Canada Revenue Agency
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

 

Institutional links

EFILE

Security

Security requires a partnership between two parties; in this case, the Canada Revenue Agency and you, the electronic filer.

The Canada Revenue Agency (CRA)

We permit only approved participants to electronically file income tax returns or to access the System for Electronic Notification of Debt (SEND).

Personal and financial information must be transmitted to us in an encrypted format. Encryption is a way of encoding information before it is transmitted over the Internet. This ensures that no unauthorized party can alter or view the data.

We also ensure that all personal and financial information is stored securely in our computers. We use state-of-the-art encryption technology and sophisticated security techniques to protect this site at all times.

We have made every possible effort to ensure the safety and integrity of transactions on our Web site. However, the Internet is a public network and, as a result, is outside our control.

The electronic filer

If you want to access the System for Electronic Notification of Debt (SEND) or transmit your clients' returns electronically, you must first register or renew on an annual basis your participation in EFILE with the CRA. Once the application or the renewal has been accepted, a confirmation page will display an EFILE number and password. These two pieces of identification make up an electronic signature required to access our confidential areas and services.

You also have to use approved security protocols to access our site. Data from your computer must be encrypted before being sent. This changes your data into a format that can be safely transmitted over the Internet. Once the data is encrypted, it cannot be read until it reaches its destination and is decrypted, using an encryption key.

In simple terms, the information from your tax return is broken down into small packages of information called packets, and Secure Sockets Layer (SSL) encrypts each packet. These encrypted packets are sent into the Internet separately, like pieces of a puzzle, each individually addressed. Once they've all reached the safety of our secure Web server, they're reassembled and decrypted.

Return to
Top of page

Use of 128-bit SSL encryption

Although some sites will allow you access with 40-bit encryption, we limit access to browsers supporting 128-bit secure sockets layer (SSL) encryption.

This protocol enhances the privacy of the information passing between your browser and our Web servers. The SSL protocol allows safe data transmission and authentication by encrypting the information. Data can't be compromised when SSL is used. This is the most secure form of encryption commonly available in North America.

When you're ready to file tax returns or to submit a SEND request, our server will automatically verify that your browser meets the 128-bit SSL security requirement. If your browser passes the encryption check, you will be directed to our transmission Web page. However, if your browser fails the test you will be directed to our browser set-up Web page. From there you can link to Web sites for several popular browser programs. It is your responsibility to download and install this software. If you do not upgrade your browser you will not be able to access either the EFILE On-Line or EFILE On-Line Plus services.

You may also visit our browser Web page and click the "test" button to verify the current encryption capability and cookie setting of your browser. No other information will be accessed during this test.

Depending on the version of the browser being tested, you may also see an expired "root certificate" message displayed.

Return to
Top of page

Confidentiality

As an electronic filer, you can help ensure your clients' income tax information remains confidential:

  • Keep your EFILE number and password secret. Notify the EFILE help desk immediately if you believe your password has been compromised.

  • If you leave your computer on after completing activities in an encrypted area of the site, clear the cache and turn off and restart the browser. This eliminates any copies of Web pages that may have been stored on your computer's hard drive. Remember, information stored in the browser cache is not encrypted.
    • If you are using Netscape Navigator, clear both your browser's disc cache and memory cache.
    • If you are using Internet Explorer, clear your disc cache, then shut down and restart your browser.

  • Unless you are using a firewall to prevent hackers from getting personal information from your hard drive, we suggest you remove any personal information, such as client tax information, from your hard drive and store it on diskette or CD.

    Note that a firewall may not protect you if you install peer-to-peer networking products, like those used at some popular Internet music sharing Web sites. In that case, moving personal data off your hard drive is the best option. As a minimal precaution, ensure that you are not storing any personal data in a shared folder.

    You might need to change the setting on your firewall to allow communications between our server and your computer.

  • Never send confidential information such as your client's SIN via Internet email. Our Internet email does not have secure transmission capabilities.

  • Dispose of all documents properly to protect your clients' confidentiality.
Date Modified: 2007-10-22

Top of Page
Important Notices