- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report Inappropriate Content
Stephanie,
There are two parts to your question
1. As far as I know the Client Copy for review does not have a global setting to mask for the Docusign E-signatures. Currently you can mask the SS# when you print to PDF only.
2. The IRS requirements are:
What are the ERO’s responsibilities with regard to e-signature?
If the taxpayer uses the e-signature option, the ERO must use software that includes identity verification. The software must record the following data:
- Digital image of the signed form;
- Date and time of the signature;
- Taxpayer’s computer IP address (remote transaction only);
- Taxpayer’s login identification — user name (remote transaction only);
- Results of the identity verification check validating that the taxpayer’s ID verification was successful; and
- The e-signature method used to sign the record.
The ERO is also responsible for maintaining a tamper-proof record in a secure, access-controlled storage system for 3 years from the due date of the return or 3 years from the IRS return receipt date, whichever is later. ERO's must be able to retrieve and reproduce legible hard-copies of the signed form.
How should the software perform identity verification?
As part of identity verification, the software may create what is known as a “soft inquiry” in the credit reporting industry. A credit reporting company uses information from the taxpayer’s credit report to generate knowledge based authentication questions. This action may create an entry on the credit report called a “soft inquiry”. Typically, the knowledge based authentication questions address the taxpayer’s personal and financial history. These are usually multiple choice questions such as the name of their mortgage lender, type of car financed, a former address or phone number. The taxpayer is expected to answer the questions correctly. This is not a credit check. However, taxpayers who cannot complete the identity verification check cannot use e-signature.
Because the client is using the KBA, masking the ss# is not as necessary. Also Docusign itself uses two factor authentication.
Hopefully this helps.
