What You Should Know About the IRS's Electronic Signature Rules
Early last year, the IRS created a set of electronic signature rules used for the 4506-T form and 4506T-EZ form through their Income Verification Express Services (IVES). This is a big step because these forms were the last disclosure forms that couldn’t be electronically signed.
In addition to the regulations set by the ESIGN Act and UETA, the IRS published a set of electronic signature compliance requirements for signing the 4506-T and 4506T-EZ forms. You can read the by full list of guidelines, but you’ll be happy to know that SIGNiX meets or exceeds each of the requirements.
If you don’t care to sort through the document, here’s our summary of their requirements:
IVES requires that you can prove the identity of each signer. After all, what good is a signature if you don’t know who’s behind it? Here at SIGNiX, we offer many different identity authentication options. Most of our clients getting highly regulated documents signed pick two or more of these options (a method known as multifactor authentication):
- Email Authentication: With email authentication, each signer proves their identity by clicking a link to show that they can access an email account you know belongs to them. This is the simplest form of authentication, and it is mostly used with low-risk transactions or combined with another authentication method.
- Shared Secret Questions: With this authentication option, each signer answers a question that you choose when you send the document. Common questions include the last few digits of a signer’s account number or any other questions that help verify the signer’s identity.
- Mobile Phone Authentication: With cell phone authentication (also known as SMS authentication), the signer gets a text message with a random code. They prove their identity by entering the code into our system to access the document. This is a great method if you’re looking for inexpensive, multifactor authentication that’s easy to use.
- Knowledge-Based Authentication (KBA): With knowledge-based authentication, your signers are first prompted to enter their date of birth or social security number. If they answer correctly, they are asked a set of four questions based on a database of 30 years of public records. This is a very well known authentication method that pulls information from public health records, credit reports, town hall records and more.
Consent to Sign Online
The IRS also requires that signers consent to receive and sign documents electronically before they view or sign documents. We have a customizable consent page, which you can edit to fit your unique compliance needs.
The IRS requires that each signed document be protected from tampering. We offer a feature called “tamper evidence,” which makes it easy to see if someone has tampered with your documents. If a fraudster changes any part of the signed document, you will be alerted to the tampering when you open the document in any PDF reader.
We’ve actually taken it a step further. Our documents are tamper-evident not just at the end of the signing process, but from the second you start the transaction. This gives you evidence that the document wasn’t changed between signing events. We can even show you what the document looked like at each point in the signing process with our exclusive Signature History technology.
The IRS also requires that electronic signature vendors trace an audit log of the signing process, and this information must be associated with the document for non-repudiation. The audit log must include:
- Date and time of signing
- IP address of the signer
- Document lifecycle notifications
- Result of authentication (whether they passed)
- Result of consent
- Every electronic signature in the document
At SIGNiX, our Total Audit provides all of those details, and also includes the following information:
- Transaction creation
- Documents viewed by each signer
- Transaction completion
- Document downloads after signing
- Cancellations and opt outs
- Changed party information
Finally, the IRS requires that IVES participants retain the audit log and the 4506-T form or 4506T-EZ form for at least 2 years. With our Vendor FreedomTM technology, each signature is embedded into the signed documents, and audit trails remain available in a variety of formats, including PDF and XML.
IVES participants don’t even need to be our customers (or even be connected to the Internet) to verify their documents. Every signature, tamper-evident seal and audit trail can all be accessed by opening the document using any PDF reader software.
[This post originally appeared on the SIGNiX blog and is republished with permission.]