F.No.: DGIT(S)/CPC(TDS)/Corp_Authentication Mech/2015-16/14557-14690

Government of India

Ministry of Finance

Central Board of Direct Taxes

Directorate of. Income-tax(Systems)

New Delhi.

Notification No. 3/2015

New Delhi, Dated- 1st of December 2015

Subject: Stringent Authentication mechanism through Corporate Head Quarter Server for filing of Correction statements & download of TDS certificates, Consolidated files etc. by Banks/Corporates- regarding.

Section 200 of the Income tax Act provides for filing of TDS statements. The manner of filing such statements and the particulars have been laid down in Rule 31A of the Income tax Rules. Vide Sub Rule 5 of Rule 31A (placed at DFA-II) of the Income Tax Rules, it has been specified that the Director General of Income Tax (Systems) shall specify the procedures, formats and standards for the purposes of furnishing and verification of the statements or claim for refund in Form 26B and shall be responsible for the day-to-day administration in relation to furnishing and verification of the statements or claim for refund in Form 26B in the manner so specified.

In exercise of the powers delegated by the Central Board of Direct Taxes (Board) under Explanation to Sub Rule 5 of Rule 31A of the Income-tax Rules 1962, the Principal Director General of Income-tax(Systems) lays down the authentication mechanism for filing of correction statements & download of TDS certificates, Consolidated files etc. by Banks and Corporates deductors as under:

1. Need of Authentication Process

1.1 CPC-TDS initiated “corporate connect” with an intent to pursue TDS compliance related issues of all branches of a corporate with their corporate headquarter. This initiative has multiplier effect as TDS defaults of over 2lac deductors can be addressed by following it up with only 4000 PAN entities. CPC-TDS also rolled out functionality for corporate headquarter at PAN level to provide summary of TDS defaults of its branches. The criticality of this initiative can be understood from the fact that 30% of total TDS defaults and 80% of total PAN errors pertain to only 4000 PAN entities.

1.2 During this exercise, the banks were finding it hard to resolve the TDS defaults in case of closed branches and branches merged with other banks. The banks were not able to retrieve old records for FY 2007-08, 2009-10 etc. in order to file correction statements to resolve the outstanding defaults. Further banks also found challenge in procuring digital signatures for each branch for filing online correction on TRACES portal. The genesis of the modified access process lies in strategy to address the above challenges of retrieval of old data without use of digital signature. As discussed above, 80% of total PAN errors pertain to banks. The modified access process will bring in discipline to the correction process as only the authorized bank official would be able to work on TRACES system. The concept of involving head quarter as a “corporate connect” drive will help in bringing in better TDS compliante as the headquarter will have complete picture of the TDS compliance of each branch.

2. Mechanism involved:

2.1 This mechanism is based on the concept of routing the access requests of various TAN branches of a particular entity through its corporate headquarter’s server. The deductor branch will pass-on the login credentials to the relevant bank/corporate Headquarter’s (HQ) server and HQ server will validate the login credentials & IP address of the user’s system. After necessary validations, HQ server will send the digitally signed string, in form of encrypted information, to TRACES server. TRACES server will authenticate the defined particulars referred in para 2.2.2 provide access to the concerned TAN account. This mechanism has three benefits:

a) Secured access of sensitive third party data: Only authorized representative of banks/corporates will be able to access TRACES portal as the login would be through corporate server only.

b) Corporate headquarter can keep track of the access requests of the branches and this will help in enforcing discipline among the branches.

c) No need to procure separate digital signature for each bank/corporate branch to access TRACES portal on account of routing of request through corporate server.

2.2        The detailed process in this regard is as under:

2.2.1 Deductor Functionalities Access Service UR L

For accessing the cleductor functionalities through corporate servers, corporate banks need to send reqUest data via HTTP Post Method. Access of deductor functionalities through corporate bank server will be provided over SSL.

2.2.2   List of Request Parameters

# Parameter Data Type Parameter Description
1 data* Text PAN of Deductor, TAN of Deductor, Transaction Timestamp, IP, Email ID, Mobile Number of AP etc.
2 signature Text Digital signature with PKCS7 format wish base 64 encoding

Data from website needs to be submitted only using POST method through HTTPS request using the following parameters:

2.2.3   Structure of “data” field
I
Field
Name
Data
Type
Field Length
Mandatory/
Optional
Sample Value
1
PAN of Deductor
Character
10
Mandatory
AAAA99999A
2
TAN of Deductor
Character
10
Mandatory
AAAA99999A
3
PAN of AP
Character
10
Mandatory
As entered during login (PAN of Authorised Person)
4
Mobile number of AP
Numeric
10
Mandatory
9999999999
5
Email ID of AP
Character
NA
Mandatory
email     ID having domain name e.g. (bank’s/corporate’s @sbi.co.in)
6
Transaction Timestamp
Character (YYYY‑ MM-DD-hh24.mi.ss.ffffff)
26
Mandatory
2009-10-26-15.07.40.071658

* The above fields in the data will be separated by “A

2.2.4 List of unauthorized access scenarios

a. Bank request data not in proper format

b. Bank URL through which bank is accessing traces application is not correct

c. Incorrect digital certificate

d. Request parameters not valid

e. Timestamp will be used for checking staleness

3. CPC (TDS) will gradually migrate banks and corporates to the modified authentication process of accessing TRACES portal. During transitional period of on boarding of banks/ corporates normal access to TRACES portal will remain available to the users of respective banks/corporates. The normal access will be discontinued only after complete onboarding of the entity and all its branches.

(Ps. Thuingaleng)

Dy. Commissioner of Income Tax (CPC-TDS)

O/o The Pr. Director General of Income-tax (Systems)

More Under Income Tax

Posted Under

Category : Income Tax (25502)
Type : Notifications (15395) Notifications/Circulars (30672)

Leave a Reply

Your email address will not be published. Required fields are marked *