• Expectations of users of our online services

    We take the security of taxpayer information and our systems very seriously. We expect users of our online services to adopt security practices that will minimise risk to our systems.

    We expect you to protect:

    • yourself
    • your business
    • your clients
    • the tax and superannuation system.

    If you access or use our online services, you are considered to have consented to the:

    • terms and conditions of the accessed service
    • online expectations relevant to you, your practice or your business
    • expectations as defined in the next paragraph.

    As an online user we expect you to:

    • keep your passwords, AUSkeys, login details and user IDs secure and don’t share these details with anyone
    • keep your registration details up to date
    • have the authority to use our online service
    • keep your operating system secure
    • use the online service for the purpose it is intended for
    • take reasonable steps to prevent someone misusing or getting unauthorised access to your computer system or to our online services
    • ensure your own information, or the information of those who you have authority to act for, is stored and managed in a way that will not expose it to anyone who does not have authority to use it
    • be able to access information and supply it in the manner required when requested.

    You are also required to adhere to the expectations relevant to your situation:

    Danger

    Suspension of access

    If we determine that you are not adhering to the expectations of users of online services and potentially introducing a risk to an online service we may, at our discretion, suspend your access to an online service.

    End of danger

    Tax practitioners

    As the use of our online services by tax practitioners continues to grow, so does the necessity for tax practitioners to be vigilant in adopting stringent online security practices.

    Our online services enable you to create and update client information, lodge forms and even obtain refunds. If your confidential login details fall into the wrong hands, fraudsters may have the ability to generate false refunds and direct them to third parties without the knowledge of the ATO, you or your client.

    Attention

    It is vitally important that you protect your login details (user IDs/password/AUSkey) as they allow access to your entire registered client base.

    End of attention

    Your login details can be illegally obtained by one or more of the following methods:

    • gaining physical access to your business premises
    • someone noting passwords that are displayed on computer workstations or notice boards
    • inappropriate disclosure through 'phishing' emails
    • the unintentional downloading of malicious software that can be used to record confidential information remotely.

    Unauthorised use of login details can lead to identity theft and financial losses for you, your clients and the ATO, as well as affecting the relationship with your client. There is also the potential to undermine your clients' confidence in the ability to communicate or transact business with you or the ATO by email or online.

    You should control the use of login details responsibly. You should also use Access Manager, which allows an administrator to assign permissions for their staff to access secure ATO online services.

    Knowing your clients

    You should recognise and act upon additional risks inherent in working with clients online. These risks include:

    • identity fraud – where there is only, or primarily, online interactions with clients and verifying identity is difficult
    • refund fraud – where original documentation supporting claims is not sighted.

    You should apply the same standards of checking your client’s identification and claims in an online environment as you would in person. Not doing so may transfer unacceptable additional risk to the ATO and may result in suspension of access.

    Get it done

    Use the Online security self assessment questionnaire to identify areas where you can improve your online practices and get additional information and resources.

    End of get it done

    Business

    As a business operator, practising online security is particularly important. Not protecting your customers, staff and business information could impact on the reputation of your business or the relationship you have with your customers and staff.

    If your business uses our online services, we recommend you adopt effective security practices and ensure that you and your staff use the internet in a safe and secure way.

    It is vitally important that you protect your login details (user IDs/password/AUSkey) as they allow access to your business information.

    Your login details can be illegally obtained by one or more of the following methods:

    • gaining physical access to your business premises
    • someone observing and noting passwords that are displayed on computer workstations or notice boards
    • inappropriate disclosure through 'phishing' emails
    • the unintentional downloading of malicious software that can be used to record confidential information remotely.

    Unauthorised use of login details can lead to identity theft and financial losses for your business, customers, staff and the ATO, as well as affecting the relationship with your customers. There is also the potential to undermine your customers' confidence in the ability to communicate or transact business with you.

    Get it done

    Use the Online security self assessment questionnaire to identify areas where you can improve your online practices and get additional information and resources.

    End of get it done

    Individuals/sole traders

    As an individual, practising online security is particularly important. The benefits that come with communicating and transacting online give greater need for:

    • securing your computer
    • being aware of hazards
    • practising safe online behaviour.

    Not protecting yourself is a risk to yourself and the ATO when using our online services.

    If using our online services, we recommend you have effective security measures in place and that you use the internet in a safe and secure way.

    It is vitally important that you protect your login details (user IDs/password/personal information) as they allow access to your information.

    Your login details can be illegally obtained by one or more of the following methods:

    • someone observing and noting passwords
    • inappropriate disclosure through 'phishing' emails
    • the unintentional downloading of malicious software that can be used to record confidential information remotely
    • not protecting and securing mobile phones and devices.

    Unauthorised use of login details or stolen personal information can lead to identity theft and significant financial losses.

    Get it done

    Use the Online security self assessment questionnaire to identify areas where you can improve your online practices and get additional information and resources.

    End of get it done
      Last modified: 01 Jul 2014QC 40977