Back in 2013, a student made his way into the headlines (and finally jail) when it was found that he hacked the income tax e-filing account of Mr. Anil Ambani, the Indian billionaire and chairman of Anil Dhirubhai Ambani Group. Soon after that, another student from Noida hacked income tax return accounts of Bollywood big shots Shahrukh and Salman Khan and cricket stars Sachin Tendulkar and MS Dhoni. These incidents are not uncommon and they have revealed the loopholes in online security system of Income Tax Department. The knowledge that these students successfully hacked into these accounts without any knowledge of hacking methods raises alarm about the security of e filing accounts.
As a result of such incidents, government often reminds account holders to stay away from phishing emails and avoid sharing their account details to anyone. Government has taken another step in this direction to tighten the security of e-filing accounts by introducing new security measures. ‘E-filing vault’ is the new facility provided by ITD on its website. The process to use this facility is quite simple. First step for taxpayers is to login to their account and find ‘E-filing Vault—higher security’ in their profile page. The next step is to login using any of the multiple options of the higher security methods namely – using Aadhaar linkage to generate OTP, Login through net banking or login using Digital Signature Certificate (DSC). Once this process is complete, any attempt to login in future will require the additional check of OTP using Aadhaar or the tax payers will have to login using net banking or DSC. The benefit of doing this is that tax payers do not need to worry even if they had shared their user ID and password with anyone in the past. The dual verification process ensures higher degree of security compared to simple user ID and password verification process.
The process of resetting password also had vulnerabilities which were exploited by hackers. This process has also been made more secure by adding the option to choose how the password can be reset for a particular account. Once the taxpayer has selected reset password using any one or multiple options of higher security methods as mentioned earlier, then no person will be able to reset the tax payer’s password even if he knows the secret answer and e-filing OTP etc.
The ITD has also promised to add EVC options like ATM, Bank Account Validation or Demat Account Validation in the near future. These will also be available for higher level of security for login as well as resetting of password.
Simple passwords are easy to remember and type but are more vulnerable to hackers therefore, Income Tax Department strongly suggests all taxpayers to use a strong password and choose e-filing vault option to tighten the security of their online return filing accounts .