How Governments Can Save Money With Identity and Access Management Part 2

In a previous blog I wrote about how governments can save money by renewing passports. Today we look at tax returns.I still remember the time when the annual tax report included a visit to the local tax office in Finland, picking up a number, waiting for half an hour or more with dozens of others and finally talking to the tax officer, As I had some questions about the tax report. If you are running your own business, imagine doing this twelve times a year.

How did companies file their tax

Companies have to turn in their tax reports monthly so that the government can calculate their revenue. There is more to it, but its profit is revenue. They will also have to file their annual tax report.  Accounting companies are used to outsource this to small to medium-sized businesses. Large enterprises had their own finance department to do such things. Each tax return needs to be handled manually by the tax administration and you can imagine the costs related to it. I pity the tax officer, who will try to understand my shortcomings.

So, the tax administration needed a solution to make this entire process easier for organizations with VAT numbers (tax reporting obligations).

The obvious answer was the Internet. Explain that companies have submitted their tax information through the net. This happened centuries ago, we are talking about the late 90s here.

Once companies started adopting this new method and introduced accounting software packages to include upload capabilities, things were cheating well for years. As gears in government slowly change, the new requirement for proper identification and access management (IAM) was slowly but surely recognized. The government was required to properly authenticate the user who uploaded the information, but also verify that this particular user had authorization to do so.

There are currently about 350,000 organizations with VAT numbers. Most companies are small to medium-sized businesses and many of them still outsource their finance administration to accounting companies. Then there are large companies that have multiple locations and many different people file tax information.

The right level of authentication is easy to solve,

as we have a working BankID certification scheme that almost everyone uses when they enter government (and some private sector) services. Therefore, there is a strong authentication option that people can use, but it does not resolve the more important issue of authority. ” This is particularly important when accounting companies file reports on behalf of many different companies. It is not the job of accounting companies or their employees to claim that they are filing tax reports on behalf of Company X – it is the duty of Company X to properly authorize the accounting company to do so. The same applies for internal employees, they need to be suitably authorized.

Now if you work out the numbers and use cases described above

, you will soon realize that modeling this online is an impossible task and will have to be done for tax administration itself. Even if they somehow managed to build a system to handle that kind of information, it would have become outdated on the first day. People change jobs inside companies, leave organizations, or new employees will take over from previous (authorized) employees.

Kato was created to solve this challenge.

Cato is a portal where companies can register, acquire an administrator account, authorize their employees, or authorize other companies to represent them in tax administration services. Tax administration was to outsource the identification and management of authorizations to its customers (350 000 or so VAT organizations), rather than trying to keep this data up-to-date and current.

During the registration process they will generate an OTP (one-time-password) pad for strong authentication which they can manage through self-service. Each BankID certification event costs an average of 0.30 € (£ 0.24 / $ 0.33) and can generate considerable costs in the long run hence it is considered an independent strong authentication credential (KATSO OTP).


Leave a Reply

Your email address will not be published. Required fields are marked *