Skip to main content
Table of contents

Fraud prevention

Version 2.9 issued 14 July 2020

We have redesigned this document to help you find the information you need. There are no changes to the data you need to send. 

Why you must send data

We monitor transactions to help protect your customers’ confidential data from criminals and fraudsters. To make this possible, you must send us specific types of user audit data.

When you use some of our APIs, you have to submit HTTP fraud prevention headers. We use the data to support prosecutions for tax and duty fraud.

Warning You are required by law to submit header data for the VAT (MTD) API

Soon, you’ll need to send header data for all of our APIs. We recommend designing this into your applications now.

Privacy and security

HMRC has the right to collect audit data. We follow best practices set out by the Information Commissioner’s Office.

Transaction monitoring is a key security approach used in the UK and globally. Our approach follows the National Cyber Security Centre (NCSC) and the Cabinet Office’s recommended guidance.

For more information or to review your privacy notices, check the data protection impact assessment. You can also check the regulations.