MFA when accessing W2 information
Challenge: Hackers accessing end user employee access accounts and garnering W2 information. Keep all W2 information hidden and instead of keying in SSN to access W2, use MFA. When access is given to W2, send auto notification as banks due even access is given.
Chauncey Freeman
shared this idea
Thank you for submitting the product idea!
We are looking for more information on this idea - is your district currently using MFA for Employee Access?
If not, what are the concerns of having this enabled for Employee Access entirely?
The option to add an email notification when W2s are accessed is a possibility, as well as masking the W2 info. Would it be the browse we are looking to mask?
Thank you!
Erik O.
-
Chauncey Freeman
commented
is your district currently using MFA for Employee Access? Yes we are currently using MFA.
The option to add an email notification when W2s are accessed is a possibility, as well as masking the W2 info. Would it be the browse we are looking to mask? Currently, you can view W2 totals with out entering SSN to access W2. When accessing W2, PII is exposed. We have had this year already a slew of employees where their W2 was accessed from external IP address that was not the employee and taxes were filed on their behalf. (#1) Mask all w2 totals on Employee access and also the SSN's exposed for family members on the 1095-C, (#2) Allow for employee to set up and receive SMS notification when the W2 is access similar to when bank sends through SMS that your bank account has been accessed.