When onboarding a new payable vendor, send them a W-9 collection link via a compliant e-signature or tax form platform (such as Docusign, HelloSign, or a dedicated TIN collection service)
Upon form completion, extract the legal name, TIN (SSN or EIN), entity type, and certification signature from the returned document
Store the TIN in encrypted form in your vendor database, recording the date of collection and the form version
Run the TIN through IRS TIN Matching (available via the IRS e-Services portal) before the first payment to confirm the name-TIN combination is valid
Set a reminder to re-collect a W-9 if the vendor's legal name or TIN changes, or if you receive an IRS B-Notice for that payee
Known gotchas
The IRS TIN Matching program is only available to payers enrolled in IRS e-Services and is a bulk or interactive service — there is no public REST API; do not attempt to programmatically scrape or automate e-Services login
Foreign vendors should provide W-8BEN (individuals) or W-8BEN-E (entities) instead of W-9; the withholding rules and form requirements differ significantly and the forms must be re-collected every three years
Storing unencrypted SSNs in a database violates most data-security frameworks (PCI-DSS, SOC 2) and many state privacy laws; always encrypt at rest and restrict access to the cleartext TIN
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp