Online security - making your online experience as secure as possible

Electronic communication and transactions are a key part of HM Revenue & Customs (HMRC) business. However, the advantages that online transactions provide can also give rise to the risk of fraud - individuals claiming to be someone they are not, and obtaining information they are not entitled to. HMRC, in common with all providers of online services, is committed to your security - but you need to be alert.

HMRC continuously monitors systems and customer records to guard against fraudulent activity. The methods fraudsters use to obtain the information they want is constantly changing, so HMRC provides regular updates on the type of scams it is aware of. The main risk involves the stealing of identity or access details. Please do everything you can to ensure that the identifiers and passwords you use when accessing HMRC systems are kept secure and updated regularly. Any suspicious activity should be reported to HMRC immediately.

Find out how HMRC keeps you safe online and what you can do to protect yourself.

What HMRC does to protect you online

HMRC takes online security very seriously. Here are just some of the measures it takes to protect you and your data.

Firewall protection

HMRC uses firewall protection as a very effective high security barrier around its systems and your data. This detects any attempts at unauthorised entry.

Security certificates

Any page of the HMRC website that contains sensitive information is protected by a technology known as SSL (Secure Sockets Layer). This encrypts the data you send to HMRC via the Internet. When you log in to HMRC's Online Services you are always protected - and this is shown by the padlock in the bottom right hand corner of your Internet browser.

Secure sign-in

HMRC's Online Services are only available to customers who register their details. Every time you log in, you must enter your User ID and Password before you can access your services.

Time-out

After 15 minutes of inactivity within HMRC's Online Services, you are automatically logged out. So if you've forgotten to log out, no one will be able to access your services in your absence. Simply log in again to continue. It's good practice to always log out if you are leaving your computer unattended to prevent unauthorised access. When finally leaving the HMRC site, it is good practice to close your Internet browser.

What you can do to protect yourself online

Anti-virus software

Make sure your computer has anti-virus software, and that it is continually updated to check the contents of the files on your computer against the information it holds about known viruses.

Personal firewall

Make sure your computer has a firewall to block any unauthorised connections being made to your computer.

Anti-spyware software

Make sure your computer has anti-spyware software and that it is continually updated.

Keep your software up-to-date

Make sure the software on your computer, particularly the operating system and Internet browser, is up-to-date. Make sure you download and install updates regularly.

Keep your data secure

Keep your passwords and PINs secure. Do not write them down or tell anyone what they are.

Frauds and Scam emails (phishing)

HMRC wants to make sure you can recognise a fraudulent email if you receive one.

Find out more about frauds and scams

Useful HMRC links

• Current security messages
• HMRC-related scam examples

Useful external links

You may find these links useful, however they are not under HMRC control and it is not responsible for their content.

• Get safe online (opens new window)
• Bank safe online (opens new window)
• IT safe (opens new window)
• Office of Fair Trading (opens new window)
• Consumer Direct (opens new window)
• Identity-theft.org.uk (opens new window)
• APACS (opens new window)