Did you know that tax-refund fraud in 2016 reached an all-time high of approximately $21 billion? That’s up from “just” $6.5 billion in 2014, according to the IRS. Tax-related identity theft and phishing attacks to gain user credentials are rising. Thieves use these attacks to take over a user’s credentials. Then they gain access to confidential financial date including tax returns, financial statements, drivers licenses and more. Today, even complex passwords like those required in CCH Axcess Portal are not enough to deter online criminals and protect sensitive firm and client data.
Commitment to Security
At Wolters Kluwer, our commitment to security never ends. We are keenly aware that clients’ financial data stored in our systems like CCH Axcess Portal could be a treasure trove for online hackers and thieves, if they were to get ahold of users’ login credentials. That’s why last summer we added an optional 2-Step Verification feature to protect Portal data.
This 2-step verification feature provides firms with multi-factor authentication, when enabled. When using multi-factor authentication, your user credentials are a single factor in the authentication process that verifies your identity. 2-Step Verification requires a second factor in addition to the credentials as part of the authentication process.
Our solution will send a code to your smartphone as an SMS text message. Alternatively, we can send the code to your email, or there is an automated voice option as well. We worked closely with customers to ensure that the login process was as simple as possible. Most users will already be familiar with this process. Many financial and banking websites, social media and other online accounts already require multi-factor authentication. This requirement adds an extra layer of protection against hacking and fraud attempts. If a criminal were to hack through your password layer, they’d still need your phone or access to your email account to login.
The Next Step
Now, we’re taking the next step in security. Beginning his Sunday, April 29, 2018, we will enable 2-Step Verification for all CCH Axcess Portal accounts. After this release, all firm and client users logging into CCH Axcess Portal will be required to go through the 2-Step Verification authentication process:
- When logging in to the CCH Client Axcess or CCH Axcess Portal interfaces from a new device, or from a new web browser or a registered/trusted device.
- When logging in more than 90 days after their last verification.
- After using the ‘Forgot my password’ option from the login screen.
- Every time they log in, if the user does not check the ‘Remember this device’ when logging in.
If your firm is using the Integrated Portal with either CCH Axcess Document or CCH ProSystem fx Document (On-Premise), then your firm users will not be affected by this change. However, your clients will go through the 2-Step Verification process as described above.
Making the Change
We did not want to interrupt tax busy season, but we wanted to provide multi-factor authentication to all customers as soon after tax season as possible. Our CCH Support site has been updated with information about 2-Step Verification (search “Portal MFA”), including an email template you can use to notify your clients of this change, an FAQ document, and a link to a video showing how to login with 2-Step Verification that you can watch or share with your clients.
We know change is hard and adding additional steps to the login process may upset some users. But in today’s world of cybercriminals and online thieves, we believe enabling 2-Step Verification on all Portal accounts at this time is both prudent and necessary. The change will help protect your clients’ most sensitive financial records and tax returns. We also know that many clients will be glad that your portal has multi-factor authentication. It shows your firm’s commitment to security as well.