Five security questions needed for Revenue Online!

Discussion in 'Letting Off Steam' started by Duke of Marmalade, Aug 10, 2017.

  1. Duke of Marmalade

    Duke of Marmalade Frequent Poster

    Posts:
    1,635
    I signed my son, the Earl of Marmalade, up for ROS today. They required me to give answers for FIVE security questions:eek: I mean to say, who actually has a favourite movie? Or who remembers the name of their first teacher? And as to the date of birth of his eldest child the EoM doesn't have any children.

    Does anyone know would one get away with simply making "whatever" the answer to all the security questions?
     
  2. Purple

    Purple Frequent Poster

    Posts:
    7,582
    Just reply "Kim" to the movie, teacher and child's name questions.
    The same answer works if they ask for your favourite book as well.
     
    Duke of Marmalade likes this.
  3. dub_nerd

    dub_nerd Frequent Poster

    Posts:
    1,409
    You're right, the questions aren't about particularly memorable things. Just fling down any answer you like.

    That's what I did ... which is why I now can't remember any of the answers I gave :confused: :eek:
     
    Duke of Marmalade likes this.
  4. Duke of Marmalade

    Duke of Marmalade Frequent Poster

    Posts:
    1,635
    You realise that by giving me that much info on your security arrangements that I will be able to pay your taxes for you:rolleyes:
     
    jjm likes this.
  5. jjm

    jjm Frequent Poster

    Posts:
    412
    You possibly always do,:oops:
     
  6. Purple

    Purple Frequent Poster

    Posts:
    7,582
    If I give you my bank account details will you also clear my overdraft for me?
     
    dub_nerd likes this.
  7. Purple

    Purple Frequent Poster

    Posts:
    7,582
    There are villages in Ireland who pay less income tax than me...
     
    ali and Firefly like this.
  8. Leo

    Leo Moderator

    Posts:
    8,232
    Best practices now are to answer such questions with details that cannot be obtained from other sources (particularly social media), and ideally not even remotely true or easily guessable.

    So for example, when asked for your mother's maiden name, enter something like 'Jimmy'. That will foil anyone who carries out some basic research and obtains your mother's true maiden name, and it is also unlikely that anyone would ever guess it yet it will serve the purposes of identifying you to the Revenue service.
     
    odyssey06 likes this.
  9. jjm

    jjm Frequent Poster

    Posts:
    412
    :(:(
    There are estates in cities/towns who pay even less
     
  10. Duke of Marmalade

    Duke of Marmalade Frequent Poster

    Posts:
    1,635
    Last edited by a moderator: Aug 11, 2017 at 1:06 PM
    So should I have just answered the first five questions "jimmy"? I think the date questions actually required a format.

    My point is that five questions is way OTT. I could understand The Donald having to answer five security questions as part of the nuclear codes, but really, who is interested in hacking into the Earl's ROS account?
     
    Last edited by a moderator: Aug 11, 2017 at 1:06 PM
  11. Leo

    Leo Moderator

    Posts:
    8,232
    5 let's them rotate questions making it much less likely that someone observing or listening to you getting the information they need to access your account. It's the same idea as asking for only a few digits from your PIN, makes it much harder for those who want to compromise your details.
     
  12. Duke of Marmalade

    Duke of Marmalade Frequent Poster

    Posts:
    1,635
    Leo it's a question of proportionality. This cyber security thing is becoming like Y2K. I expect that the amount spent on protection against cyber fraud greatly outweighs the proceeds of cyber fraud. (Ok, in the same way amounts spent on policing probably greatly exceed the proceeds of crime, I hear you argue).

    In Y2K's case the argument by the IT/Audit community is that they saved the World from Armageddon, albeit at the cost of a huge bonanza to that constituency. The rest of us now realise (some of us realised it all along) that it was all completely over egged, bordering on group fraud.

    I suspect cyber security is in the same space. Clearly the Revenue have geniuses employed who earn their bonuses by coming up with a "five security questions" approach. Totally out of proportion IMHO.
     
  13. Firefly

    Firefly Frequent Poster

    Posts:
    2,325
    Ahh, Y2K. Easiest money I ever made ;)
     
  14. Leo

    Leo Moderator

    Posts:
    8,232
    You might think it's out of proportion, but tell that to any of the victims of such a fraud, and there are plenty of them around.

    From time to time I see some of the industry reports on successful fraud attempts. Many of these victims lose tens of thousands that they will never see again. To me, remembering the answer to 5 questions is a small price to pay.
     
  15. Duke of Marmalade

    Duke of Marmalade Frequent Poster

    Posts:
    1,635
    Who do you think ultimately pays for this burgeoning cyber security industry?
     
  16. dub_nerd

    dub_nerd Frequent Poster

    Posts:
    1,409
    bigly, bigly, bigly, bigly, bigly
     
  17. thedaddyman

    thedaddyman Frequent Poster

    Posts:
    699
    If Revenue are like any other parts of the Public Sector then there is probably an audit report or finding somewhere driving this behaviour. It's a ridiculous amount of security questions and it won't stop any semi-competent hacker. Bizarre thing about it is that the Revenue will quite happily send documents to you in the post with all the key information that a hacker would want anyway.