Send fraud prevention data
Version 3.1 issued 31 January 2022
Check what has changed
Why you must send data
We monitor transactions to help protect your customers’ confidential data from criminals and fraudsters. To make this possible, you must send us specific types of user audit data.
When you use some of our APIs, you have to submit HTTP fraud prevention headers. We use the data to support prosecutions for tax and duty fraud.
We work with you to help meet this specification. If after discussions with HMRC an application continues to submit incorrect or missing data, software providers may be fined and blocked from using HMRC APIs. Check the Compliance and Sanctions Guidelines.
Privacy and security
HMRC has the right to collect audit data. We follow best practices set out by the Information Commissioner’s Office.
Transaction monitoring is a key security approach used in the UK and globally. Our approach follows the National Cyber Security Centre (NCSC) and the Cabinet Office’s recommended guidance.