HM Revenue & Customs

Combatting cyber crime with event-driven architecture

Using events to better predict and prevent financial fraud with His Majesty’s Revenue and Customs (HMRC).

In the United Kingdom alone, cybercrime causes billions of pounds worth of damage each year.

Beyond the immediate economic impact – which continues to grow – online fraud creates significant distress for individuals, as well as massive resourcing strain on both the public and private sector. 

As cybercrime continues to rise in scale and sophistication around the world, the  situation is only getting worse. The only valid response is to explore new and improved ways to predict, pre-empt, and protect against fraud, to protect UK taxpayers. Learn how Equal Experts supported His Majesty’s Revenue  and Customs (HMRC) to leverage event-driven architecture, data pipelines, and big data processing to manage and mitigate the threat of cyber fraud.

a sunny day in london featuring an iconic red phone box

This case study will help you to understand:

tree diagram icon

How legacy events, stored in data lakes, can be used for evolving organisational needs.

data icon

The importance of data pipelines in storing and managing information for large organisations.

eye icon

The value of event-driven architecture in predicting and preventing fraud in real-time.


About HRMC and the Customer Insights Platform

HMRC is the UK’s tax, payments and customs authority.

The organisation performs a range of sophisticated, vital functions, but their primary roles can  be summarised as: 

  1. Collecting money that pays for the UK’s public services and infrastructure 
  2. Supporting disadvantaged families and individuals with targeted financial support 
  3. Helping the honest majority to make accurate and valid tax submissions 
  4. Preventing the dishonest minority—cyber criminals—from cheating the system for illegal  financial gains 

In performing these roles, HMRC is improving guidance, enhancing and expanding its digital services (online via GOV.UK and through the HMRC app) to give customers quick and easy easy to manage their tax affairs.

Each year, HMRC serves over 50 million business and individual customers while generating hundreds of billions of pounds in revenue

To support and facilitate this digital activity, our team has worked with HMRC to build: 

  • A Multi-channel Digital Tax Platform (MDTP); a cloud platform hosted on Amazon Web  Services. The MDTP is home to HMRC’s online self-service tax applications; 130 digital  services comprised of >900 decoupled microservices. Learn more about cloud-based  platforms in our Digital Platforms playbook
  • The Customer Insights Platform (CIP). The CIP performs a protective function by collating and collecting customer data related to interactions that occur within the MDTP.  This data is primarily captured through digital channels via web-facing applications like  self-assessment, VAT filing and more.
  • Millions

    of transactions audited every day

  • Billions

    of transactions audited in January 2021

  • Hundreds

    of services monitored and audited


How events provide complete, real-time visibility of customers

With sophisticated customer journeys spanning multiple tax applications and departments, real time visibility of user behaviour is invaluable.

We used an event-driven architecture to enable the CIP to build a picture of what’s happening across our digital services and establish detailed profiles of customer interactions. These evaluations are designed to make it easier for taxpayers to get tax right, and harder for would-be criminals and identity thieves to bend or break the rules.

A consistent and detailed view of all customers, for all key stakeholders

The event-driven architecture we’ve built with HMRC engineers means that every customer interaction is tracked and audited as an event: from attempting a login or clicking on a content page, to submitting a self-assessment. These comprehensive transaction profiles can be surfaced throughout the organisation to provide continuity and a single, up-to-date source of truth for:

  • Case Workers

    Prioritise cases using analytics generated from event metadata, and interactively explore events on a case by case basis to conclude investigative outcomes.

  • Customer service teams

    Use events for performance analytics and understanding customer journeys to improve their service.

  • Finance teams

    Can be used for BI reporting such as number of tax submissions, potential fraud repayments blocked etc.

Why this matters

The profiles offer invaluable context for various departments throughout HMRC, creating huge  efficiencies by eliminating double handling of information, whilst a combination of event processing and meta-data analysis from transaction profiles supports the development of meaningful use cases. 

In readiness for a native events-processing tool, events and information were gathered from HMRC’s Multi-channel Digital Tax Platform and placed on a messaging queue. 

With the implementation of event-driven architecture in 2017, the CIP is now able to push data into a batched  analytical data lake. 

As a result, the CIP preserves the notion of markable events within the data lake, while leveraging a  range of other tools to perform big data processing functions across those captured events. 

This approach—which is only possible as a result of implementing and storing events prior to the CIP’s  capacity to use those events for real-time processing—creates two crucial benefits: 

  1. With the event streaming platform essentially functioning as a data pipeline, the data lake can be used for analytical, big-data processing thanks to the breadth of information captured as markable events. This  information can be used to surface customer profiles based on legacy interactions and metadata  generated through the Tax Platform. Learn more about data pipelines in our Data Pipeline playbook
  2. The information can be used for real-time event processing, which is critical in identifying and  blocking fraudulent transactions before they can occur. 

A diagram with a user's journey signified by a line, intersecting with different points representing events

The CIP is fed from the microservices-based architecture we co-created, running in Amazon Web Services (AWS). The platform facilitates the transition of information to the data lake, before a range of big data processing tools perform analytical functions on the information stored within the lake. 

One example is a suite of libraries associated with structural transaction layers. The data processing configuration enables a  range of capabilities associated with incremental-style event processing, creating two key benefits: 

  1. This approach allows the CIP to preserve the informational and conceptual structure of events  within the data lake. 
  2. In turn, this provides far greater flexibility and specificity in analysing targeted datasets, rather  than treating all information as one general set of data.

Using events to predict and prevent fraud

When it comes to digital crime, the best defence is undoubtedly predictive prevention.

Once a transaction is processed, it is incredibly difficult to recapture funds retrospectively. Doing everything possible to predict and deter illegal transactions in the first place is crucial. 

Event-processing plays a vital role in the CIP’s ability to review transaction profiles and identify potentially fraudulent activity quickly. 

For example, credential stuffing and other criminal practices can now be detected rapidly even after the very first attempts. Once a concerning transaction or pattern is identified, HMRC can trigger a number of corrective measures. These range from increased scrutiny of transaction profiles to blocking transactions if necessary.

programmer at a computer in an open plan office

Let’s consider a detailed practical use case.

Identifying fraud, fast

Among many other things, we configured the CIP to monitor for events that signify multiple login attempts for different users from the same device. 

Through ongoing event-processing, the CIP can quickly provide visibility of this behaviour. Rather than take a singular or definitive course of action, the platform can review transactions to establish more clarity around the user and build up a better profile of activity that’s potentially fraudulent. 

Fraud detection requires nuance and sophistication to ensure legitimate users have a trouble-free experience. Multiple login attempts on a single device is common practice for accountants working on behalf of a range of clients, for example. 

Thanks to event-driven architecture on the platform, we’ve given HMRC the power to determine what processes they adopt or alter based on up-to-date pictures of individual transaction profiles. 

The result? Improved experiences for legitimate users, and infinitely more effective protection against would-be criminals.


About the tech stack

The technical infrastructure of the Customer Insights Platform has evolved over time

Using an emergent design approach, Equal Experts has been able to flexibly build in new capabilities, integrations, and ancillary services to meet evolving needs quickly. Over time, we have used multiple solutions and third-party integrations to build solutions that meet the always evolving needs of the UK’s national infrastructure. 

Want to know more?

Are you interested in this project? Or do you have one just like it? Get in touch. We'd love to tell you more about it.