Don't tell the Cabinet Office: HMRC is building its own online ID system

Just as GDS's Verify goes live


HMRC is pushing ahead with its own plans to build an online authentication portal following the decommissioning of the current Gateway portal in 2018, according to multiple sources.

One source said the department is building its own authentication capability that will deal with businesses – something the Government Digital Service's online authentication system Verify cannot do.

Like the Gateway, the new system will include the ability for individuals to authenticate themselves and nominate an accountant to do their tax returns. "HMRC's view on Verify is that it’s too slow and won’t ever handle businesses," said the insider.

Another said HMRC does not believe Verify will be ready. "It doesn't want to publicly admit it is building its own system, as it's a sensitive issue with the Cabinet Office. What we'll probably have is two online authentication systems for departments to use: the one designed by HMRC and Verify."

Last year HMRC was awarded £1.3bn to "build one of the most digitally advanced tax administrations in the world", which the department reckons will yield £1bn in extra tax revenue after 2020.

A spokesman from HMRC confirmed that the department will use a replacement for Gateway for business users, currently managed by the Department for Work and Pensions.

"The current Government Gateway will be replaced with a new version of the service. The replacement service will continue to support business and agent users into the future," he said.

However, he would not elaborate further on HMRC's role in designing the system.

He said: "GOV.UK Verify is built for individuals. Businesses and agents will continue to use Government Gateway to access online services and there are no plans to migrate these customers to GOV.UK Verify."

“We know that GOV.UK Verify doesn’t work for all our customers yet. To make sure that everyone who wants to use digital services is able to, we’ve put in place a complementary service for those customers struggling to get online, which is based on Government Gateway but with an added 2-step verification process and identity check to further strengthen security.”

During January 2016, 53,100 new users verified their identity with GOV.UK Verify in order to file their self assessment, according to the GDS blog. That was in addition to 11,000 people using GOV.UK Verify to file their self assessment tax returns in 2015.

However, that figure fell substantially short of the original estimates to have up to 500,000 self assessment users on the portal by then.

​In 2016 a total of 9.24 million users paid their tax online, with at least half of those having elected to use an accountant.

Last year Verify ran into major problems authenticating recipients of marriage tax credits, and farmers. After more than four years in the making, Verify finally went live this month.

HMRC's spokesman added: "The Government Gateway service will continue, although there will be improvements to security, design and usability delivered in a new version of Government Gateway. DWP is working with HMRC and other Government users to define the new service and when and how to achieve the move to the new version.

”The replacement service will continue to support business and agent users into the future.” ®

Similar topics


Other stories you might like

  • The future: Windows streaming through notched Apple screens

    Choice is the word for Jamf's Dean Hager

    Interview As Apple's devices continue to find favour with enterprise users, the fortress that is Windows appears to be under attack in the corporate world.

    Speaking to The Register as the Jamf Nation User Conference wound down, the software firm's CEO, Dean Hager, is - unsurprisingly - ebullient when it comes to the prospects for Apple gear in the world of suits.

    Jamf specialises in device management and authentication, and has long been associated with managing Apple hardware in business and education environments. In recent years it has begun connecting its products with services such as Microsoft's Azure Active Directory as administrators face up to a hybrid working future.

    Continue reading
  • There’s a wave of ransomware coming down the pipeline. What can you do about it?

    AI can help. Here’s how…

    Sponsored The Colonial Pipeline attack earlier this year showed just how devastating a ransomware attack is when it is targeted at critical infrastructure.

    It also illustrated how traditional security techniques are increasingly struggling to keep pace with determined cyber attackers, whether their aim is exfiltrating data, extorting organisations, or simply causing chaos. Or, indeed an unpleasant combination of all three.

    So, what are your options? More people looking for more flaws isn’t going to be enough – there simply aren’t enough skilled people, there are too many bugs, and there are way too many attackers. So, it’s clear that smart cyber defenders need to be supplemented by even smarter technology incorporating AI. You can learn what this looks like by checking out this upcoming Regcast, “Securing Critical Infrastructure from Cyber-attack” on October 28 at 5pm.

    Continue reading
  • Ransomware criminals have feelings too: BlackMatter abuse caused crims to shut down negotiation portal

    Or so says infsec outfit Emsisoft

    Hurling online abuse at ransomware gangs may have contributed to a hardline policy of dumping victims' data online, according to counter-ransomware company Emsisoft.

    Earlier this month, the Conti ransomware gang declared it would publish victims' data and break off ransom negotiations if anyone other than "respected journalist and researcher personalities" [sic] dared publish snippets of ransomware negotiations, amid a general hardening of attitudes among ransomware gangs.

    Typically these conversation snippets make it into the public domain because curious people log into ransomware negotiation portals hosted by the criminals. The BlackMatter (aka DarkSide) gang's portal credentials (detailed in a ransom note) became exposed to the wider world, however, and the resulting wave of furious abuse hurled at the crims prompted them to pull up the virtual drawbridge.

    Continue reading

Biting the hand that feeds IT © 1998–2021