Recent events surrounding early access to superannuation, one of the Government's COVID-19 stimulus measures, has prompted concerns about the integrity of ATO systems including Single Touch Payroll (STP), one of three methods being used to deliver JobKeeper. It has been reported that while individual's details were accessed through a third party system that connected to the ATO, the ATO's systems were not compromised.
According to the ATO's Chief Information Office, Ramez Katf, there are approximately 250 parties connected to the ATO and there are multiple levels of security in place to prevent fraudulent activity. ABSIA are well aware of the ATO's security measures given we represent the Digital Service Providers (DSPs) and Sending Service Providers (SSPs) that send STP data to the ATO.
ABSIA was heavily involved in the creation of the DSP Operational Framework, which outlines security requirements for DSPs that wish to connect to the ATO via API and transact personal and financial data. DSPs are required to undergo re-assessment each year with the framework itself also reviewed and changes enacted to reflect the risks present in our evolving digital environments. The Security Standard for Add-on Marketplaces, or the SSAM, further protects DSPs and therefore the ATO.
ABSIA is committed to working with the ATO to ensure that the security and integrity of STP and STN remains intact.