What’s the difference between SSN, ITIN and EIN?

SSN — U.S. individuals; ITIN — non-U.S. individuals with U.S. tax nexus; EIN — U.S. entities. All are 9 digits, but formatting and issuance rules differ.

Do we store TINs with hyphens?

Store digits only for matching, render with standard hyphenation on output (SSN/EIN). This prevents rejects caused by formatting artifacts.

How do we reduce name/TIN mismatches?

Normalize legal names, keep a name-control field for entities, align W-8/W-9 with KYC, and avoid using trading/DBA names as legal names in reporting.

What evidence should we keep?

Form images, normalized values, change logs, exception closures, and reporting receipts. Keep in a central dossier with stable paths and retention policy.

U.S. TIN collection & formatting for FATCA — name/TIN hygiene, common reject patterns & validation tips

Clean U.S. Taxpayer Identification Numbers (TINs) are essential for FATCA due diligence and reporting. This guide shows how to collect the right TIN type, apply formatting/validation, avoid common reject patterns, and keep reviewer-ready evidence.

Scope: U.S. TINs for FATCA onboarding, GIIN/treaty alignment, and reporting (Form 8966 / local IGA; interplay with 1042-S). Covers SSN, ITIN, EIN; formatting rules; validation tips; evidence.

1) TIN types & when they apply

TIN type	Who uses it	Pattern (basic)	Notes
SSN	U.S. individuals	AAA-GG-SSSS (9 digits)	No zeros in the full 9-digit sequence; avoid known invalid prefixes.
ITIN	Non-U.S. individuals with U.S. tax nexus	9XX-7X-XXXX / 9XX-8X-XXXX / 9XX-9X-XXXX	Always begins with 9; middle two digits in ranges 70–88, 90–92, 94–99 (modern ranges).
EIN	U.S. entities (and some trusts/estates)	XX-XXXXXXX (9 digits)	Two-digit prefix + seven digits; hyphen after first two digits.

Collect the TIN type alongside the number to apply the right validation rules and downstream mappings.

2) Formatting & basic validations (that catch 80%)

Digits only + canonical display: store numeric digits; display with standard hyphen formats (SSN/EIN). ITINs display like SSNs but begin with 9.
Length checks: exactly 9 digits for SSN/ITIN/EIN (no spaces, no letters).
SSN sanity: reject obvious invalids (e.g., all zeros; 000-XX-XXXX; XXX-00-XXXX; XXX-XX-0000).
ITIN sanity: must start with 9; range checks for the 4th–5th digits (modern allocations).
EIN hyphen rule: presentational hyphen after two digits; store digits only for matching.
Name control hygiene: for entities, normalize legal name (no punctuation noise) for consistent records matching.

If your onboarding system can’t enforce rules, create a TIN normalizer (strip symbols; validate pattern; re-render).

3) Name/TIN matching — practical tips

Source of truth: take the legal name from registration/KYC; keep trading/DBA as alias for lookups.
Normalization: upper-case, remove punctuation (&, ., ,), normalize spaces; keep a name-control field for entities.
Consistent capture: ensure W-8/W-9 name fields match KYC; avoid abbreviations in one place and full names in another.
Audit trail: store the form image and the normalized values; log who performed changes and when.

4) Common reject patterns (and quick fixes)

Reject pattern	Likely cause	Fix
Wrong TIN type (e.g., ITIN entered for entity)	No TIN-type field; UI doesn’t distinguish	Capture TIN-type; enforce form-type ↔ TIN-type rules
Hyphen/space artifacts	Stored with formatting; downstream expects digits only	Store digits only; render view with format on output
Name mismatch vs form/KYC	DBA captured as legal; punctuation/case differences	Normalize; keep alias map; align W-8/W-9 with KYC legal name
All-zero or invalid SSN blocks	No sanity checks; manual input error	Add rule checks; reject obvious invalids at entry

5) Controls & evidence (what reviewers expect)

Data entry rules documented; UI validations or helper scripts in place.
Normalization service (digits-only store; formatted display) with versioned logic.
Exception queue for missing/invalid TINs with owners & due dates; evidence of outreach.
Renewal/change flow ties into W-8/W-9 lifecycle and corrections processes.
Dossier artifacts: copies of forms, change logs, exception closures, and reporting receipts.

6) Quick technical appendix (regex & display rules)

# Store: digits only (strip whitespace, dashes)
# Display:
#   SSN: NNN-NN-NNNN
#   ITIN: NNN-NN-NNNN (must start '9'; positions 4-5 in ranges 70–88, 90–92, 94–99)
#   EIN: NN-NNNNNNN

# Basic regex (language-agnostic)
SSN/ITIN digits only: ^\d{9}$
EIN digits only:      ^\d{9}$
EIN display:          ^\d{2}-\d{7}$

# Simple SSN sanity (reject obvious invalids)
- Not allowed: 000-xx-xxxx, xxx-00-xxxx, xxx-xx-0000
# ITIN sanity
- Must start with 9; digits 4-5 in 70–88, 90–92, 94–99

TIN hygiene starter kit
Validation checklist + exception queue template + comms snippets for clients.

Request templates