The Online Trust Alliance (OTA) evaluated 13 “free” e-file tax sites recommended by the IRS against both their own rigorous standards and the IRS’s less stringent security measures. OTA categorized the sites into two groups: Honor Roll or Failed. Six sites, or 46% of those audited, failed OTA’s cybersecurity tests. One of the sites did not even meet the IRS’s own requirements.
OTA audited the 13 e-file tax sites shown above between February 2 and February 18, 2016. The sites were scored in three risk categories: consumer protection, site security and privacy. There were 100 points available in each category. Additional bonus points were awarded if a site had adopted emerging best practices. Penalty points were deducted for notable flaws. Sites were named to the Honor Roll if their combined score across the three categories was 80% or better and they did not score below 55 in any single category; sites Failed if their combined score was less than 80% or they scored less than 55 in any one of the categories. OTA did not provide scores for individual sites.
The Consumer Protection category covers email authentication and the adoption of technologies that are designed to protect the consumer from fraudulent email practices. One of the e-file domains was unlocked which could possibly lead to the site being hijacked and replaced by a fraudulent website. Four of the e-file sites did not use email authentication. Failure to use authentication exposes the consumer to phishing and other types of email fraud. The IRS recently reported that tax phishing and infection with tax-related malware have increased by approximately 400% this year.
Site Security covers server security, data encryption and protection from well-known security problems. Three e-file sites received failing scores for site security. The failures all stemmed from implementation of old security standards with known vulnerabilities or failure to implement upgraded security protocols.
OTA has made a good deal of information available for readers who wish to learn more. An hour-long video webinar on their e-file tax audit is available above. OTA has also provided a slide deck from the webinar, a detailed exposition of the methodology used in the audit, a PDF of the full report, and an infographic created by Digicert.
OTA reached out to the IRS offering assistance, recommendations, and detailed briefings on their findings. As of February 21, the IRS had not responded. If you file your taxes electronically using a “free” e-file tax service, be aware and be careful.