Security has been a priority at FileYourTaxes.com since it launched 10 years ago, but with phishers targeting online tax filing, the company went on the offensive.
The Oxnard, Calif.-based company is making it a priority to educate its customers about how not to be victimized by phishing through a variety of methods, including emails and during its filing process, as well as with technology.
FileYourTaxes.com puts an emphasis on educating customers about the importance of securing their tax returns. For example, it recommends that users not store tax documents in PDF files on their computers. Other messages warn users not to open email attachments, and remind them that the company will never send attachments via email. The company also launched an email-validation service that sends customers a validation code so that company's emails arrive legitimately in their inboxes instead of a spam file.
The educational efforts complement the company's back-end security, which he declined to describe but said in general it includes a combination of automated and human-supervised monitoring systems. The company's network and servers are designed to promote security, as are internal controls and procedures for employees and data access.
On the technology side, the company deployed Extended Validation (EV) SSL certificates from VeriSign Inc. The offering turns Internet Explorer 7 users' address bar green, signaling to customers that they are dealing with a legitimate site, not a phony one used by criminals to steal data.
"We're being vigilant on the technology side," Taluy said, "but also more importantly, in educating consumers and EV SSL is part of that process."
It's a bit early to gauge customer response to the EV SSL certificates, Taluy said, but the green address bar appears to be grabbing their attention and letting them know they're dealing with a trusted site. He added that the EV SSL also helps to differentiate FileYourTaxes.com from the 18 other online tax preparation companies listed in the Free File Alliance on the IRS's website.
"When it comes to taxes," Taluy said, "people want it easy, they want it inexpensive, and they want to make sure their information is secure." He added, EV SSL helps build trust with users, which is essential to its business and in the financial services industry in general.
Right now only IE7 users can see the visual assurances that EV SSL provides. Mozilla Foundation has said Firefox 3 will support EV SSL by the time it reaches general availability, said Tim Callan, VeriSign vice president of SSL marketing. Studies by other VeriSign EV SSL certificate customers have shown that customers "really do respond in a measured way to the presence of the green bars," he said.
In addition to a green address bar, browsers with support for EV SSL also display the name of the organization that owns the site and the name of the certificate issuer to the right of the URL. FileYourTaxes.com uses its filing process to advise customers to look for the green address bar.
The combination of education and technology is key, since there are plenty of opportunities for attackers to exploit confusion in the tax-filing process. For example, after a taxpayer files a return, the IRS will sometimes respond with a request for additional information. The company tells users if they receive an email from the IRS asking for more information, they should make sure when they log on to the site to look for the green address bar and other security information provided by the EV SSL certificate, to ensure they are accessing a valid site. (See sidebar for IRS and other tax-related scams.)
Taluy said FileYourTaxes.com is considering adding ScanAlert's Hacker Safe website security-certification service. ScanAlert, which was bought by McAfee Inc. last fall, provides a vulnerability-assessment service and certifies websites with its Hacker Safe trust mark. The company already participates in the Better Business Bureau's BBBOnLine Privacy Seal Program.