Five security questions needed for Revenue Online!

Duke of Marmalade

Registered User
Messages
4,388
I signed my son, the Earl of Marmalade, up for ROS today. They required me to give answers for FIVE security questions:eek: I mean to say, who actually has a favourite movie? Or who remembers the name of their first teacher? And as to the date of birth of his eldest child the EoM doesn't have any children.

Does anyone know would one get away with simply making "whatever" the answer to all the security questions?
 
Just reply "Kim" to the movie, teacher and child's name questions.
The same answer works if they ask for your favourite book as well.
 
You're right, the questions aren't about particularly memorable things. Just fling down any answer you like.

That's what I did ... which is why I now can't remember any of the answers I gave :confused: :eek:
 
Just reply "Kim" to the movie, teacher and child's name questions.
The same answer works if they ask for your favourite book as well.
You realise that by giving me that much info on your security arrangements that I will be able to pay your taxes for you:rolleyes:
 
  • Like
Reactions: jjm
Best practices now are to answer such questions with details that cannot be obtained from other sources (particularly social media), and ideally not even remotely true or easily guessable.

So for example, when asked for your mother's maiden name, enter something like 'Jimmy'. That will foil anyone who carries out some basic research and obtains your mother's true maiden name, and it is also unlikely that anyone would ever guess it yet it will serve the purposes of identifying you to the Revenue service.
 
Best practices now are to answer such questions with details that cannot be obtained from other sources (particularly social media), and ideally not even remotely true or easily guessable.

So for example, when asked for your mother's maiden name, enter something like 'Jimmy'. That will foil anyone who carries out some basic research and obtains your mother's true maiden name, and it is also unlikely that anyone would ever guess it yet it will serve the purposes of identifying you to the Revenue service.
So should I have just answered the first five questions "jimmy"? I think the date questions actually required a format.

My point is that five questions is way OTT. I could understand The Donald having to answer five security questions as part of the nuclear codes, but really, who is interested in hacking into the Earl's ROS account?
 
Last edited by a moderator:
5 let's them rotate questions making it much less likely that someone observing or listening to you getting the information they need to access your account. It's the same idea as asking for only a few digits from your PIN, makes it much harder for those who want to compromise your details.
 
Leo it's a question of proportionality. This cyber security thing is becoming like Y2K. I expect that the amount spent on protection against cyber fraud greatly outweighs the proceeds of cyber fraud. (Ok, in the same way amounts spent on policing probably greatly exceed the proceeds of crime, I hear you argue).

In Y2K's case the argument by the IT/Audit community is that they saved the World from Armageddon, albeit at the cost of a huge bonanza to that constituency. The rest of us now realise (some of us realised it all along) that it was all completely over egged, bordering on group fraud.

I suspect cyber security is in the same space. Clearly the Revenue have geniuses employed who earn their bonuses by coming up with a "five security questions" approach. Totally out of proportion IMHO.
 
You might think it's out of proportion, but tell that to any of the victims of such a fraud, and there are plenty of them around.

From time to time I see some of the industry reports on successful fraud attempts. Many of these victims lose tens of thousands that they will never see again. To me, remembering the answer to 5 questions is a small price to pay.
 
If Revenue are like any other parts of the Public Sector then there is probably an audit report or finding somewhere driving this behaviour. It's a ridiculous amount of security questions and it won't stop any semi-competent hacker. Bizarre thing about it is that the Revenue will quite happily send documents to you in the post with all the key information that a hacker would want anyway.
 
Back
Top