#1 Discount Tax Return Service, LLC

Security

While no website can absolutely guarantee 100% security, internet security has come a long way. In many ways sending information over the internet is now safer than putting that same information in your mailbox or giving your credit card to a cashier at a department store. #1 Discount Tax Return Service has taken every precaution to ensure that the information our users submit to our site remains secure and protected from internet hackers. In addition, any information you transmit to us via the internet is encrypted using SSL.

What is SSL?
SSL (Secure Socket Layering), an Internet protocol, is a set of specifications that allow two applications to communication with each other via the Internet, in a secure environment. SSL allows a web browser or client to authenticate the existence and identity of a website using digital keys and certificates. It also allows for all information that it sends to be encrypted, ensuring that information cannot be intercepted or stolen while in transit.

How does SSL work?
SSL works on the basis of two keys, a private and a public key, known as a 'keypair'. When you request an SSL session to a server, the client browser will negotiate a 'SSL Handshake' with that server. The client browser then creates a third unique key, known as the Pre Master Secret Key, which is encrypted using the public key (included in the certificate) and sent to the server. The server then decrypts the session key with the private key, and both then create the final Master Secret Key, which will be used for this session only. In a nutshell, the client uses the public key to authenticate the signature made by the private key.

How do you know whether a website is secure?
In order to create a SSL session, a user will reference the domain using https - so check to see that the URL starts with this. The client browser will also verify any information contained in the certificate. The client browser will also check that the Certification Authority (CA - e.g. Thawte) is a trusted CA by verifying the signature on that server certificate. Finally, the client browser will check that the domain name of the browser matches that of the certificate, and will pop up a warning message if it does not trust one of the fields. Should the user continue with the transaction, it would be at his or her own risk - your credit card details could be going to a fraudulent site. You can view the certificate by right clicking on the page, go to page properties, then certificates details, or alternatively, click on the padlock in the bottom right-hand corner (although this does not always appear). If all is in order you can continue.

Is my information therefore safe?
If all of the above comply, your information should be secure. Nothing is however foolproof, as the aim of encryption is not to be unbreakable, as new technology is always being developed, but rather to make it inconvenient, so that the time needed to break it would put anyone off from trying!

Two levels of encryption

Servers and Web browsers use 40-bit or 128-bit encryption. With 40-bit encryption, there are many billions of possible keys to unlock the code for each unique transmission, and only one of them works. With 128-bit encryption, there are 300 billion trillion times as many possible keys as with 40-bit encryption.

Certificates

If you have doubts about providing your credit card number or other personal information on a company's Web site, check for the site's certificate. With Microsoft Internet Explorer 5.0, on the File menu, click Properties and then click Certificates. A Web site certificate is an online document that certifies the site's identity so you know your information is going where you intend it to go.

Weighing the risk

There is a chance that a thief could intercept your credit card number as it travels from your computer to the Web site's server, but it's a faint possibility. In fact, it's much more difficult to carry out such a scheme online than it is in the real world where your credit card number is printed on statements and receipts that are mailed, filed, or thrown away. Some sites may work with your browser to encrypt, or encode, your transaction information so that, if it's intercepted, it can't be read.