Six of 13 IRS-approved free e-filing services Web sites failed in taking steps to help protect consumers from fraudulent and malicious e-mail, according to a recent audit.
The Online Trust Alliance’s
The OTA evaluated the IRS-approved e-filing sites using both its industry-developed methodology and the IRS’s security and privacy mandated standards. Seven sites scored high in all areas of the audit, five failed due to poor consumer protection, and three failed for their site security. Most failing sites did not properly authenticate e-mail addresses, which leaves consumers open to spear phishing and malicious e-mail scams, OTA said.
Based on the IRS security mandates for these tax providers announced in 2010 and updated in 2015, one provider was out of compliance for failing to adopt extended validation SSL certificates, safeguards for assuring a Web site owner’s identity to help prevent spoofing and fraud. Other providers were out of compliance for failing to provide adequate third-party audits of their privacy policy and Web activities, implement anti-botnet protection for fraudulent account signups, and regularly scan their sites for SSL vulnerabilities.
The OTA has been in contact with the IRS regarding the findings. “The failure rate of over one-third should concern customers and the IRS,” said OTA executive director and president Craig Spiezle.
