Frequently Asked Questions
- What kind of security do you use?
- This is a subjective question. The question is better asked, as "what steps do you take to safeguard our confidential information". Read through this section of the faq to find out more, and visit our Security Section for more information.
- What encryption technologies do you implement?
We utilize a number of cryptographic technologies that occur almost entirely transparently to you as you utilize the system. For instance, when you enter Recipient information sensitive data is automatically encrypted/decrypted prior to insertion/retrieval from our database using a shared 256 bit randomly generated key that is unique to each customer, using the AES algorithm. When we say shared, we mean in the context of a specific consumer account, which we call a Registrant. Each Registrant may have multiple users that all file within the same account. To accommodate this without having to maintain unique sets of data for each user(as opposed to registrant), each user within a Registrant has the ability to decrypt the 256-bit randomly generated code that will in turn allow for decryption of your data. This is how we accommodate multiple users within an account and is a relatively common approach in scenarios like this.
In other cases, such as when you search for recipient information, E.G. via TaxID, we use pre-computed hashes that are salted with a random 256-bit value known only to a given Registrant, then we precompute a myriad of permutations of your data. The result is your ability to quickly and conveniently search for a given recipient/filer without compromising the integrity of the data, as the data to be searched is one-way hashed and the post hash value is searched, not unencrypted data.
In other cases we use a key derivation function with well proven algorithms with a high-cost iteration count to protect sensitive information such as user passwords. This is the expected and most widely accepted venue to protect customer credential information. Unfortunately many companies have yet to implement these technologies.
Lastly, your ENTIRE session on both our web site and cloud software application is encrypted via your web browser. We do not allow unencrypted sessions to access either our public website or our cloud software.
- If you're printing and mailing our forms for us, how do you keep it safe?
The Printing and Mailing facilities we utilize have passed an SSAE 16 type II audit and actively work to maintain compliance with many industry best practices for securing sensitive information. The facility is actively used to process data spanning the health care, tax, financial industries and beyond.
- I've heard using a username can be unsafe?
This is a somewhat difficult question to answer. If you use passwords that are easily guessed, or have had your user account information on other websites/cloud software applications stolen in the past, and have not rotated your password then yes, using a 'username and password' can be unsafe.
To further safeguard your account with E-File Magic in the event somebody were to guess your username/password, or otherwise get ahold of it, you can enable multi-factor authentication by logging into your account and navigating to the System -> My Profile tab. Click 'edit' and then enable multi-factor authentication.
- What is Multi-Factor authentication and how does it help keep my account safe?
Multi-factor authentication requires at least two independent authentication factors. E.G. something you know(your password), and something you possess (a secret code on your smart phone). Essentially when you enable multi-factor authentication we will generate a secret code that as part of it's derivation includes a time factor. The code will rotate periodically(usually every 30 seconds) and a new code will be generated. Because of how this works, as long as you have the secret code, and we have the secret code, our two codes will always be the same without the need for your device to communicate with our servers.
So how does this help me you might ask? Well imagine if you wrote your E-File Magic username/password down on a sticky note, which we are absolutely certain some of you do(you know who you are). At some point some visitors came to your office, and one particularly bad actor, lets call him Steve(and no disrespect intended to the Steve's of the world) noticed that you had scribbled your username/password on a sticky note, and pulled out his smartphone and snapped a quick picture. Without multi-factor authentication, Steve would be able to login to your account, and access all your sensitive information. That would be bad. With Multi-Factor authentication, when Steve attempted to login to your account, he'd be asked for your username/password AND your special secret time rotating six digit code. Steve would be unable to do any harm!
We currently support Google Authenticator on both Android and iOS for implementing our Multi-Factor authentication approach, and recommend that you download and install that application. You should be able to use alternative programs that works similarly, but we only officially support Google Authenticator.
Multi-Factor authentication has been around for a long time. Unfortunately not a whole lot of companies implement multi-factor authentication, for reasons we don't understand(as the implementation is not particularly complex). Notable companies that allow you to utilize Multi-Factor authentication include: Google, Amazon, Microsoft,etc.
- Are your physical servers safeguarded?
Like many companies(and parts of federal/state governments) we use Amazon Web Services in a virtual private cloud environment. Our servers run with SELinux(Security Enhanced Linux) in enforcing mode. Among other things, Amazon actively works to comply with the following: PCI Level 1, HIPPA, ISO 27001, Soc 1 Type II, ITAR, SOC 2, SOC 3, CSA, DIACAP, FISMA, etc. You can read more about compliance by clicking here.
- How many filers can I have?
- You can have an unlimited number of filers.
- I can only type (x) characters into a given field, what gives?
- We enforce the IRS rules on field lengths. This is to ensure the data you enter will be transmitted in it's entirety to the IRS without us removing portions of your information.
- What is the difference between System Filer Name, and the Name on the main tab?
- In most cases System Filer Name(and description) will be the same. However in some instances you may wish to report a given filer/company to the IRS as one name, but store it in E-File Magic and search for it by another. When in doubt, don't worry about this field.
- How often do you E-File my Filer data with the IRS?
- We do this periodically throughout the week and the time and date can change from time to time.
- I'm filing for multiple filers across multiple years, how do I do this?
- Create each filer and select a different 'filing year' for each one. Activate the filer and enter or import your recipients. Repeat for each filer/year.
- How many recipients can I have?
- You can have an unlimited number of recipients.
- What form copy's can I use?
- We support all form copies, and event support some like a 'combined' copy for the 1099-K form to help make the lives of 1099-K filers a little bit easier.
- Can I Import data from Microsoft Excel?
- Yes. Download our Excel Template. Once you've downloaded the template, enter your information on the Company Tab and the various Form Tabs. When ready, login to your cloud software account, navigate to the System -> Import Data screen, and drag the template over the center pane. Our cloud software will upload your template, process the template, and import your recipients. It's as easy as that!
- Can I import data from QuickBooks?
- Yes. Download our QuickBooks import tool(Windows Only). Once downloaded, enter the year you wish us to extract, and follow the inline help. The Import tool will connect to QuickBooks(you will need to authorize the software), and will extract your QuickBooks data. Once complete, login to your cloud software account and navigate to the System -> Import Data screen. Drag the file the export tool generated over the first pane. The system will then automagically create your filer and import your recipient information and filing data.
- When do you attempt to electronically deliver recipient forms to my recipients?
- We typically do this twice a day in batches. Once in the morning and once in the afternoon. All times are in PST. Your recipient will receive a special e-mail with a link. They will be required to click on the link and retrieve their forms via a secure page on our website. You will be able to review which recipients have confirmed receipt of their form via the Recipients -> E-Mail Confirmation Screen.
- I printed the forms and mailed them myself, now my recipient(s) would like a PDF copy of his form, how do I do this?
You have a couple of options. First, every form we produce can be reproduced digitally in the exact state it was issued, regardless of whether or not you've changed the information since the point of issuing the form. You'll notice a QR Code and link on the bottom of your form. If your recipient scans that QR code, or manually enters the link into their web browser, they will be allowed to retrieve the form securely on our website.
Alternatively you can e-mail them a PDF copy. We recommend password protecting the PDF before you e-mail it, as e-mail can be insecure.
- Can I password protect the PDF forms?
- Absolutely. In fact it's not just password protecting them, we can encrypt the PDF forms with a password you choose. This makes it a lot safer in the instance you decided to e-mail or store your PDF files on your local computer. You can do this from the Generate PDF's screen. Click a PDF form tile, and enter a a passowrd in the password field. Viola, you now have an encrypted PDF form encrypted using your password.
- How much does E-File Magic cost?
- From time to time our pricing changes and depends on the services you wish us to provide you with. There is no fee or licensing cost to utilize our cloud software until you you create your first order. The price will be computed for you during the order submission process.
- I have a suggestion for a new feature, who do I talk to?
- E-Mail or call us. We love to work on feature requests for our greatest asset, you!
- Will you be adding additional forms for us to process?
- Our current platform is very flexible, so the answer to this question is absolutely yes. If you have a specific form you'd like to see, e-mail or call us.
- How many years has E-File Magic been in business?
- Our first year filing was 2006. As of October, 2014, we've been in business nearly nine years.
- What browsers do you support?
- Any recent version of Chrome, Firefox, Opera, or Internet Explorer will work with your cloud application. Internet Explorer users must be running version 9 or higher, and we STRONGLY recommend you use version 10 or higher. Microsoft made significant improvements modernizing their browser is version 10 and our cloud application will perform better on more recent versions.
- How does E-File Magic handle IRS Corrections?
- The IRS defines corrections into two distinct categories. 1) Corrections that involve a mistake with a form amount field and/or description, etc and 2) Corrections that involve a mistake with the Recipients Name, Address, or TaxID. Depending on the correction type that is outlined above, the IRS requires either an Identifying and Correcting transaction to be issued, or just a Correcting transaction to be issued. When you click the ‘Mark Corrected' button on the ‘Recipients -> Manage' screen in E-File Magic, for a record that has already been released for processing, E-File Magic will review the adjustments you make and determine the appropriate transactions to issue for you. This simplifies the process of issuing corrections and helps mitigate any potential errors.
- What forms do you support?