One Stop Credentialing And Registration - Web Site Security
New York State takes taxpayer information confidentiality and computer security very seriously. This Department web site uses industry standards to provide secure and protected content. We also employ the use of digital certificates on our web site to provide a secure, encrypted connection between capable web browsers and our web servers. This secure, encrypted connection is required by our servers whenever and wherever you are asked to enter any kind of information that may be considered confidential.
Here are some commonly asked questions and answers about web site security and its use on our web sites.
- How do I know if a web site is secure?
- What does this "warning" window that comes up really mean?
When transmitting any sensitive information over the Internet, there are three things you need to be certain of:
- Data that you send is strongly encrypted.
- The site you are doing business with is the site you think it is.
- The site you are doing business with processes your information in a safe and responsible manner.
The New York State Department of Tax & Finance web site addresses all three issues.
Point one is taken care of by SSL (Secure Sockets Layer), the industry standard security protocol that the Tax Department site uses to communicate with secure browsers like Netscape and Internet Explorer. When communicating with a secure server like ours, these browsers encrypt the information you send in a way that is extremely difficult for anyone else to decode. (You do not have to know whether your browser supports secure transactions - if it doesn't, you won't be able to access a web page that requires SSL.) We have included a visual representation below of what to look for in your browser window to see if you are viewing a site securely.
The second point can be covered by employing digital certificates. A certificate is issued to an organization for use on a web site by a company that specializes in issuing trusted certificates. Client certificates function in a way similar to a driver's license or passport.
These are encrypted files that are used to contain detailed information about the use and organization referred to on the certificate. A web site registers with the trusted certificate company, after they prove who they are. Then when you visit that web site, you can refer to the trusted certificate company web site who will verify or "certify" who it is that you are visiting. We use Entrust to certify our site. There is a link to their certification site at the top of this page as well as here and whenever you are entering a secured area of our web site. The certificate is also used by our server and your browser to assist in the encryption using the SSL protocol as explained above.
Many security experts say the most important thing is what happens once the business receives your information. At the New York State Department of Taxation & Finance, we take several steps to keep things on our servers as safe as possible. This site has security measures in place to protect against the loss, misuse, and alteration of the information under our control. For example, we do our processing on machines that are not connected to the Internet, so there is no danger of unauthorized people gaining access to them.
On some browsers, this window can be a bit intimidating. But it simply means that you are entering the safest, most secure area of our web site.
This should be reassuring since this is where taxpayer interactions take place. Click to continue. When going from secure mode to unsecure mode, you will likely receive another similar alert message, just to make sure you know what is happening.