Beta This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Construction Industry Scheme Reform Manual

Authenticate customer: authentication: authentication of a limited company


CISR22600 Action guide contents


Because of our commitment to keeping customer information confidential it is essential that you know that the person wishing to use our services is the customer or someone who you have on record as being authorised to act on their behalf. In order to ‘authenticate’ that person/contact successfully you must first establish their identity and ensure that they know sufficient details relating to the customer to pass ‘Authentication’.

Authentication of limited company

To pass ‘Authentication’ the contact must supply:

  • Both ‘Mandatory items’ of information, and
  • Three further items of information, with at least one of these being taken from the ‘secure’ panel.

Mandatory Items

  • Name (associated with the reference supplied)
  • Address (associated with the reference supplied)

Secure Items

  • AO Ref
  • Official correspondence from HMRC (or former IR or C&E) (for visual inspection at Enquiry Counter only)

Additional Items

  • Phone number (associated with the reference supplied)
  • Date and time of last contact by customer
  • Company registration number (CRN)
  • Nature of business
  • Other address (CIS communications address, for example)

Only after the person making contact has been authenticated successfully may you moveon to the next stage dealing with the purpose of the call. Where authentication is not successful the call should be terminated and the contact asked to send details to you in writing. Where you are suspicious as to the origins of the call or the caller you should consider marking the contact as Suspect/Bogus and noting your reasons. Refer to CISR22650 for more details about this.