Online services security

Attending to security of information in the e-services environment e-MTA is primarily the task of the Estonian Tax and Customs Board, but there are some things the Board cannot take care of. The following is an overview of the measures how the customers, upon using the e-services environment e-MTA, can minimize potential risks and avoid dangers of the internet environment.

Connection between your computer and the e-services environment e-MTA is secured by eavesdropping-proof SSL (Secure Sockets Layer) protocol. Connection between the e-MTA's server and a customer's browser will be created as secure as feasible by the browser in the customer's computer.

Reduction of potential risks and recommendations on use of the e-MTA

  • Do not log in the e-services environment e-MTA in a public computer if you are not quite sure that it secure. If you are in a public place, always make sure that nobody can watch your monitor and/or operations or find out your passwords.
  • Upon entry in the e-MTA always check that you are on the right webpage. It can be done as follows:
    • Connection must be encrypted, i.e. an internet address must begin with: https:// and the browser must show that this is a safe connection (usually, upon secure session a lock appears on the address strip or lower status band of the window);
    • If you click the browser lock icon, the certificate opened will display the right webpage address, the certificate must be issued by AS Sertifitseerimiskeskus (Certification Centre Ltd.). Such check will avoid the situation when a potential malevolent attacker could deceive you so that the communication between you and the e-MTA would go through the attacker's computer.
  • Always exit the e-MTA by clicking the button "Exit" on the right upper corner of the page and only thereafter always close all the browser windows. Do it if you leave the computer just for a moment so that nobody would be able to access your personal data in the e-MTA.
  • If you log in the e-MTA through a bank, you must find out the security and privacy requirements of the given bank.

Follow technical requirements

We recommend to use the latest browser version for access to the e-MTA.

Make sure that all security updates of an operating system have been installed. When you log in the e-MTA with an ID card, a smartcard reader capable of reading your ID card must be connected with the computer.

You can find technical instructions for use of an ID card here.

Protect your personal security elements

In the e-MTA a user shall be identified by means of security elements and that is why it is extremely important that they are kept in secret.

Personal ID card

  • Never give your ID card to any other person. If anybody happens to misuse your ID card, it is you who will be responsible.
  • Keep your PIN codes of your ID card out of sight of other people. Never write any PIN on the card. Keep the card and codes separately. Memorise the codes and destroy an envelope with PINs.
  • Whenever possible, change your PINs immediately after receipt of the card.
  • For easier memorising do not change your identification PIN and digital signature PIN so that they would be similar.
  • Do not leave your ID card in the smartcard reader of the computer after you have finished work in secure environment.
  • If your ID card and codes get lost or stolen, you must notify the Certification Centre Ltd immediately through the helpline phone number 1777.

General recommendations for daily protection of your computer

There is all sort of malware circulating in the internet, like viruses, worms, spyware, etc. All these "baddies" are trying to control your computer in order to find out your passwords, misuse your computer, or attack other computers, etc. If your computer is protected against malware, use of the e-MTA will be more secure as well.

  • Make sure that there are no viruses or spyware in your computer. In view of this, use anti-virus software and special programs designed for eliminating spyware (spying programmes).
  • If possible, protect your computer with a firewall.
  • Make sure that your online computer is protected with passwords.
  • Update the operating system and browser on regular basis. This way you will ensure quick removal of security errors occurring now or then.
  • Set your browsers in the manner that they would not save encrypted pages or your passwords.
  • Make sure that security devices of the web browser are operational.

If you are not able to carry out the aforementioned measures for securing the computer or suspect that there may be spyware or viruses in your computer, consult an IT expert.

Last updated: 06.09.2022

Was this page helpful?