Online services security

Attending to security of information in the e-services environment e-MTA is primarily the task of the Estonian Tax and Customs Board, but there are some things the Board cannot take care of. The following is an overview of the measures how the customers, upon using the e-services environment e-MTA, can minimize potential risks and avoid dangers of the internet environment.

Estonian Tax and Customs Board’s e-services environment e-MTA

  • The e-services environment e-MTA of the Estonian Tax and Customs Board is available at https://maasikas.emta.ee/.
  • Make sure that the address starts with https - this indicates that it is a secure page.
  • A secure session is also indicated by the padlock icon shown in front of the address or displayed when clicking the icon next to the address.

Signing in

Signing in to the e-services environment takes place through the State Authentication Service (TARA). For authentication, you can use an ID card, Smart-ID or Mobile-ID valid in Estonia, and an ID with a high assurance level from another EU Member State.

E-MTA authentication tools

Recommendations for the secure use of the e-services environment e-MTA

  • The most secure way to enter the e-services environment of the Tax and Customs Board is through the links on our website. If the address of our website or e-services environment is in a text message, e-mail, etc., it may be a scam. It is also safe to enter through the websites of our partners (e.g. other state agencies, eesti.ee, etc.).
  • Do not give anyone your PINs or personal data, either orally or in writing, as this may allow scammers to access the e-services environment on your behalf and misuse your data. 
  • If you have granted access permissions to another person to represent you in the e-services environment but no longer wish to be represented, you must terminate the access permissions of the representative in the e-MTA yourself in order to avoid misuse of data. Instructions on how to terminate access permissions
  • Always exit the e-MTA using the “Sign out” button in the top right-hand corner of the page and then close all browser windows.
  • Do not use the e-services environment e-MTA on public computers the security of which you are not quite sure about.
  • All our service bureaus have client computers that make the e-services of the Tax and Customs Board safe and convenient to use.

E-MTA security requirements

  • If the user does not perform any actions in e-MTA within 25 minutes, the session will expire and the user will be automatically signed out of e-MTA.
  • If the user’s electronic means of identification or passwords have been stolen, lost or become known to a third party who does not have the right to use them, or if another security risk has arisen, the user shall immediately notify the Tax and Customs Board.
  • The Tax and Customs Board will temporarily block a user’s access to e-MTA if a security risk has been discovered or if the user has notified the Tax and Customs Board of the loss of their authentication tools or its passwords.
  • To restore access to e-MTA, the user submits a written application to the Tax and Customs Board.
  • The Tax and Customs Board records the user’s actions in e-MTA and, if necessary, uses the recordings to prove the actions.
  • The Tax and Customs Board is not liable for any direct or indirect damages or other consequences arising from disruptions or non-operation of e-MTA if they are due to reasons beyond the control of the Tax and Customs Board, such as power outages, malfunctions in communication lines, natural disasters, etc.

Viewing and terminating active sessions in E-MTA

Authentication in state e-services environments

Users can navigate between Estonian state e-services environments using single sign-on, a solution that requires only a single authentication. Once a user has signed in to a government e-services environment via the state authentication service (GovSSO), they can use other government e-services environments during the same browser session without having to re-authenticate in each one.

A step-by-step example of how authentication with session management works in e-services

Management of sessions on multiple devices

If you have forgotten to log out of a state e-services environment, landed on a phishing page, or noticed other suspicious activity in state e-services, you can view and terminate your active GovSSO sessions in the State Information System Authority's (RIA) GovSSO self-service.

To use the self-service environment, log in at minuautentimine.ria.ee, after which you will see a list of your active sessions in state e-services. You can also navigate to the self-service environment via the link on the GovSSO authentication service’s login, session continuation, and logout pages. Detailed instructions

The Tax and Customs Board implements the necessary security measures in its e-environment, but in the event of an attack, other state e-services may also be affected. Therefore, simply terminating e-MTA sessions may not be enough. If an attacker has already gained access to data or caused damage, please contact the Information System Authority (RIA) at [email protected] for assistance and guidance.
 

Staying safe online

Õngitsuskirjad

How to recognize scam e-mails

Guidance on recognising scam e-mails and messages sent on behalf of the Estonian Tax and Customs Board (ETCB), as well as a gallery of sample scam e-mails, is available. Advice is also provided on what to do if there is uncertainty about whether an e-mail or message was sent by the ETCB or if personal data has fallen into the wrong hands.

Read more

E-teenused

Be IT-conscious

Advice on how to operate safely on the web can be found on the Estonian Information System Authority's website Be IT-conscious.

Read more

business client

Last updated: 06.04.2026

open graph imagesearch block image

Was this page helpful?

If you wish an answer, write your e-mail address.