Thursday, January 26, 2012

Colorado Secretary of State launches password protection for business filings and reports

In April last year I wrote about a serious deficiency in the system used by the Colorado Secretary of State for businesses that use their online service to register with the state and to file annual reports.

I have good news, and bad news.

The good news is that as of today you have the option of securing your business registration with the State of Colorado with your email address and a password.

In May 27, 2011 Bill HB-1095 was signed, allowing the Secretary of State’s office to implement a password protected business filing system.

On January 26, 2012, the Colorado Secretary of State announced that the "Secure Filing" system is up and running.

Here is the state's description of the password system:
Colorado: Secure Business Filing

And instructions for setting it up plus a short FAQ:
Colorado: Create a Secure Business Filing Account

Colorado: Secure Business Filing FAQ

All good and - while overdue - appreciated.

Now the bad news.

I'm sure arguments raged over the conference tables on this topic, but the fact is they've gone and rolled this out the wrong way.

First, it's optional. You can ignore this feature and bet that you're not enough of a target to be worried. That might be a very expensive mistake.

I never saw any notification of this new feature, beyond their website. Which I - like most of you - only check when it's time to file my annual report.

So here's the problem as I see it. Someone is going to go after their target by filing an amendment (same problem of Corporate ID Theft as before) to change your business address of record. Then they'll have the state send the PIN notification that starts the conversion of your "open" account to a secure account system -- to that address they just used to update your record. Now the crooks OWN your account with the state, and I would imagine it might be painful, time consuming and perhaps expensive to wrest control back to you should this happen.

What they should have done is make this mandatory, by mailing out snail mail with temporary accounts/passwords to current record holders.

Since they did not, it's up to you to act fast and get your registration with the state locked down before the ID thieves do it to for you.

No comments:

Post a Comment

Comments are welcome but moderated to prevent spam links. I usually check them at least once a day in the evenings - so please be patient with me if your comment does not appear quickly.

Thank you.