Question

Go to (www.irs.gov) and search for IRS e-file security.  Required:

(1) Look at the facts (list two) that the IRS cites about why e-filing is secure.

(2) What (list two) about these practices makes the customer’s information secure?

(3) List two potential improvements that you feel could be made to e-filing security.  

Answer 1

1) IRS cites that they have mandated six (6) security, privacy, and business standards to better serve taxpayers and protect their information collected, processed and stored by Online Providers of individual income tax returns.

They say filing is secure because:-

a) Extended Validation SSL Certificate
Online Providers of individual income tax returns shall possess a valid and current Extended Validation Secure Socket Layer (SSL) certificate using SSL 3.0 / TLS 1.0 or later and minimum 1024-bit RSA / 128-bit AES. Any provider having invalid SSL will not be able to file tax return.

b) Public Domain Name Registration

This standard applies to Online Providers of individual income tax returns that own or operate a Web site through which taxpayer information is collected, transmitted, processed or stored. These Online Providers shall have their Web site’s domain name registered with a domain name registrar that is located in the United States and accredited by the Internet Corporation for Assigned Names and Numbers (ICANN). The domain name shall be locked and not be private.

2) The following two practices makes the customer's information secure:-

a) Information Privacy and Safeguard Policies

This standard applies to Online Providers of individual income tax returns that own or operate a Web site through which taxpayer information is collected, transmitted, processed or stored. These Online Providers shall have written information privacy and safeguard policies consistent with the applicable government and industry guidelines. In addition, these Online Providers shall acquire, maintain, and display a license/accreditation seal from a consumer protection and privacy seal vendor acceptable to the IRS. TRUSTe and BBBOnLine are vendors acceptable to the IRS for the purposes of this requirement.

b) Public Domain Name Registration
This standard applies to Online Providers of individual income tax returns that own or operate a Web site through which taxpayer information is collected, transmitted, processed or stored. These Online Providers shall have their Web site’s domain name registered with a domain name registrar that is located in the United States and accredited by the Internet Corporation for Assigned Names and Numbers (ICANN). The domain name shall be locked and not be private.

3) The following two potential improvements can be made to make e-filing more secure:-

a) LOGIN ID and Password

The website should provide a sign in option to the e-filing individual which should have SSN as the login ID and password as he wants so that no one else from any other system login to his account to file the tax return.

b) One Time Password

The mobile number and e-mail id of the taxpayer should be registered with the IRS. And whenever the taxpayer wants to file his tax return, he gets a one time password on the registered cellphone and e-mail id. And once he enters the same, then only he can file the return.