fbpx

by Nannette Botha

SARS is continually busy with enhancements to its efiling platform.  One of these is the introduction of One-Time Pins to effect certain actions on the platform.

Choosing a password reveals a lot about yourself – including your personality and your risk appetite.  There is little choice in adding an extra layer of protection with two-way authentication.   A One-Time Pin sent to your phone or e-mail aims to safeguard your information and prevent online access as a second line of defence against hackers and unauthorised access.

However, an OTP can either be a quick, effortless safety measure, or an extreme frustration, if that phone is stolen, has a dead battery or if the system is offline. The frustration can also be spread wider, if an OTP is required by a business locally, while the device is travelling with its owner abroad.

As with all risk management, planning for OTP access is crucial for business (and personal) continuity and avoidance of hacking, theft and frustration:

    • Two-way access still uses passwords and passcodes. These are often not shared or recorded with the idea to keep them safe from cybercrime, but unfortunately, also from those you might need to use it. That is especially true with estate finalisation: SARS requires OTPs to access the necessary returns and documents, as well as payments that need to be made which are even more difficult when the deceased’s cell phone service has been discontinued.
    • While keeping a record of passwords is a good idea, keeping that record safe can be a challenge. There are various apps available which create an online vault for passwords and access codes. However, online information is always under threat of hacking. Keeping a physical book safely locked away (where a trusted friend or family member could still access it) could be the safer option with this very sensitive information.
    • When travelling out of cell phone coverage or emigrating, ensure that OTP releases can be done via e-mail. Alternatively, roaming might be necessary until you are online again (or when the number can be changed to an active phone number).
    • Where a cell phone number is changed, this needs to be updated with SARS either by a branch visit, personal profile update or scheduled appointment to ensure continued access.
    • In the case of a deceased estate, an executor or agent must be appointed to receive OTP’s – which can become a cumbersome and time-consuming exercise. It could very well be cheaper to keep the cell phone number active until the estate is finalised and to ensure that a trusted person has access to your login details and OTP device(s).

 

Balancing the safekeeping of information with the availability of information and access when needed, is important, not only to ensure personal comfort and safety, but also to protect your business and legacy.

 

www.auroprofessional.com

 

Paarl | Stellenbosch | Franschhoek | Wellington | Somerset West | Durbanville | Cape Town | Western Cape