Filing corporate and individual tax returns electronically is becoming more popular and in some cases required.
However, there are pitfalls that must be addressed by filers to insure data is protected.
The top five security issues online tax providers don't want consumers to know according to Cenzic, an online risk assessment solutions firm are:
- Security Seals provide a false sense of security-Most of the seals on Web sites provide a false sense of security. These seals do not certify the application as secure, they authenticate the server it's connecting to. For example, a Secure Socket Layer (SSL) function certifies that the server the browser is talking to is the genuine site and provides encryption of data being transmitted. These seals have a valid purpose and do provide some level of security. However, hackers still come through forms and fields that consumers use, to exploit the applications underneath.
- Servers in a locked facility doesn't stop hackers-Many online tax service providers tout their physical security, stating that servers are secured in a locked facility. While important, it doesn't prevent hackers from accessing servers via the Web site, getting into the database, and stealing information.
- Sessions don't always expire-Many online tax filers mistakenly believe that after they access a Web site, enter their user ID and password, and complete their return, they are done. But, if they didn't log out of the site, that session might still be active and its contents easily be stolen by hackers. Although more and more sites are cognizant of this issue and are making sure that sessions expire, some sites may still be vulnerable. Consumers need to be sure they log out of the site and close the browser.
- Online tax providers are not liable for anything-Read the fine print in the terms. Almost all of these providers, including the big ones, have a disclaimer for security, which is limited to the amount paid for their software or services -- in the case of online tax providers, this could be as little as $14.95 or $29.95. There is no liability for personal information that's stolen and used to create fake identities or hack into your bank accounts.
"With the amount of sensitive personal information contained in a tax return -- spouses' names, addresses, social security numbers, bank account numbers -- today's sophisticated hackers seek ways to access this information," said John Weinschenk, CEO and president of Cenzic, Inc.
"There are misconceptions that technologies such as SSL indicate that a Web site is safe, when in fact it is not. While large companies have taken significant measures to secure their sites, the fact remains that there are holes hackers can exploit, and personal information can be compromised unless proactive measures are taken," he adds.
"Ask your provider specifically what they are doing to secure their applications that sit underneath the Web sites," said Weinschenk. "This does not mean SSL or network firewalls, but Web applications. How secure are they? What are their processes to secure them? What happens if hackers get the information etc.? If nothing else, this will force the companies to start thinking about it."
Weinschenk argues that online tax providers can take proactive steps to ensure their customers are protected. Providers should do a thorough test of Web applications and find the vulnerabilities. Automated solutions are available, as both software and as Software as a Service (Saas), that can quickly identify a site's major security holes.
Cenzic provides next-generation vulnerability assessment and risk management solutions to enable organizations to stay on top of security threats while providing the most effective way to find the most "real," threats fast across all Web applications.