Skip to main content


IRS Adds Security Protections for CAF Program, Transcript Requests

The risk a compromised CAF number presents to practitioners and taxpayers is prompting these additional security measures.

In its continuing effort to thwart identity theft refund fraud, the IRS last week highlighted additional protections being put in place for tax professionals to increase security for the Centralized Authorization File (CAF) program, as well as new guidelines for requesting client transcripts by phone.

“Tax professionals continue to present a tempting target to identity thieves and fraudsters,” James Clifford, director of IRS Return Integrity and Compliance Services, said in a statement. “With identity theft an ongoing concern, the IRS has taken additional steps needed to protect both tax professionals and their clients given the sensitivity and importance of the information involved. The IRS will continue working with the tax professional community on these issues to minimize burden on practitioners while also working to ensure the safety and security of this information.”

The risk a compromised CAF number presents to tax professionals and taxpayers is prompting these additional security measures from the IRS. A CAF number is a nine-digit number issued by the IRS the first time a tax preparer files tax information authorization or power of attorney. The tax agency uses this unique number to keep track of requests for client information, such as transcripts. 

When a CAF number is compromised, fraudsters could obtain transcripts and other sensitive taxpayer personally identifiable information to commit identity theft refund fraud and other crimes. In many cases, the fraudster has not only obtained a tax practitioner’s CAF number but also has the practitioner’s sensitive personal information.

To address this issue, the IRS has a process in which suspected compromised CAF numbers are placed into a suspended status pending further review. Once placed into a suspended status, the owner of the CAF number will be contacted to confirm if their number has been compromised. If the compromise is confirmed, the IRS said it will take the appropriate actions to address the compromised CAF number.

More information about this process can be found in a special alert issued on May 8 by the IRS Office of Professional Responsibility.

In addition to the changes being made to protect tax professionals from a compromised CAF number, the IRS has also taken steps to change how tax professionals can order transcripts by phone through the Transcript Delivery System (TDS).

Tax professionals now need to call the Practitioner Priority Service (PPS) line to request transcripts to be deposited into their Secure Object Repository (SOR) mailbox. IRS employees on other phone lines may not be authorized to provide transcripts through the SOR delivery method. Tax professionals will need to pass enhanced authentication, and if the identity of the caller cannot be verified, transcripts won’t be delivered using the SOR delivery method but will instead be mailed to the taxpayer’s address of record, the IRS said.

Tax professionals should also be aware of unsolicited scam emails asking to provide credential information, such as CAF number, Electronic Filing Identification Number (EFIN) information, and driver’s license. These emails may look like they are coming from the IRS or a tax software company, the agency said.

Tax professionals who receive these unsolicited emails should report them to