Show download pdf controls
  • Security guidelines

    Inputs to the FDR are protected by AUSkey which is an online security credential.

    We recommend you review this information regularly. We will update it as we become aware of issues and relevant information, which will help you maintain the highest levels of security.

    Security credentials

    A security credential is an electronic file and/or software used for identification purposes when transacting over the internet.

    A security credential is used to establish a secure environment for online transactions. This provides you with assurance that your online transactions with us are safe by letting us know we are interacting with the right person for each transaction.

    Modern security credentials make fraud very difficult. For someone to gain access to our online services as you, they would have to be using a computer on which the credential is installed and they would have to know your password.

    Every person associated with your super entity who wants to deal with us online on behalf of your ABN will need their own security credential.

    Looking after your security credential

    The security of the information you want to guard through the use of a credential is only as good as the care you take to keep this credential protected.

    Never disclose your password to anyone including our staff or the provider of your credential.

    When deciding on a password, make sure that it is sufficiently complex. Your password must:

    • be at least eight characters long
    • contain numeric as well as alphabetic characters
    • have a mix of upper and lower case alphabetic characters
    • have at least one special character (for example,!, @, #).

    Security credential expiry

    AUSkey holders

    As long as you use your AUSkey at least once each year, it will not expire. If your certificate does expire you will need to register for a new one.

    Your role in securing your information

    Technology and computers cannot safeguard information automatically. You need to protect your own and your members' information related to using this service.

    We strongly recommend that you:

    • never disclose your AUSkey password to anyone, including us or the credential issuer
    • do not download your credential to general use computers. Access the portal only from computers to which you have exclusive use, or that you share under one of the following conditions 
      • the computer is configured for multiple users
      • each user has a unique account
      • other users are individuals you can trust
    • keep your computer software up to date, especially with security upgrades and patches – these are usually available from the licenser of the software
    • ensure that your anti-virus software is current and running on your computer at all times – scan new programs or files for viruses before opening, running, installing or using them
    • ensure that you have anti-intrusion software (commonly referred to as a firewall) to provide added security around your information and protection from misuse of your identity
    • avoid opening, running, installing or using programs or files you have obtained from a person or organisation unless you are positive that you can trust them
    • conduct secure disposal practices such as cleansing of the hard disk on disposal of your computer.

    What to do if someone obtains your password or your computer is stolen

    This situation should be treated with the same degree of urgency that you would give to the loss of a credit card.

    If you still have access to your AUSkey, you should log in to the ABR websiteExternal Link and cancel your credential. You will then need to register for a new AUSkey.

    If you no longer have access to your AUSkey, any administrator AUSkey holder within your business can cancel your AUSkey online at the ABR websiteExternal Link.

    If you're an administrator AUSkey holder, and there are no other administrator AUSkey holders within your business, call 1300 AUSkey (1300 287 539) to have your certificate cancelled. You will need to satisfy identity checks before we'll cancel your AUSkey on your behalf.

    AUSkey replacement

    Together, myGovID and Relationship Authorisation Manager (RAM) will replace AUSkey and Manage ABN Connections in March 2020. These new digital services are available in public beta for eligible businesses to try.

    RAM is now connected to Access Manager. This means when you authorise a person to act for a business using RAM, you can set their permissions in Access Manager at the same time.

    As a result, you will notice some different fields in Access Manager.

    In the Access and permissions screen:

    • Credential type is now Authorisation type – lists authorisation types such as authorised user, principal authority, authorisation administrator, Standard AUSkey, Admin AUSkey and Device
    • new Access level – lists the level of access for each user. 'Full' means the user has all permissions, 'Custom' means you can assign and remove user permissions and 'None' means no permissions have been assigned
    • new Expiry – lists the authorisation expiry date of authorised users in RAM (not available to AUSkey users)
    • the Last access date field is temporarily unavailable
    • In the Modify access and permissions screen, registered tax and BAS agents can use Assign RANs to provide user access to their Registered Agent Numbers (RANs).

    See also:

      Last modified: 13 Dec 2019QC 35422