Six of 13 IRS-approved free e-filing services Web sites failed in taking steps to help protect consumers from fraudulent and malicious e-mail, according to a recent audit.

The Online Trust Alliance’s 2016 IRS Free E-File Audit & Honor Roll report evaluates the privacy, security and consumer protection practices of the sites by assessing nearly 50 criteria, standards and internationally accepted privacy practices. The sites that performed specifically well received the honor roll status.

The OTA evaluated the IRS-approved e-filing sites using both its industry-developed methodology and the IRS’s security and privacy mandated standards. Seven sites scored high in all areas of the audit, five failed due to poor consumer protection, and three failed for their site security. Most failing sites did not properly authenticate e-mail addresses, which leaves consumers open to spear phishing and malicious e-mail scams, OTA said.

Based on the IRS security mandates for these tax providers announced in 2010 and updated in 2015, one provider was out of compliance for failing to adopt extended validation SSL certificates, safeguards for assuring a Web site owner’s identity to help prevent spoofing and fraud. Other providers were out of compliance for failing to provide adequate third-party audits of their privacy policy and Web activities, implement anti-botnet protection for fraudulent account signups, and regularly scan their sites for SSL vulnerabilities.

The OTA has been in contact with the IRS regarding the findings. “The failure rate of over one-third should concern customers and the IRS,” said OTA executive director and president Craig Spiezle.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access