Combatting cyber crime with event-driven architecture

Using events to better predict and prevent financial fraud with His Majesty’s Revenue and Customs (HMRC)

In the United Kingdom alone, cybercrime causes billions of pounds worth of damage each year.

Beyond the immediate economic impact – which continues to grow – online fraud creates significant distress for individuals, as well as massive resourcing strain on both the public and private sector.

As cybercrime continues to rise in scale and sophistication around the world, the  situation is only getting worse. The only valid response is to explore new and improved ways to predict, pre-empt, and protect against fraud, to protect UK taxpayers. Learn how Equal Experts supported His Majesty’s Revenue  and Customs (HMRC) to leverage event-driven architecture, data pipelines, and big data processing to manage and mitigate the threat of cyber fraud.

This case study will help you to understand:

  • How legacy events, stored in data lakes, can be used for evolving organisational needs.
  • The importance of data pipelines in storing and managing information for large organisations.
  • The value of event-driven architecture in predicting and preventing fraud in real-time.
a sunny day in london featuring an iconic red phone box

Outcomes

Millions

of transactions audited every day

Billions

of transactions audited in January 2021

Hundreds

of services monitored and audited

About HMRC and the Customer Insights Platform

HMRC is the UK’s tax, payments and customs authority. The organisation performs a range of sophisticated, vital functions, but their primary roles can be summarised as:

  • Collecting money that pays for the UK’s public services and infrastructure
  • Supporting disadvantaged families and individuals with targeted financial support
  • Helping the honest majority to make accurate and valid tax submissions
  • Preventing the dishonest minority—cyber criminals—from cheating the system for illegal financial gains

In performing these roles, HMRC is improving guidance, enhancing and expanding its digital services (online via GOV.UK and through the HMRC app) to give customers quick and easy easy to manage their tax affairs. Each year, HMRC serves over 50 million business and individual customers while generating hundreds of billions of pounds in revenue. To support and facilitate this digital activity, our team has worked with HMRC to build:

  • A Multi-channel Digital Tax Platform (MDTP); a cloud platform hosted on Amazon Web Services. The MDTP is home to HMRC’s online self-service tax applications; 130 digital services comprised of >900 decoupled microservices. Learn more about cloud-based platforms in our Digital Platforms playbook.
  • The Customer Insights Platform (CIP). The CIP performs a protective function by collating and collecting customer data related to interactions that occur within the MDTP. This data is primarily captured through digital channels via web-facing applications like self-assessment, VAT filing and more.
Industry
Government
Organisation size
66k+ employees
Location
UK

Challenge

How events provide complete, real-time visibility of customers

With sophisticated customer journeys spanning multiple tax applications and departments, real time visibility of user behaviour is invaluable.

We used an event-driven architecture to enable the CIP to build a picture of what’s happening across our digital services and establish detailed profiles of customer interactions. These evaluations are designed to make it easier for taxpayers to get tax right, and harder for would-be criminals and identity thieves to bend or break the rules.

A consistent and detailed view of all customers, for all key stakeholders

The event-driven architecture we’ve built with HMRC engineers means that every customer interaction is tracked and audited as an event: from attempting a login or clicking on a content page, to submitting a self-assessment. These comprehensive transaction profiles can be surfaced throughout the organisation to provide continuity and a single, up-to-date source of truth for:

  • Case Workers: Prioritise cases using analytics generated from event metadata, and interactively explore events on a case by case basis to conclude investigative outcomes.
  • Customer service teams: Use events for performance analytics and understanding customer journeys to improve their service.
  • Finance teams: Can be used for BI reporting such as number of tax submissions, potential fraud repayments blocked etc.

The profiles offer invaluable context for various departments throughout HMRC, creating huge  efficiencies by eliminating double handling of information, whilst a combination of event processing and meta-data analysis from transaction profiles supports the development of meaningful use cases.

In readiness for a native events-processing tool, events and information were gathered from HMRC’s Multi-channel Digital Tax Platform and placed on a messaging queue.

With the implementation of event-driven architecture in 2017, the CIP is now able to push data into a batched analytical data lake.

As a result, the CIP preserves the notion of markable events within the data lake, while leveraging a  range of other tools to perform big data processing functions across those captured events.

This approach—which is only possible as a result of implementing and storing events prior to the CIP’s  capacity to use those events for real-time processing—creates two crucial benefits:

  1. With the event streaming platform essentially functioning as a data pipeline, the data lake can be used for analytical, big-data processing thanks to the breadth of information captured as markable events. This information can be used to surface customer profiles based on legacy interactions and metadata generated through the Tax Platform. Learn more about data pipelines in our Data Pipeline playbook.
  2. The information can be used for real-time event processing, which is critical in identifying and  blocking fraudulent transactions before they can occur.
A diagram with a user's journey signified by a line, intersecting with different points representing events

 

 

The CIP is fed from the microservices-based architecture we co-created, running in Amazon Web Services (AWS). The platform facilitates the transition of information to the data lake, before a range of big data processing tools perform analytical functions on the information stored within the lake.

One example is a suite of libraries associated with structural transaction layers. The data processing configuration enables a range of capabilities associated with incremental-style event processing, creating two key benefits:

This approach allows the CIP to preserve the informational and conceptual structure of events within the data lake.

In turn, this provides far greater flexibility and specificity in analysing targeted datasets, rather than treating all information as one general set of data.

programmer at a computer in an open plan office

Solution

Using events to predict and prevent fraud

When it comes to digital crime, the best defence is undoubtedly predictive prevention.

Once a transaction is processed, it is incredibly difficult to recapture funds retrospectively. Doing everything possible to predict and deter illegal transactions in the first place is crucial.

Event-processing plays a vital role in the CIP’s ability to review transaction profiles and identify potentially fraudulent activity quickly.

For example, credential stuffing and other criminal practices can now be detected rapidly even after the very first attempts. Once a concerning transaction or pattern is identified, HMRC can trigger a number of corrective measures. These range from increased scrutiny of transaction profiles to blocking transactions if necessary.

Results

Identifying fraud, fast

Among many other things, we configured the CIP to monitor for events that signify multiple login attempts for different users from the same device.

Through ongoing event-processing, the CIP can quickly provide visibility of this behaviour. Rather than take a singular or definitive course of action, the platform can review transactions to establish more clarity around the user and build up a better profile of activity that’s potentially fraudulent.

Fraud detection requires nuance and sophistication to ensure legitimate users have a trouble-free experience. Multiple login attempts on a single device is common practice for accountants working on behalf of a range of clients, for example.

Thanks to event-driven architecture on the platform, we’ve given HMRC the power to determine what processes they adopt or alter based on up-to-date pictures of individual transaction profiles.

The result? Improved experiences for legitimate users, and infinitely more effective protection against would-be criminals.

About the tech stack

The technical infrastructure of the Customer Insights Platform has evolved over time.

Using an emergent design approach, Equal Experts has been able to flexibly build in new capabilities, integrations, and ancillary services to meet evolving needs quickly. Over time, we have used multiple solutions and third-party integrations to build solutions that meet the always evolving needs of the UK’s national infrastructure.

You may also like

cartoon of small figures interacting with large laptop, tablet and smart phone screens with hot air balloons

Blog

Understanding event-driven architecture and microservices in comparison to a monolith.

Case Study

Equal Experts supports the tools that help HMRC identify tax fraud

Case Study

Powering a leading payment platform with event-driven architecture

Get in touch

Want to know more?

Are you interested in this project? Or do you have one just like it? Get in touch. We’d love to tell you more about it.