tag:blogger.com,1999:blog-3993498847203183398.post2148962342257651449..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: What the hash?RevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-3993498847203183398.post-28102468758065969832013-05-13T18:13:00.299+01:002013-05-13T18:13:00.299+01:00Basically, all the hash does is confirm the submit...Basically, all the hash does is confirm the submitter has access to BACS. It does no more. It does not check payments at all. As long as a payment matches the hash and amount, even if back you yourself (which the banks really would not care about, honest, we do it), HMRC cannot tell anything.<br /><br />So one has to wonder what the hash is meant to check. If all it checks if the sender has means to send BACS, then they could just ask for your SUN. The hassle and technology involved creates lots of problems and proves nothing.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-46709262126023021902013-05-13T18:08:26.969+01:002013-05-13T18:08:26.969+01:00I see they've responded to your FoI request, l...I see they've responded to your FoI request, looks like they do get the amount as well as the hash, so you couldn't just make 1p payments.<br /><br />Having said that, I would assume the 'threat' to HMRC here is not you claiming you've paid an employee but not actually doing so (which wouldn't be in your interest, as you'd still owe HMRC the associated amount of tax and NI contributions and have to pay it), but that you report to HMRC you've paid the employee less than you actually have (so as to reduce the amount you owe HMRC).<br /><br />In that situation, all it requires you to do is therefore pay the employee twice, once at the amount you've told HMRC about, and then again separately. I guess the counter argument here is that the employee would then potentially notice something amiss, but as suggested above you could always pay yourself the appropriate amount (though that would likely make the bank suspicious in the long run)...Alexhttps://www.blogger.com/profile/08491808572691231544noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-75067923054877490542013-04-15T09:21:07.333+01:002013-04-15T09:21:07.333+01:00Even if you supplied HMRC with the destination sor...Even if you supplied HMRC with the destination sort code and account number and the value of the transaction, how would they know that that account belongs to the employee?Psimonkeyhttps://www.blogger.com/profile/02066370602756543973noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-40008947755916640722013-04-12T12:08:26.312+01:002013-04-12T12:08:26.312+01:00I'm assuming they are treating the hash as a k...I'm assuming they are treating the hash as a kind of unique transaction ID, so if there are questions they can easily identify the offending transactions at the bank and obtain full details more easily. It does seem a lot of effort for little value though, particularly as the most obvious way to cheat is to pay people off the books somehow and then there would neither be a submission to bacs or a record send to PAYE.<br />John Burtonhttps://www.blogger.com/profile/07156658352563482506noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-5828253255871317102013-04-12T10:40:34.067+01:002013-04-12T10:40:34.067+01:00Also, saying "not 100% secure" is mislea...Also, saying "not 100% secure" is misleading - it implies some slim theoretical chance of being thwarted. No, it is not "secure" at all - they have no way to check the hash is correct, all they can do is check it matches a BACS payment but no details of the payment itself. So it is 100% possible to fool it, i.e. it is 0% secure. But it adds hassle, and makes mistakes possible, as well as making legitimate corrections and changes difficult or impossible. It causes potential problems for all legitimate users, but anyone actually trying to game the system has no problem and looks queeky clean to HMRC. We are all paying to make this happen.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-45867273832628477122013-04-12T10:31:33.926+01:002013-04-12T10:31:33.926+01:00Can't see that the hashes help with that - if ...Can't see that the hashes help with that - if the RTI report does not match payments, then that is evidence we are sending wrong reports. The difference between the two is evidence enough.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-81825582004275624052013-04-12T10:29:15.383+01:002013-04-12T10:29:15.383+01:00It seems to me that it's not 100% secure but i...It seems to me that it's not 100% secure but if they have any doubts about the accuracy of your data that they would have the legal powers to obtain the actual payment data and at that point it would become clear that the payments didn't match the purpose. The hashes give them a clear trail of evidence to follow that you've deliberately mislead them thus aiding any investigations or prosecutions while remaining relatively anonymous in the general case. John Burtonhttps://www.blogger.com/profile/07156658352563482506noreply@blogger.com