A New Intuit Open Source Release: user-data-for-fraud-prevention

Intuit Software Engineers Susmitha Kodamarthi and Reuben Evans are excited to launch user-data-for-fraud-prevention, a Node.js package to collect information about a user’s device, such as time zone, screen size, browser choice, browser plugins and other configuration options. Regulatory authorities often require software companies to provide these details to help prevent fraud.

As part of Intuit’s UK office, Susmitha and Reuben work on Quickbooks Online, helping power prosperity around the world. User-data-for-fraud-prevention grew out of work the two did to ensure compliance with the UK tax authority, Her Majesty’s Revenue and Customs (HMRC) and their Making Tax Digital (MTD) initiative, that seeks to make tax administration more effective, efficient and simple. HRMC requires software providers who use their APIs to provide additional information about the users’ devices, to help protect against fraudulent tax submissions. These are known as Fraud Prevention headers.

Values for certain fraud prevention headers required for MTD compliance need to be collected from the front end, and can be tricky to obtain. User-data-for-fraud-prevention at its core is a collection of the utility functions to get the value for each header. Fraud prevention header values that can be generated using this library include:

• Gov-Client-Timezone: (Originating device’s local time zone, expressed as UTC±)
• Gov-Client-Screens (Originating device’s screen details, like width, height, scaling-factor and colour-depth)
• Gov-Client-Window-Size (Originating device’s window width and height)
• Gov-Client-Browser-Plugins (A list of browser plugins on the originating device)
• Gov-Client-Browser-Do-Not-Track (Indicates whether ‘Do Not Track option’ is enabled on the browser)
• Gov-Client-Local-IPs (A list of all local IPv4 and IPv6 addresses available to the originating device)

User-data-for-fraud-prevention is a simple Node package with a utility to collect data from the browser. The library is written in JavaScript and uses Jest for testing.

Susmitha and Reuben found the original process of generating header values was work-intensive and monotonous. “Our hope is that by open sourcing this project, we can reduce the burden on engineers, saving them from solving the same problem many times over,” says Susmitha, “We also hope to help increase enforcement of fraud detection in MTD.” With over 500 recognised products on the market just for sales tax, and expanded MTD compliance required over the coming years, the amount of engineering time that can be saved is potentially enormous.

Proud members of Intuit’s UK office, Susmitha and Reuben want to become more active in the Open Source community in part to help grow awareness about Intuit UK engineers and the awesome things they’re building as they solve big problems for their customers.