TaxAct participates in the IRS Free-File Alliance and abides by all IRS Security and Privacy standards.

IRS Publication 1345, Handbook for Authorized IRS e-file Providers of Individual Income Tax Returns, specifically describes the standards for e-file security and privacy and details the requirement for external vulnerability scans starting on page 9.

The Handbook states:

• External Vulnerability Scan
  Online Providers of individual income tax returns must contract with an independent third-party vendor to run weekly external network vulnerability scans of all their “system components” in accordance with the applicable requirements of the Payment Card Industry Data Security Standards (PCIDSS). All scans must be performed by a scanning vendor certified by the Payment Card Industry Security Standards Council and listed on their current list of Approved Scanning Vendors (ASV). In addition, Online Providers of individual income tax returns whose systems are hosted must ensure that their host complies with all applicable requirements of the PCIDSS.

Note that any link in the information above is updated each year automatically and will take you to the most recent version of the webpage or document at the time it is accessed.