What is a CAF number, how to reduce errors, and how to protect yourself.

caf number

The Internal Revenue Service outlined common errors that may delay processing of Centralized Authorization File (CAF) numbers. Reducing errors in CAF applications is one way to speed the approval process for tax professionals.

The IRS also reminded tax practitioners that CAF numbers are valuable cybercriminal targets and outlined steps tax professionals should take annually to help protect their CAF number from misuse.

The IRS annually processes 3.5 million paper Forms 2848, Power of Attorney and Declaration of Representative, and Forms 8821, Tax Information Authorization. The Form 2848 grants eligible practitioners the authorization to represent a client before the IRS. The Form 8821 grants individuals or organizations the authorization to inspect a client’s tax records.

When practitioners submit Forms 2848 or 8821 for the first time, they are issued a nine-digit CAF number that they use as an identifier on all their future third-party authorization requests. During fiscal year 2018, the IRS rejected 384,081 authorization requests.

Issues that cause an IRS CAF assistor to reject the Forms 2848 or 8821 are as follows:

  • Lack of an original pen and ink signature (i.e. use of a digital signature, no signature or use of a signature stamp) by the Taxpayer.
  • The Representative Designation is not complete on page 2 of Form 2848.
  • Level H designation on Form 2848 requires the signor to have prepared the tax return. If the signor did not prepare the return, as verified by the CAF assistor, then this is a basis for rejection.
  • The Representative information requested is incomplete or missing on Form 2848. This includes the Designation; Licensing Jurisdiction or Authority; Bar, License, Certification, Registration or Enrollment Number or representative signature and/or date.
  • Check of the box 6 to add a new designee but retain the former designee. A copy of the old Form 2848 is required to retain the prior authorization; however, the copy is not attached.
  • The Forms 2848 or 8821 are missing the required Taxpayer and/or Representative identification information.
  • The Tax Matter identification is not specific. The completion of “all years” or “all future periods” is not acceptable.       This needs to be specific tax modules.
  • The title of the Officer of the Business and/or Company (if applicable) is blank.
  • The date of the Taxpayer signature is blank.

The average processing time for a third-party authorization request is less than 5 days. Because this is a manual process, it is important that tax practitioners also submit accurate forms to avoid delays.

The IRS urges tax practitioners to protect the CAF numbers just as they would their Electronic Filing Identification Numbers (EFINs) and Preparer Tax Identification Numbers (PTINs).

However, as cybercriminals target tax practitioners for data thefts, more CAF numbers are falling into crooks’ hands. Today’s identity thief is just as knowledgeable about tax practices as technology. The IRS has noticed an increase in criminal’s efforts to pose as a tax practitioner using a stolen CAF number or to fax one of the third-party authorization forms using a stolen CAF number.

Here are a few steps tax professionals can take to protect their CAF numbers:

  • Make a data security plan and take sound security steps to protect all taxpayer data as outlined in Publication 4557, Safeguarding Taxpayer Data.
  • Make an annual review of the firm’s third-party authorizations. Prior to filing season is a good time to review the list of clients represented.
  • If the list includes clients who are no longer represented, fax a copy of the authorization form to the IRS CAF unit with the word “Withdraw” written at the top. Review Publication 947 for details.
  • Be aware of data theft signs, which include the receipt of tax transcripts for clients that you either did not request or taxpayers you do not represent.
  • Contact the Practitioner Priority Service telephone line if the CAF number has been stolen, if there is suspicion it’s being misused or if transcripts are being received that were not requested.