Best Practices 06-12-2015

DigiCert and the International Data Exchange Service

Elizabeth Baier

The Foreign Account Tax Compliance Act (FATCA) went into effect in March 2010 with the objective of compelling individuals to report foreign financial assets. FATCA affects individuals, financial institutions, and governments.

In order to exchange FATCA information with the United States, Financial Institutions (FI) and Host Country Tax Authorities (HCTA) must securely transmit required information through a secure web application: the International Data Exchange Service (IDES). Under FATCA, FI outside of the U.S. have to provide information about their customers who are U.S. citizens to the IRS. FI that fail to comply with these standards face a 30% withholding tax.

About IDES

IDES is an electronic delivery point, where the aforementioned FIs and HCTA transmit and exchange FATCA data. The data collected through IDES is incorporated into IRS compliance operations. The main function of this service is to facilitate secure data exchange and has added protection of PKI.

IDES can only be accessed by enrolled users through an HTTPS connection or Secure File Transfer Protocol (SFTP). The system is end-to-end controlled file transfer, only accepts encrypted submissions, and allows for reporting in the approved FACTA XML Schema. (For more information about IDES access, go here.)

Here is an overview of the IDES process:

SSL Certificates a Critical Part of IDES Process

The key part of using IDES is the security component. In order to communicate securely, all users must first obtain a digital certificate from a Certificate Authority that is approved by the IRS.

Purpose of a SSL Certificate

Certificates (and their related private keys) are used to sign and decrypt messages between a sending party and the IRS. A digital certificate binds an identity to a public key. A certificate authority (CA) issues a certificate after an identity proofing process to verify the certificate owner. The individual identified in the certificate has possession and control over the private key associated with the public key found in the certificate.

“Approved” Certificate Authorities

The IRS only accepts certificates issued by approved CAs. DigiCert is one of the approved CAs.

Ordering a Certificate from DigiCert

Purchasing a certificate from DigiCert is an easy process, which can be completed in a few steps. Please follow these directions to get a certificate for IDES:

  1. Generate a Certificate Signing Request (CSR). If you want to do this quickly and have a Windows machine, use the DigiCert® Certificate Utility for Windows. (Here is more information about how to create a CSR.)
  2. Place an order for a Standard SSL Certificate on the DigiCert website.
  3. Go through the SSL Certificate validation process for organizations.
  4. Upload the certificate (in a .cer format) to IDES for Enrollment.
  5. Install your certificate using the DigiCert® Certificate Utility for Windows. (Here is more information about how to do that.)
  6. Export certificate from device to encrypt FATCA data.

Using IDES after You Get a Certificate

Once you obtain your certificate, you can proceed to enroll in IDES and transmit data securely. The IDES User Guide can be used for further assistance or specifics.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 


4 best practices for bulk email senders



Driving digital trust with SOC 2-compliant DNS