Validation process for ensuring ratepayer proof-of-identity

The request was successful.

Dear Common Council of the City of London,

In terms of the Freedom of Information Act of 2000, could you please provide me with information on how you ensure that ratepayers are who they say they are when they contact you to transact on their accounts.

More specifically, please provide the following information on your verification process for securely validating ratepayer identity before they transact on their accounts (where transactions can be anything from updating their bank details, to requesting refunds):

* What information (be it proof of identity, account numbers, specific transaction details) do you require from ratepayers to validate that they are the person they claim to be, and – in the case of commercial ratepayer accounts – authorised to transact on that account?
* Has this verification process been validated by a security professional?
* Has this verification process been approved by your auditors and/or the insurer that covers your fidelity guarantee risk?
* How often is this process re-validated, and when was the last time this was done?
* Could you provide any correspondence, or certification, which proves this validation?

Note that I am not requesting any personally-identifying information, only the process itself.

Yours faithfully,

Gavin Chait

COL - EB - Information Officer, Common Council of the City of London

Dear Mr Chait,

FREEDOM OF INFORMATION ACT 2000 (FOIA) – REQUEST FOR INFORMATION

The City of London (CoL) acknowledges receipt of your request for information of 30 June 2017.

Public authorities are required to respond to requests within the statutory timescale of 20 working days beginning from the first working day after they receive a request. The Act does not always require public authorities to disclose the information which they hold.

The FOIA applies to the CoL as a local authority, police authority and port health authority. The CoL is the local and police authority for the “Square Mile”, ie the historic City of London, and not for London as a whole. Please see the following page containing a link to a map (Explore the City), which shows the local authority area covered by the CoL:
https://www.cityoflondon.gov.uk/maps/Pag....
The CoL does have some functions, including Port Health Authority functions, which extend beyond the City boundary. For further information please see: www.cityoflondon.gov.uk<http://www.cityoflondon.gov.uk>.

Yours sincerely,

Information Officer
Comptroller & City Solicitor’s Department
City of London
Tel: 020-7332 1209
www.cityoflondon.gov.uk<http://www.cityoflondon.gov.uk>

show quoted sections

CHB - FOI, Common Council of the City of London

Dear Mr. Chait

 

I refer to your request of 30^th June 2017 and the City’s reply of the
same date.

 

Your individual questions and the responses are set out below:

 

information on how you ensure that ratepayers are who they say they are
when they contact you to transact on their accounts.

If the query is over the telephone, ratepayers are asked for their rate
account reference number. This is a unique system generated number not
related to the billing authority reference number which is public
information. Only City of London staff who are users of the rates system,
the ratepayers themselves and any third parties they disclose the
information to have access to rate account reference numbers. If the query
is by letter, the letter should be on the headed paper of the organisation
quoting the addresses of the rated premises to which the query relates. No
amendments to accounts are made on the strength of a telephone call.
Information must be confirmed in writing.

 

Where an agent is acting for a ratepayer, no information is provided
unless the agent either has the rate account reference number or provides
a recent, signed letter of authority from the ratepayer on the ratepayer’s
headed paper. The letter should be signed by a person in a position of
authority in the organisation, such as a managing director, company
secretary or company accountant.

 

More specifically, please provide the following information on your
verification process for securely validating ratepayer identity before
they transact on their accounts (where transactions can be anything from
updating their bank details, to requesting refunds):

Ratepayers are not able to transact on their accounts. They are able to
register for self service which enables them to look up information held
on their rate accounts but they cannot carry out any transactions on their
rate accounts or make any amendments. In order to register, they need
their rate account reference number as described above.

Ratepayers do not need to request refunds as credits are refunded to the
person who actually paid the amount without a formal request.

 

* What information (be it proof of identity, account numbers, specific
transaction details) do you require from ratepayers to validate that they
are the person they claim to be, and – in the case of commercial ratepayer
accounts – authorised to transact on that account?

Please see answers above. The rate account reference number is required
from the ratepayer; this would be on the rate bill.  It is assumed that
“commercial ratepayer accounts” refers to agents acting for ratepayers.
Again, please see answers above.

  

* Has this verification process been validated by a security professional?

No

 

* Has this verification process been approved by your auditors and/or the
insurer that covers your fidelity guarantee risk?

This has not been subject to specific review in recent audits.

The insurer that covers the fidelity guarantee risk has not been asked to
validate the specific process that is the subject of the enquiry. The City
is required to submit a general response regarding policies and procedures
to insurers at each renewal.

You may also be interested to know that besides fidelity guarantee, the
City has Crime Insurance. Fidelity guarantee  covers theft/fraud by an
employee only while crime insurance  covers fidelity guarantee and theft
through money orders, counterfeit currency, forgery, third party computer
and funds transfer. It is not specific to rates but includes rates.

 

* How often is this process re-validated, and when was the last time this
was done?

The process is not re-validated at a specific time but it forms part of
overall procedures which are continually under review and amended when
required.

 

* Could you provide any correspondence, or certification, which proves
this validation?

The validation forms part of general office procedures. No specific
correspondence or certification.

 

 

If you wish to make a complaint about the way the CoL has managed your
enquiry under the FOIA, please make your complaint in writing to email
address: [1][email address]. For a link to the CoL’s FOI
complaints procedure, please visit the following page:
[2]www.cityoflondon.gov.uk/Feedback, at the end of which is located the
FOI complaints procedure. If, having used the CoL’s FOI Complaints
Procedure, you are still dissatisfied, you may request the Information
Commissioner to investigate. Please contact: Information Commissioner,
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: (01625)
545700. Website: [3]http://www.ico.org.uk/

 

The FOIA applies to the City of London as a local authority, police
authority and port health authority.

 

The City of London holds the copyright in this email. The supply of it
does not give a right to re-use it in a way that would infringe that
copyright, for example, by making copies, publishing and issuing copies to
the public or to any other person. Brief extracts of any of the material
may be reproduced under the fair dealing provisions of the Copyright,
Designs and Patents Act 1988 (sections 29 and 30) for the purposes of
research for non-commercial purposes, private study, criticism, review and
news reporting, subject to an acknowledgement of the copyright owner.

 

Yours sincerely,

 

Head of Revenues,

City of London

P.O.Box 270, Guildhall, London, EC2P 2EJ

Tel: 020 7332 1387   

Website: [4]www.cityoflondon.gov.uk

 

 

THIS E-MAIL AND ANY ATTACHED FILES ARE CONFIDENTIAL AND MAY BE LEGALLY
PRIVILEGED. If you are not the addressee, any disclosure, reproduction,
copying, distribution or other dissemination or use of this communication
is strictly prohibited. If you have received this transmission in error
please notify the sender immediately and then delete this e-mail.
Opinions, advice or facts included in this message are given without any
warranties or intention to enter into a contractual relationship with the
City of London unless specifically indicated otherwise by agreement,
letter or facsimile signed by a City of London authorised signatory. Any
part of this e-mail which is purely personal in nature is not authorised
by the City of London. All e-mail through the City of London's gateway is
potentially the subject of monitoring. All liability for errors and
viruses is excluded. Please note that in so far as the City of London
falls within the scope of the Freedom of Information Act 2000 or the
Environmental Information Regulations 2004, it may need to disclose this
e-mail. Website: http://www.cityoflondon.gov.uk

References

Visible links
1. mailto:[email address]
2. file:///tmp/www.cityoflondon.gov.uk/Feedback
3. http://www.ico.org.uk/
4. file:///tmp/www.cityoflondon.gov.uk