Skip to main content
DesignKey Studio

Financial Services, Fintech

Real-Time TIN Matching with TaxBandits

Real-time IRS TIN matching with TaxBandits, built into the form so name and SSN mismatches are caught before they become B-notices or rejected 1099 filings.

Real-Time TIN Matching with TaxBandits - Fintech TIN Matching research hero

Key findings

  • Mismatched name and SSN pairs are caught in the form, in real time, instead of surfacing months later as IRS B-notices and backup withholding at 24%.
  • The whole integration runs on one TaxBandits InstantTINMatch call. Access tokens last 60 minutes and are cached, so most checks skip the auth round trip.
  • Real-time TIN matching is gated. TaxBandits grants it per business use case on application, so it is not available the moment you sign up.
  • Interactive checks return instantly; bulk TIN matching returns in 24 to 48 hours, and an IRS "on hold" can take up to 36 hours in production.
  • Pricing is pay-per-form ($0.80 to $2.75) with TIN matching billed separately. Tax1099 is the main lower-cost alternative (from about $0.68 per form); the free IRS e-Services tool has no API.

A wrong taxpayer ID number is cheap to fix the second it is typed and expensive to fix months later, when it comes back as a rejected filing. This is how we built TaxBandits real-time TIN matching into a fintech onboarding flow for an undisclosed client: what the IRS rules behind it actually require, where the integration earns its keep, and where it bites.

Why did this fintech need real-time TIN matching?

The client needed to confirm that every taxpayer ID it collected was real and correctly paired with a name before it relied on that ID at filing time. The platform onboards people and businesses whose 1099s it will eventually file, and a single mistyped or transposed Social Security number is invisible until the IRS rejects the filing or sends a notice.

That gap is the expensive part. When a name and TIN on a filed 1099 do not match IRS records, the payer gets a CP2100 or CP2100A notice, has to mail the payee a "B-notice" and a fresh W-9, and must begin backup withholding at 24% if it is not corrected. According to the IRS, these notices go out twice a year, in October and the following April, so an error entered in onboarding can sit unnoticed for months before it generates work for both the platform and its users.

At DesignKey Studio, we treated this as a data-quality problem to solve at the point of entry, not a reconciliation problem to solve at year end. The goal was simple: verify each number against IRS records while the person is still in the form, so a typo fails immediately and a real submission passes cleanly. Everything that follows is in service of that one requirement.

What is TaxBandits, and how is it priced?

TaxBandits is an IRS-authorized e-file provider whose API exposes TIN matching, W-9 collection, and 1099 filing to other software. For this project we used one capability: real-time TIN matching, which takes a name and a taxpayer identification number (an SSN for a person, an EIN for a business, or an ITIN) and confirms against IRS records that the two belong together.

There are two flavors that matter. Interactive (real-time) TIN matching validates a single record instantly and suits a form field. Bulk TIN matching accepts many numbers at once and returns results within 24 to 48 hours, which suits validating an entire roster in the background. We needed the first.

Pricing is volume-based and pay-per-form, roughly $0.80 to $2.75 per form depending on volume, and TIN matching, state filing, and recipient mail are billed as add-ons rather than bundled. There is no free tier for the API. That matters when you compare it to the free IRS e-Services tool, which does the same check but only as a manual web application with no programmatic access.

The compliance backdrop is the reason any of this exists. The IRS runs the On-Line TIN Matching Program specifically for payers of 1099 income subject to backup withholding, so that a payer can check a name and TIN before filing. TaxBandits is a sanctioned route into that program with an API on top. Compared with Tax1099, its closest competitor, TaxBandits leans toward being a single API for both verification and filing, where Tax1099 competes more aggressively on per-form price.

What did we build?

We built a single real-time check and reused it at every point where the platform takes a number it will later depend on. The same InstantTINMatch call runs at sign-up for the primary applicant, again when the record is finalized, and for each person during onboarding, including a second applicant on the same account, where the Continue button waits for a match.

WHERE THE CHECK RUNS At sign-up Primary applicant's SSN At record finalization Re-check before commit During onboarding Each applicant, incl. a second on one account InstantTINMatch One real-time call: TINType, TIN, Name ONE INTEGRATION IRS records Authoritative name/TIN One IRS-authorized integration and one cached access token serve every check point, and extend to W-9 collection, 1099 e-file, and bulk TIN matching.

One integration, reused at every point a number enters the system.

The auth handshake

TaxBandits uses OAuth 2.0 with JWT-based authentication: you compose a signed token from your API credentials, exchange it for an access token, and send that token as a Bearer header on every call. According to the TaxBandits developer docs, the access token is valid for 60 minutes. We cache it with a buffer before expiry, so the vast majority of checks skip the auth round trip and go straight to the match.

// Cache the 60-minute access token; refresh just before it expires.
async function getAccessToken(): Promise<string> {
  if (cached && cached.expiresAt - Date.now() > 60_000) {
    return cached.token;
  }
  const token = await taxBandits.auth(); // signed JWT -> access token
  cached = { token, expiresAt: Date.now() + 60 * 60 * 1000 };
  return token;
}

The real-time call

The check itself is one request carrying the entity type, the number, and the name to match against. The payload is small and the response is one of a short set of outcomes.

{
  "TINType": "SSN",
  "TIN": "***-**-1234",
  "Name": "Jane Q. Public"
}

Validation that lives in the form

On the front end, the SSN field validates as the user types. The call is debounced so it is not firing on every keystroke, and results are cached so re-checking the same value is free. The field shows a spinner while it checks, then a green check on a match or the IRS error message on a mismatch. The flow from keystroke to result is below.

REQUEST SSN field Browser form Debounced + cached Platform backend Signed JWT to access token 60-min TTL, cached TaxBandits API InstantTINMatch, Bearer token TINType, TIN, Name IRS records Name + TIN checked together RESPONSE one of three outcomes, surfaced in the form Match Field shows a green check. Where a match is required, Continue unlocks. On hold IRS briefly unavailable (up to 36h in production). Treated as a pass; webhook completes the match. No-match Field shows the IRS error. On record finalize it is logged for follow-up, not hard-blocked. match · no-match · on hold

Keystroke to result: one cached token, one call, three outcomes.

Three outcomes, two of which pass

TaxBandits returns one of three results: a match, a no-match, or an "on hold" status, which the docs describe as the IRS system being intermittently unavailable. We treat both a match and an on-hold as a pass, because an on-hold is an IRS hiccup rather than a bad number, and only a definitive no-match is a failure. When a record is finalized, a no-match is logged for follow-up rather than hard-blocking the person, so an edge case never traps a legitimate user. The design rule throughout was to catch real problems without making IRS availability the user's problem.

Where did TaxBandits TIN matching excel?

TaxBandits real-time TIN matching excels at timing: it catches a mismatched name and SSN in the form, not months later at filing season. That moves a whole class of errors from "discovered late" to "fixed on entry," and because the check is the same one the IRS uses to generate CP2100 notices, a clean match in onboarding strongly signals the record will not bounce later.

The 60-minute cached access token also paid off operationally. Once warmed, almost every check is a single network call rather than two, which keeps the field responsive under the debounce window and avoids hammering the auth endpoint. Caching repeated values means a user editing other fields does not re-trigger a paid check on a number that already passed.

Finally, scope discipline made the integration cheap to trust. We wired up one endpoint, mapped three response states to clear UI, and shipped. Because TaxBandits is a full e-file provider, the same authenticated integration is a foothold into W-9 collection, 1099 filing, and bulk matching later, so the narrow start did not paint us into a corner. Key takeaway: a tightly scoped real-time check delivered most of the compliance value with very little surface area.

Where did it struggle?

The biggest surprise is that real-time TIN matching is not self-serve. The TaxBandits docs are explicit that the InstantTINMatch service "is available only to a limited number of users based on the business use case," and you have to email their developer team with your use case, estimated volume, and usage before it is switched on. A team that assumes it can sign up and start matching the same day will hit that wall, so we built the sandbox integration first and treated production access as a lead-time item.

The on-hold path is the other sharp edge. An IRS outage does not fail fast: TaxBandits completes the match later by webhook, and that delay can reach up to 36 hours in the live environment. Treating on-hold as a pass keeps users moving, but it means a number that is briefly unverifiable can slip through, so we log every on-hold and re-check it rather than assuming it resolved. Token expiry, rate sensitivity, and the interactive-versus-bulk latency split (instant versus 24 to 48 hours) all have to be handled explicitly, or the form either stalls or silently drops checks. And TIN matching is not identity verification: a matched name and SSN can still belong to someone other than the applicant, so it does not remove the need for KYC.

What else does the same integration unlock?

Because the platform is already authenticated against an IRS-authorized e-file provider, several capabilities are extensions of the existing integration rather than new vendors to onboard. None of this is built yet; it is where the same foundation could go.

same API · same auth IN PRODUCTION TODAY Real-time IRS TIN match SSN / EIN · checked in onboarding ALSO AVAILABLE · SAME INTEGRATION W-9 collection Request & auto-TIN-match payees 1099 e-file + distribution Federal, state & recipient copies 1099 Transaction API Track payments, auto-build forms Bulk TIN matching Validate a whole roster at once 94x · W-2 · ACA Payroll & broader filing BOI reporting Beneficial-ownership filings

What is live today, and what the same authenticated integration could grow into.

TaxBandits can request and collect W-9s from payees, TIN-match them automatically on submission, then e-file the resulting 1099s with the IRS and over 30 states and distribute recipient copies. Its 1099 Transaction API records vendor payments through the year and builds the right forms at year end instead of reconciling every January. Bulk TIN matching validates a whole roster in the background, and the same API reaches 94x payroll forms, W-2s, ACA reporting, and beneficial-ownership (BOI) filings.

What are the alternatives to TaxBandits?

The two serious alternatives we weighed were Tax1099 and the IRS e-Services tool, with Track1099 as a lighter option. Tax1099 is the closest competitor and the price leader: per-form rates from about $0.68 and flat annual plans (a free Essential tier, eFile Plus at $249 per year, and Enterprise at $349 per year), with its own real-time and bulk TIN matching API. We leaned to TaxBandits mainly for the single-API breadth across verification, W-9s, and filing, but Tax1099 is a strong choice when per-form cost dominates.

The free option is the IRS On-Line TIN Matching tool itself. It is authoritative and costs nothing, but it is a manual web application with no API, so it cannot be embedded in a signup form for real-time checks. Track1099 (now part of Avalara) offers TIN matching with a roughly 24-hour turnaround, which is fine for batch validation but not for in-form verification.

CapabilityTaxBanditsTax1099IRS e-Services
Real-time TIN match APIYes (approval required)YesNo
Bulk TIN matchingYes (24 to 48h)YesYes (manual upload)
W-9 collection + 1099 e-fileYes (30+ states)YesNo
Embed in a formYesYesNo
Pricing$0.80 to $2.75 per formFrom ~$0.68 per form; plans $0 to $349/yrFree
Best forOne API for verify + fileLowest per-form cost at volumeOccasional manual checks

Frequently asked questions

What is a B-notice?

A B-notice is the IRS CP2100 or CP2100A notice a payer receives when a name and taxpayer ID on a filed 1099 do not match IRS records. It obliges the payer to send the payee a W-9 request and, if the mismatch is not resolved, to start backup withholding at 24%. The IRS issues these notices twice a year, in October and the following April, which is why a TIN error caught in onboarding saves months of downstream rework.

Does TaxBandits offer real-time TIN matching?

Yes. TaxBandits validates a single name and TIN against IRS records instantly through its InstantTINMatch API. Access is gated, though: TaxBandits states the service is available only to a limited number of users based on the business use case, so you apply and describe your use case and expected volume before it is enabled on your account.

TaxBandits vs Tax1099 - which is cheaper for TIN matching?

Tax1099 generally has lower per-form pricing, advertised from about $0.68 per form against TaxBandits' $0.80 to $2.75 range, and it offers free and flat annual plans. Both bill TIN matching as an add-on. TaxBandits is the stronger fit when you want in-form real-time verification and filing on one IRS-authorized API; Tax1099 competes mainly on per-form cost at volume.

Is TaxBandits TIN matching free?

No. TaxBandits pricing is pay-per-form and TIN matching is billed separately from filing. The only genuinely free option is the IRS e-Services TIN Matching tool, but it is a manual web application with no API, so it cannot power real-time checks inside a product.

How long does a TaxBandits TIN match take?

An interactive InstantTINMatch check returns in real time, subject to IRS availability. When the IRS service is briefly down, TaxBandits returns an on-hold status and finishes the match later by webhook, which can take up to 36 hours in production. Bulk TIN matching, used for whole rosters, returns within 24 to 48 hours.

How accurate is IRS TIN matching?

It is authoritative for what it checks: the name and TIN are compared against the same IRS database that later flags mismatches, so a match means the IRS recognizes that exact pairing. It does not verify identity, detect fraud, or confirm the person is who they claim to be, so pair it with KYC rather than relying on it alone.

Related research and services

We built this verification flow as part of our fintech API integration work, and the cached-token auth layer sits in the same backend and cloud practice that handles the platform's other third-party connections. For a fuller build in the same space, see our tax-management automation case study. If you are weighing a similar integration, scope a TIN-matching build with us.

This is one of a set of fintech integration studies. See how we approached bank account verification with Yodlee for payouts, identity verification with Didit at onboarding, knowledge-based authentication with EVS for step-up checks, embedded e-signatures with Inkless for agreements, and a self-service CMS with Keystatic for a SaaS marketing site.

Sources and further reading

Your next project?

Whether it's an internal tool for your company or a highly available Software-as-a-Service - we help you to get your ideas off the ground!