As your grandmother was doubtlessly fond of saying, you get what you pay for.
Hence the revelation by the Online Trust Alliance (OTA) that almost half of 13 “free” E-File tax sites recommended by the IRS fail OTA’s rigorous security testing. One actually also failed by the IRS’ less stringent requirements.
The sites were scored in three categories: consumer protection, site security and privacy, with 100 points possible in every category. Bonus points could be won, and notable flaws caused deductions. Making the “honor roll” required a combined score of 80 percent or better across all three categories without scoring below a 55 in any individual category. OTA did not report individual site scores.
The areas of particular concern were in authentication. Four of the sites tested did not authenticate accounts via email, which is highly correlated with phishing scams (which have been on the rise this year by a reported 400 percent.) Site security also coughed up many problems with encryption or protection from known threats. Three sites failed for this category, with all failing due to implementation of old security standards or failure to upgrade to new and more modern protocols.
Privacy did not see any massive failure, though OTA did note that all sites it surveyed share data with third-party marketers.