Online Services: Digital Certificates

Digital Certificates - HMRCs strategic position

HMRC has reviewed the use of Digital Certificates (DC) in our online services. The review focused on the following considerations:

  • The use of User ID and password has become the dominant method of providing secure access to online services across most of government and private sector services. It has been and remains HMRCs central approach to access to secure online services. It also seems clear that agents' preference is for a User ID and password solution. And software vendors are also not seeing a great demand for DCs to be included in their products. Indeed the expense of doing so means that many vendors are pressing to exclude DCs from their products.
  • Although DCs are widely available, there has been a limited market take-up, and current take-up is now virtually static. There are only around 1,300 customers who are registered with DCs for our online services and the number of actual users is probably a lot lower. There is very little demand to extend the number DCs that we currently accept.
  • The costs to customers and the development and support costs to HMRC heavily outweigh the current number of DC users. There is an initial outlay of development and incorporation costs for each new online service, and there are annual costs and ongoing maintenance costs for existing online services. There are also compatibility problems between operating systems and DCs, eg Microsoft XP users cannot use the Equifax DC, and these problems have both cost and support implications.
  • HMRC does not have a test facility for Software Developers to test how their products handle DCs and in view of the low usage and demand for DCs HMRC cannot commit to expenditure in this area.
  • The Wider Industry view – the Gartner Report – includes the view that DC take up is unlikely to grow in the next couple of years and may well be overtaken by biometric-enabled e-signatures. Gartner also maintains that the use of User ID and passwords is adequate for most applications, particularly when only identification and authentication are required.

Conclusion

Taking all the above into consideration, the HMRC strategic view on DCs is as follows:

Current online services

We will not be extending DC support.

New online services

We will not be developing any DC support in any of our new online services.

Whilst we reserve the right to change this approach, we can see no likelihood of the position changing for the foreseeable future.