• Security of information

    The Australian Taxation Office (ATO) operates the Australian Business Register (ABR) website and the ABR and AUSkey transaction sites. Security controls protect the sites from unauthorised access and information when collected, used, disclosed and stored by the ABR.

    Personal information won't be released unless the law permits it or permission is given. Users should be aware that there may be inherent risks associated with the transmission of information via the internet.

    Legislation prohibits ATO personnel and government departments from accessing, recording or disclosing taxation information except when performing their duties or in situations permitted by taxation laws.

    Confidentiality and integrity

    The ABR sites have two forms of protection:

    • SSL (Secure Socket Layer) encryption provides the secure connection between the user and ABR Web server. For more information refer to W3C ‘The world wide web consortium’ where a search for ‘SSL’ or browsing Security FAQs provides current information.
    • PKI (Public Key Infrastructure) is a digital credential (AUSkey) to verify if the user is who they claim to be. This helps ensure the security of electronic transactions with the ABR.

    User awareness of location

    It's intended that users of the ABR sites will be able to determine when they're interacting with the ABR.

    Users can confirm they're interacting with ABR sites by checking the digital certificate used to provide SSL encryption.

    To check, click on the SSL padlock located along the bottom of the browser window and confirm the following:

    • the certificate has been issued to 'abr.gov.au'
    • the certificate has been issued by 'Thawte Server CA'
    • the certificate has a validity period of two years
    • the certificate path shows only 'Thawte Server CA' followed by 'abr.gov.au'

    How details are displayed depends on the type of browser being used.

    Online security

    We will never ask you for your tax file number (TFN), bank details or other personal identification information in an electronic communication to you (including email or text message).

    If you've received fraudulent communication, you're unsure of the legitimacy of a communication that claims to be from the ABR or you think you've been a victim of a tax-related scam, call us on 13 28 61.

    If you receive an SMS or email asking for personal information, forward the entire email to ReportEmailFraud@ato.gov.au.

    Find out more:

    • Last modified: 26 Sep 2018QC 202