New fraud prevention measures take effect
From 1 April 2019, when Making Tax Digital for VAT begins, regulations SI. 360/2019 require software suppliers to ensure their products capture and transmit all available transaction monitoring metadata electronically as part of the VAT submission.
This information will be transmitted to HMRC systems, where it will be stored securely as part of their transaction monitoring policy for the prevention of fraud.
The data provided will be used by HMRC to monitor transactions to protect taxpayers from infringement of their data by criminals or fraudsters. Without this protection, personal data could be compromised, leading to fraud against taxpayers or the UK Exchequer.
It is a legal requirement for software developers to provide this information. Non-compliance could mean a penalty of £3,000 and access to the HMRC systems removed, which would mean non-functioning software.
The data that we are required to submit is as follows:
Was the submission made via a desktop product, mobile app, website, etc?
The public IP address (IPv4 or IPv6) from the customer’s device. Globally unique IP accessible over the internet
The public TCP port from the customer’s device.
User local timezone
width and height of a user’s monitor (measured in pixels) and colour depth
Software name and version number
IP address of the servers we make submissions to
Windows User ID and IRIS user ID
A list of all local IP addresses (IPv4 and IPv6) available to the originating device.
Width and height of the software window (measured in pixels)
Hashed version of the IRIS customer ID
List of MAC addresses available on the originating device
Make and model of clients machine and their operating system name and version
We are, therefore, helping to protect taxpayers’ confidential data by securely sending HMRC the data above, which HMRC will then record and monitor to ensure that the VAT return is submitted by the person responsible, and not by a criminal posing as the taxpayer or their agent.