Security questions raised over e-filing

The internet-based tax project for companies will go live on 6 April.

However, Nigel Hickson, head of ebusiness at the CBI said: ‘It is a lost opportunity. Passwords are not secure. The technology for e-certificates and e-signatures does exist, with UK companies manufacturing and using the technology.’

‘For some time we have been saying that businesses need to authenticate themselves. We need Public Key Infrastructure. With a simple password integrity is at stake. Anyone can get to know it if they are determined enough,’ he added.

These security fears were echoed by Neil Barrett, technical consultant at security firm Information Risk Management. ‘I would be very nervous to use the service if I was a company. Passwords can be cracked, spoofed, copied and used by other people. If the password is sent to you unencrypted then the system is open to fraud, criminal activity and mischief,’ he said.

But a Revenue spokesman denied the system was insecure. ‘There will be stringent security measures in place. Data files containing all registered user information will be stored behind a multi-level array of firewalls,’ he insisted.

The security procedures for corporates will be the same as existing measures for individual electronic tax payers, where users log on to the site and register before receiving a unique user ID through the post. Users are then able select their own passwords for logging on to the system.

Companies will only be able to use the internet for their end of year returns for 2000/2001, but they will receive a £50 discount for using the online service. They must first log on to the tax website and use the registration service based on their tax reference numbers.

The initiative ‘is not going out in a blaze of publicity until we have gauged the initial response,’ said the Inland Revenue spokesman.


Revenue to axe self-assessment CD

Revenue hopes plan will boost e-filing

Self-assessment fails to attract

Related reading