Version 2.9 issued 14 July 2020
Why you must send data
We monitor transactions to help protect your customers’ confidential data from criminals and fraudsters. To make this possible, you must send us specific types of user audit data.
When you use some of our APIs, you have to submit HTTP fraud prevention headers. We use the data to support prosecutions for tax and duty fraud.
Soon, you’ll need to send header data for all of our APIs. We recommend designing this into your applications now.
Privacy and security
HMRC has the right to collect audit data. We follow best practices set out by the Information Commissioner’s Office.
Transaction monitoring is a key security approach used in the UK and globally. Our approach follows the National Cyber Security Centre (NCSC) and the Cabinet Office’s recommended guidance.