Jump to content
ATX Community

Problem emailing encrypted Tax Returns

Lee B

By Lee B
in General Chat

 Share

Recommended Posts

Lee B

Lee B

Posted
Posted

Yesterday one of my clients , before leaving on an overseas trip, asked to to email some of his tax returns to a bank where he has applied to refinance a loan. I used Adobe Acrobat to encrypt the

returns with a password and emailed them to the bank.

The bank sent back an email saying that their security software stripped the encrypted files

containing the tax returns (will not allow any encrypted files to enter their email server).

I am not comfortable sending the tax returns without encryption.

The bank's solution was to send me a link for "Cisco's Registered Secure Email Service."

It requires me to download some files, sign up as a registered user, then reply to

an email from the bank, then attach my encrypted files etc.

I understand the need for security, but this seems a bit over the top.

That is one of my better clients with multiple entities.

What would you do ?

Link to comment
Share on other sites
Guest Taxed

Guest Taxed

Posted
Posted

The Registered Secure E-mail system is very common with financial services industry, particularly brokerage houses. It is supposed to be very secure and reliable. One of my clients has a investment adviser that uses that. Basically they will send you a secure e-mail that allows you to log into their server, where you can attach your file to that e-mail response.

I have used it, takes a few extra steps but not terribly cumbersome.

Obviously if they can wait you could Fedex it overnight.

Link to comment
Share on other sites
Jack from Ohio

Jack from Ohio

Posted
Posted

Tell the client to find a bank with realistic people running their I.T. and security. Otherwise, fax, mail, UPS, Fed-Ex, etc.

Too many paranoid low information people in decision making positions concerning this kind of thing.

If a recipient can't receive my unencrypted file in an e-mail. I snail mail as the only other option.

Link to comment
Share on other sites
Guest Taxed

Guest Taxed

Posted
Posted

Sure, if you are trying to ditch your good client :wall:

Tell the client to find a bank with realistic people running their I.T. and security. Otherwise, fax, mail, UPS, Fed-Ex, etc.

Link to comment
Share on other sites
Vityaba

Vityaba

Posted
Posted

"Too many paranoid low information people in decision making positions concerning this kind of thing."

Do not agree - usually low information people do not make these decisions, they just follow procedures set by higher management.

What they requested makes sense as suggestred by Taxed

Link to comment
Share on other sites
Jack from Ohio

Jack from Ohio

Posted
Posted

"Too many paranoid low information people in decision making positions concerning this kind of thing."

Do not agree - usually low information people do not make these decisions, they just follow procedures set by higher management.

What they requested makes sense as suggestred by Taxed

Then snail mail, UPS or Fed-Ex are the only safe methods according to the paranoid low information people in management positions making policies about this kind of thing.

Please show me documentation of a single e-mail being captured between the sender and receiver and the information being hacked?

Link to comment
Share on other sites
Guest Taxed

Guest Taxed

Posted
Posted

Financial institutions have to make sure they follow Sarbanes-Oxley (SOX) regulations and most of them if not all have some sort of secure e-mail system. I remember a place I used to work was struggling with the expense but they finally got Tumbleweed secure e-mail, because their attorney told them the liability would be 10 times the cost of the software.

You don't wait till one of your sensitive e-mail is hacked to take precautions. That would be a plaintiff's dream!

Link to comment
Share on other sites
Jack from Ohio

Jack from Ohio

Posted
Posted

Financial institutions have to make sure they follow Sarbanes-Oxley (SOX) regulations and most of them if not all have some sort of secure e-mail system. I remember a place I used to work was struggling with the expense but they finally got Tumbleweed secure e-mail, because their attorney told them the liability would be 10 times the cost of the software.

You don't wait till one of your sensitive e-mail is hacked to take precautions. That would be a plaintiff's dream!

Please show me an example of an e-mail being intercepted and hacked between sender and recipient? No one has been able to show that.

It is an irrational fear that I will not play into.

There are insurance companies that sell policies that cover meteor strikes. I don't have that coverage for the same reason I speak of not encrypting e-mail.

Security on the sender and recipient's end is their responsibility. I have my end covered extensively. It is not my place to spend time and resources so the recipient does not have to secure their systems.

Still waiting on the example....

Link to comment
Share on other sites
Gail in Virginia

Gail in Virginia

Posted
Posted

http://serverfault.com/questions/201479/does-anyone-have-real-life-examples-of-e-mail-being-intercepted

This is an example, but not likely to be a problem in the settings we normally use since it is an “end point” hack using an unsecured wireless transmission, such as to or from a coffee shop or hotel wireless internet location. If you use a laptop for taxes and send emails regarding taxes from your hotel room or other such internet settings, this might be a problem.

The only other example I am aware of is that of the NSA capturing emails both at home and abroad. I doubt a commercially available encryption program will stop the NSA if they really want to read your email.

Link to comment
Share on other sites
Jack from Ohio

Jack from Ohio

Posted
Posted

http://serverfault.com/questions/201479/does-anyone-have-real-life-examples-of-e-mail-being-intercepted

This is an example, but not likely to be a problem in the settings we normally use since it is an “end point” hack using an unsecured wireless transmission, such as to or from a coffee shop or hotel wireless internet location. If you use a laptop for taxes and send emails regarding taxes from your hotel room or other such internet settings, this might be a problem.

The only other example I am aware of is that of the NSA capturing emails both at home and abroad. I doubt a commercially available encryption program will stop the NSA if they really want to read your email.

Those are all examples of endpoint hacking. The NSA captures their information from the e-mail providers. (again, endpoint) No examples of someone "intercepting" an e-mail... If the person I send it to does not have proper security protocols in place to protect the information in their systems, that is not a reason for me to send encrypted files.

Link to comment
Share on other sites
Jack from Ohio

Jack from Ohio

Posted
Posted

http://en.wikipedia.org/wiki/Email_privacy

Wikipedia talks about what you can expect for e-mail privacy.

When I send the pdf of a return I encrypt it and send the password separately either as a txt message or voice mail.

I would not have expected anything else from you. You bought into the paranoid baseless irrational fear.

Still waiting for the example of an e-mail being "intercepted."

Link to comment
Share on other sites
jklcpa

jklcpa

Posted
Posted

For the OP and anyone else that might be sending sensitive documents, it doesn't matter whether or not anyone here can provide an example of email hacking or not. The OP asked about emailing the returns to the bank, and he will either have to work within the bank's email requirements or send a paper copy using an expedited service.

Link to comment
Share on other sites
Guest Taxed

Guest Taxed

Posted
Posted

While we were debating encryption, the NSA is marching forward to read all it can:

The National Security Agency is reportedly racing to build a computer that will be able to break almost every kind of encryption used to protect medical, banking, business and government records around the world.

According to documents provided by NSA whistle blower Edward Snowden, a $79.7 million research program titled “Penetrating Hard Targets” includes a project to build a “cryptologically useful quantum computer” – a machine considerably faster than classic computers, The Washington Post reported Thursday

The implications of the NSA building a quantum computer are far reaching. Such a machine would open the door to cracking the strongest encryption tools in use today, including a standard known as RSA that scrambles communications and make them impossible to read for anyone except the intended recipient. RSA is commonly used in Web browsers for encrypted emails and secure financial transactions.

The development of such a machine has long been a goal of many in the scientific community, and would have revolutionary implications for fields like medicine as well as for the NSA’s code-breaking mission.

The NSA reportedly sees itself as in a race with European Union and Swiss sponsored quantum computing labs.

“The geographic scope has narrowed from a global effort to a discrete focus on the European Union and Switzerland,” one NSA document says, according to the Washington Post.

The Snowden documents also indicate that the NSA has been carrying out a part of its research in large shielded rooms designed to prevent electromagnetic energy from leaking. The rooms are required in order to keep quantum computing experiments running.

Click for more from The Washington Post.

Link to comment
Share on other sites
jshtax

jshtax

Posted
Posted

If you block out the SS # does it really matter if the return is encrypted or not? I am assuming this is an identity theft issue. Most lenders just want the return from client as a starting point and end up requesting an official copy from IRS at a later point to verify data provided by taxpayer matches what was filed.

Link to comment
Share on other sites
Guest Taxed

Guest Taxed

Posted
Posted

That is more work (and risk) to try to block out every instance of SS# or other identification on tax returns.

It is much quicker to encrypt it and send it on its way!

Lenders may get a transcript further down the loan underwriting process, but the issue most people face is time because they want to lock in that rate ASAP and without a valid submission that is not possible.

I have had clients pick up a fresh copy of their return at night to drop it off at the bank first thing in the morning.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...