter and answer a series of identity-proofing questions to authenticate your identity. If you cannot authenticate yourself, you will receive instructions on how to visit a Taxpayer Assistance Center to verify your identity in person. To validate your identity through the Help Desk, you will not need a mobile phone. Additional customer service representatives are available to assist you.
The IRS provides the following information for those who have not received a letter and wonder if they should do something:
Letters are being mailed to e-Services users who have accessed their e-Services account in the past year and who can access the Transcript Delivery System. Letters will be mailed to the addresses listed on the users' most recent tax returns. Letters are being mailed over a period of weeks. If you have access to TDS and have been active in the past year, you should receive a letter by the end of December. If you did not receive a letter and your e-Services registration account has been suspended, contact the e-Services Help Desk for assistance.
The IRS also addresses the issue regarding the previous notice that Secure Access was being delayed, noting that this update only represents a portion of the full Secure Access the agency expects to roll out.
At this time, our goal is to validate the identity of e-Services users who have access to taxpayer data using robust identity proofing techniques including Secure Access online or phone authentication with a unique security code sent to you by mail. We expect to fully implement the Secure Access identity authentication process for e-Services next year. Secure Access is a two-factor, or two-step, process that will require returning users to enter their username and password plus a security code sent by cell phone to access their accounts.
The IRS also warns about scam emails that are being received by preparers regarding e-Services:
These are scams. Currently, there are several variations in circulation. One version seeks to capitalize on IRS efforts to strengthen e-Services. The IRS will not send you an email asking you to click on a link to update your account. These phishing scams that attempt to steal your e-Services credentials, are one reason the IRS is undertaking efforts to make the authentication process stronger.