Pedro MartinezPedro is a Technology Leader, former CIO/CTO and co-founder, speaker, father of 3, former paratrooper and US Army veteran.  He counts with 19 years of experience in Tech.  Follow Pedro for valuable information about Cloud adoption and overall Digital Transformation.

“You’re either part of the solution or you’re part of the problem.”


TurboTax, Not So Turbo After All

Posted by   


TurboTax Email Confirmation

Photo: TurboTax Email Confirmation

I’ve started receiving emails from Intuit’s TurboTax service. This was very strange, especially because I have not used their service this year. The email was addressed to RAMON MARTINEZ. Obviously we both share the same last name, but RAMON is nowhere near PEDRO when it comes to spelling. Regardless, I’m now receiving all his tax information online, and could potentially change his Intuit’s account password and make some damage. So much for online security.

The first email arrived on May 6th. I’ve immediately tried to contact Intuit by replying to the first two emails, but both of them bounced back to me since they are unmanaged account. That is typical for online notifications. I’ve received a few more emails the following day, mostly confirming transactions and providing some other account related information. Finally I’m contacted Intuit’s sales team via online chat, where someone outside of the U.S. by the name of Jasmine greeted me. The person could not help me because they manage technical support from the U.S., according to her. I was then transferred to a rep in the U.S.; she introduced herself as Marie. I went on explaining to her about the security breech, but after giving her a few details, she told me she couldn’t help either.

TurboTax Online Support Chat

Photo: TurboTax Online Support Chat

This is totally wrong and it shouldn’t have happened. Online security must be the first priority for financial institution, period.

First, when opening the account, an email should be sent to the user’s email address. This email should include an email confirmation for account validation. The account should only go active after the validation process is complete. Second, the same validation process should apply to any major account detail changes. This will create another layer of security. Finally, all departments in Intuit should be trained on how to handle claims such as mine in an effort to cut possible security breech or simply for PR purposes.

I should have never received those emails. This is a flaw in Intuit’s system or process.

Now, that I went through this experience, I’m changing all my passwords with my Intuit services and think twice before using their services or buying their products; that includes