HMRC have update the MTD Fraud Prevention header specifications which help to ensure that it is really you connecting to their systems and that as a result your data is secure. This means that whenever you interact with HMRC using an MTD recognised application like Synergy, in addition to the access credentials it has to pass up additional information specific to you, your computer, and the application, so that HMRC systems can be sure that it really is you interacting with them.
For example, if you normally use Synergy to contact HMRC from a specific computer based in the UK using a desktop computer and they receive an attempt to contact from Russia, China, or some other distant part of the world, using a laptop or tablet computer, those are indicators of potential malicious interaction.
To help protect your confidential data and stay ahead of criminals and fraudsters HMRC have reviewed the fraud prevention data that we need to send each time you interact with them.
On January 6th this year HMRC published version 3.0 of the Fraud Header specification, allowing 6 months for software developers to implement the changes. Synergy was updated and a new version made available to all users in less than 24 hours from receipt of the notification, so anyone using our software benefited from the additional security immediately. Many competing products are still not compliant, so another very good reason to use Synergy!
What has changed
For all connection methods, in addition to the existing header information we are now required to submit the name of the product as marketed to users, a timestamp that shows when the local IP address on your computer was collected, and another showing when Multi-factor authentication information was collected. These values have to be collected each time a call to HMRC systems is made, and cannot be cached from login.
We also had to change the format of some of the existing headers including submitting the client device Id as a universally unique identifier to ensure that supplied IDs are unique and help to track them across multiple requests, and submitting the user agent information as a key-value structure to help with processing the information automatically.