Navigate This Site

Philip Ramsey Headlines

Saturday, March 2, 2013

Why is Canada Revenue Agency (CRA) promoting unencrypted web sites for netfiling?

Last year I started using FutureTax for preparing personal income tax for people. In previous years I used CanTax but got tired of their crappy applications that are proned to crashes.

This year, FutureTax changed the way they write their software so now, when more than one user account uses the software, they must be members of the administrator group. To me, this is a breach of computer security. So I went to the CRA web site to find certified tax software. This what I found - EFILE Certified Software for the 2013 program (2012 tax return).

The first company on the list appears to allow site users to fill out their tax return online. It looks really great and resembles the T1 tax form. Just do not expect your tax information to be private as the site is not encrypted. Even if the site was encrypted, it cannot be secured. Their login page is a farce. No encryption. Period.

The second company on the list provides the software to be installed on Windows computers. The software is free but to use it requires a license to be bought. Their shopping cart is not encrypted so buying from them will compromise your credit card. In fact the site violates US federal law and is no PCI-DSS compliant. They should be reported.

With the federal government's mandate a few years ago making companies and individuals liable for data compromise, why is the CRA promoting these two companies? The CRA needs to get their act together and weed out the companies that blatantly disregard the privacy and security of the taxpayer.
Enhanced by Zemanta

No comments:

Post a Comment