SOURCE: Cenzic

March 25, 2008 07:00 ET

Beware Tax Filers - Top Five Electronic Tax Filing Dangers

Leader in Web Application Security Offers Checklist for Consumers Filing Taxes Online

SANTA CLARA, CA--(Marketwire - March 25, 2008) - With the tax deadline looming, Cenzic Inc., a leading provider of application security vulnerability assessment and risk management solutions, today alerted consumers of the top five security related issues they face when filing taxes online. The IRS received approximately 47 million returns as of Feb. 22, 2008, and of those returns, 38 million were filed electronically, up 5 percent from the 2007 filing season. With e- filing at an all time high, consumers need to know what's at stake and what they can do to protect themselves.

"With the amount of sensitive personal information contained in a tax return -- spouses' names, addresses, social security numbers, bank account numbers -- today's sophisticated hackers seek ways to access this information," said John Weinschenk, CEO and president of Cenzic, Inc. "There are misconceptions that technologies such as SSL indicate that a Web site is safe, when in fact it is not. While large companies have taken significant measures to secure their sites, the fact remains that there are holes hackers can exploit, and personal information can be compromised unless proactive measures are taken."

According to Cenzic, the top five security issues online tax providers don't want consumers to know are:

# 1 - Security Seals provide a false sense of security

Most of the seals on Web sites provide a false sense of security. These seals do not certify the application as secure, they authenticate the server it's connecting to. For example, a Secure Socket Layer (SSL) function certifies that the server the browser is talking to is the genuine site and provides encryption of data being transmitted. These seals have a valid purpose and do provide some level of security. However, hackers still come through forms and fields that consumers use, to exploit the applications underneath.

# 2 - Privacy policy doesn't imply security

Although privacy policy is important to ensure companies don't share personal information with third parties or send spam emails, it does not provide security for information stored in databases and applications. Most consumers assume that by having a privacy policy, companies are guaranteeing that their information will be secure from hackers. This is not true.

# 3 - Servers in a locked facility doesn't stop hackers

Many online tax service providers tout their physical security, stating that servers are secured in a locked facility. While important, it doesn't prevent hackers from accessing servers via the Web site, getting into the database, and stealing information.

# 4 - Sessions don't always expire

Many online tax filers mistakenly believe that after they access a Web site, enter their user ID and password, and complete their return, they are done. But, if they didn't log out of the site, that session might still be active and its contents easily be stolen by hackers. Although more and more sites are cognizant of this issue and are making sure that sessions expire, some sites may still be vulnerable. Consumers need to be sure they log out of the site and close the browser.

# 5 - Online tax providers are not liable for anything

Read the fine print in the terms. Almost all of these providers, including the big ones, have a disclaimer for security, which is limited to the amount paid for their software or services -- in the case of online tax providers, this could be as little as $14.95 or $29.95. There is no liability for personal information that's stolen and used to create fake identities or hack into your bank accounts.

What Consumers and Businesses Can Do To Protect Their Personal Information

Cenzic helps consumers ask the right security questions of their online tax providers. "Ask your provider specifically what they are doing to secure their applications that sit underneath the Web sites," said Weinschenk. "This does not mean SSL or network firewalls, but Web applications. How secure are they? What are their processes to secure them? What happens if hackers get the information etc.? If nothing else, this will force the companies to start thinking about it."

Online tax providers can take proactive steps to ensure their customers are protected. Providers should do a thorough test of Web applications and find the vulnerabilities. Automated solutions are available, as both software and as Software as a Service (Saas), that can quickly identify a site's major security holes.

Cenzic provides next-generation vulnerability assessment and risk management solutions to enable organizations to stay on top of security threats while providing the most effective way to find the most "real," threats fast across all Web applications. Cenzic solutions include:

--  Cenzic Hailstorm -- A suite of software solutions used by enterprises
    of all sizes throughout their software development life cycle (SDLC) --
    from development to production stages -- to test for vulnerabilities in
    their Web applications;
--  Cenzic ClickToSecure -- A managed service (SaaS) with a remote
    assessment of customers' Web applications;
--  Assessment Methodology -- Consulting service for business process re-
    engineering of customers' application security processes.

For more information, please contact Cenzic at

About Cenzic

Cenzic is the next-generation Web application security assessment and risk management solutions leader. The Cenzic suite of application security solutions fits the need of any company from remote, Software as a Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise. Always an innovator, Cenzic has integrated Hailstorm with VMware to enable testing of production Web applications through virtualization -- making Cenzic the only company in the industry with a complete solution for assessing Web applications in all stages from development to production. In addition, Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry, empowering organizations to stay on top of unrelenting application security threats.

Contact Information

  • Contact Information:
    Tami Casey
    Kulesa Public Relations/ for Cenzic
    (650) 340-1984
    Email Contact