IRD goes online for fast taxpayer communication

By RICHARD WOOD

The IRD has begun communicating with the public through a "secure email" service.

Rather than sending and receiving emails across the public internet, users access the Online Correspondence service by logging on to the IRD's server. It is encrypted using 128-bit encryption.

The service is based on the ir-File infrastructure, and users of ir-File can use their existing passwords.

Colin MacDonald, general manager of business development and services, said all messages were stored in a database on a secure server protected by firewall and intrusion detection systems.

There is, however, a weak link: the IRD sends ordinary emails to notify customers that they have emails waiting.

Two weeks ago a fake hyperlink in a fraudulent email sent unsuspecting Commonwealth Bank of Australia NetBank customers to a fake site where their usernames and passwords were collected.

MacDonald said the IRD never put hyperlinks in its emails. The system used digital certificates from VeriSign, he said, and the IRD advised users that if the browser said the certificate was not recognised they were not at the IRD site.

People can check the certificate by double clicking on the padlock icon at the bottom of the browser.

The IRD is targeting its secure email system at tax agents and other customers with whom it is in regular contact, but it is also available to the general public and is said to be quicker and cheaper than the post.

MacDonald said the IRD regularly backed up the email database and the infrastructure was duplicated to maximise availability.