IRS's New Security and Privacy Standards Educate Taxpayers

New standards strongly encourage all online tax filing services to use extended validation SSL Certificates.

by / January 9, 2009

Death and taxes may be the only sure things in life, but the IRS is taking steps to help ensure that identity theft doesn't join that list. To protect an estimated 90 million taxpayers from phishing scams beginning with the upcoming 2009 filing season, the IRS is strongly encouraging all online tax filing services to safeguard their sites with Extended Validation (EV) Secure Sockets Layer (SSL) Certificates. A growing number of these services are already heeding the IRS standards by deploying EV SSL Certificates from VeriSign, the trusted provider of Internet infrastructure services for the networked world.

When Internet users equipped with the latest versions of the leading Web browsers visit a site protected by VeriSign EV SSL Certificates, the address bar on their browser turns green. The green address bar offers immediate reassurance that users have reached a site whose authenticity has been verified by a recognized SSL Certificate Authority such as VeriSign -- and not a fraudulent, copycat Web page created by identity thieves to steal sensitive personal data, including Social Security Numbers and credit card information.

More than 7,000 Web sites already rely on VeriSign EV SSL Certificates, including, a pioneer online tax filing service. "The IRS is doing taxpayers a favor by strongly encouraging EV SSL and other protections, because nothing is more important than knowing you're dealing with a legitimate provider of online tax filing services," said Timur Taluy, CEO of "As a part of our overall program to help educate our customers about conducting business safely on the Web, we deployed VeriSign EV SSL last season to further our commitment to providing safe and trusted services using advanced, proven technology."

Information on the IRS's new e-file security and privacy standards can be found at the Web site.

Five Tips for Spotting a Fraudulent Site

Nearly six of every 10 taxpayers filed online in 2008. Online filing is faster -- refunds are received in as little as 10 days -- and up to 20 times more accurate. And approximately 70 percent of taxpayers can prepare and file electronically for free when they enter through and use Free File to locate participating commercial service providers.

With millions of taxpayers headed online to file their returns, security experts say that consumers armed with the right information can easily tell a real Web site from a fraudulent one. "The thing that stands between consumers and identity thieves is a little education," said Tim Callan, vice president of product marketing at VeriSign. "Even taxpayers who aren't computer-savvy can determine if a tax filing site is legitimate or phony by spotting a green address bar. And the standards proposed by the IRS will help allow more taxpayers to 'see green.'"

Callan said when filing online, taxpayers should look for five visual cues:

  • Green address bar: Look for the green address bar and the company's name highlighted in green at the top of the browser.
  • https://: If the site's Web address begins with https://, that means information you share is encrypted against spying eyes on the Internet. If the page doesn't begin with https, it's not secure.
  • Padlock symbol: All popular browsers feature a lock icon somewhere in the interface to indicate pages where encryption is in place. To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself. 
  • Trust marks: Popular trust marks can indicate important things about an online business. Look for such marks as the VeriSign Secured Seal (online security and verified site identity), TRUSTe (customer data privacy), and the Better Business Bureau (business practices). 
  • Web address: Fake sites often employ Web addresses that appear as if they may be legitimate. Be suspicious of any site whose Web address contains the name of a well-known site in the latter part of the Web address. For example, if your favorite bank is located at, be wary of a site such as