With the tax deadline looming, Cenzic Inc., a leading provider of application security vulnerability assessment and risk management solutions, today alerted consumers of the top five security related issues they face when filing taxes online. The IRS received approximately 47 million returns as of Feb. 22, 2008, and of those returns, 38 million were filed electronically, up 5 percent from the 2007 filing season. With e- filing at an all time high, consumers need to know what's at stake and what they can do to protect themselves.

"With the amount of sensitive personal information contained in a tax return -- spouses' names, addresses, social security numbers, bank account numbers -- today's sophisticated hackers seek ways to access this information," said John Weinschenk, CEO and president of Cenzic, Inc. "There are misconceptions that technologies such as SSL indicate that a Web site is safe, when in fact it is not.

While large companies have taken significant measures to secure their sites, the fact remains that there are holes hackers can exploit, and personal information can be compromised unless proactive measures are taken."

According to Cenzic, the top five security issues online tax providers don't want consumers to know are:

# 1 - Security Seals provide a false sense of security
Most of the seals on Web sites provide a false sense of security. These seals do not certify the application as secure, they authenticate the server it's connecting to. For example, a Secure Socket Layer (SSL) function certifies that the server the browser is talking to is the genuine site and provides encryption of data being transmitted. These seals have a valid purpose and do provide some level of security. However, hackers still come through forms and fields that consumers use, to exploit the applications underneath.

# 2 - Privacy policy doesn't imply security
Although privacy policy is important to ensure companies don't share personal information with third parties or send spam emails, it does not provide security for information stored in databases and applications. Most consumers assume that by having a privacy policy, companies are guaranteeing that their information will be secure from hackers. This is not true.

# 3 - Servers in a locked facility doesn't stop hackers
Many online tax service providers tout their physical security, stating that servers are secured in a locked facility. While important, it doesn't prevent hackers from accessing servers via the Web site, getting into the database, and stealing information.

# 4 - Sessions don't always expire
Many online tax filers mistakenly believe that after they access a Web site, enter their user ID and password, and complete their return, they are done. But, if they didn't log out of the site, that session might still be active and its contents easily be stolen by hackers. Although more and more sites are cognizant of this issue and are making sure that sessions expire, some sites may still be vulnerable. Consumers need to be sure they log out of the site and close the browser.

# 5 - Online tax providers are not liable for anything
Read the fine print in the terms. Almost all of these providers, including the big ones, have a disclaimer for security, which is limited to the amount paid for their software or services -- in the case of online tax providers, this could be as little as $14.95 or $29.95. There is no liability for personal information that's stolen and used to create fake identities or hack into your bank accounts.

What Consumers and Businesses Can Do To Protect Their Personal Information
Cenzic helps consumers ask the right security questions of their online tax providers. "Ask your provider specifically what they are doing to secure their applications that sit underneath the Web sites," said Weinschenk. "This does not mean SSL or network firewalls, but Web applications. How secure are they? What are their processes to secure them? What happens if hackers get the information etc.? If nothing else, this will force the companies to start thinking about it."

Online tax providers can take proactive steps to ensure their customers are protected. Providers should do a thorough test of Web applications and find the vulnerabilities. Automated solutions are available, as both software and as Software as a Service (Saas), that can quickly identify a site's major security holes.
Cenzic provides next-generation vulnerability assessment and risk management solutions to enable organizations to stay on top of security threats while providing the most effective way to find the most "real," threats fast across all Web applications.

For more information, please contact Cenzic at www.cenzic.com.