eBay

Thanks @ett1954  for introducing some common sense into this thread. I thought at first that the scaremongers were just playing devil's advocate, but I'm beginning to think they actually believe the nonsense they've been posting. I've had a few jobs during my working life, and every one of those had my NINO. Almost all of those employers which are still in existence pose a much greater threat to the data than eBay does.

The idea that a multi-national like eBay (let alone all the smaller selling platforms) can just begin storing NINO's, without extensive vetting from government agencies, is just idiotic. eBay will have been subject to the most stringent, most up-to date scrutiny. It is legally required that they store this information, so the authorities must ensure they are properly set up to do so. Yes, eBay could be subject to a hack, or could ignore their legal duty of care, but they're no more likely to, than any other organisation which already holds the info.

Southern Water didn't appear to be punished or fined, and that involved national insurance numbers. People whose data was compromised (myself included) got a 'sorry' and a years free Experian. 

https://www.southernwater.co.uk/latest-news/cyber-attack-update-for-customers/

---

@ett1954 wrote:

@kempseykate   "The less info someone has about me the better"

 

 

 

No-one at eBay, or anyone else, can access your financial information without the necessary password nor the verification means/device.  It is a requirement under the legislation provided only to identify the member against the information provided to HMRC.  If applicable you should be more concerned about your social media activity.

---

I didn't suggest that someone from ebay could access my financial information, my concern was that if ebay were hacked again, now the hacker would have my password, name, address, dob, bank details and now NI number. And what a lovely time they could have with all those details!

I know you said you weren't accusing any one on here about social media, but I can assure you I don't give out those details. As I have said before, FB don't have my true dob or full name.  If people are silly enough to put all their info out there, they only have themselves to blame when things go wrong. 

But there is a difference between people's stupidity and large companies being hacked.

ebay have been majorly hacked in the past in San Diego (Who knows how many times since and to what degree ?)- in fact the then Communications Director posted a very good apology. That was swiftly removed and the Director never heard of again.

The HMRC web site warns against sharing the NINO with anyone not included in the list they posted, wouldnt a simple solution be for HMRC to authorise sharing this info to an entity like ebay?

---

@vinylscot wrote:

The idea that a multi-national like eBay (let alone all the smaller selling platforms) can just begin storing NINO's, without extensive vetting from government agencies, is just idiotic. eBay will have been subject to the most stringent, most up-to date scrutiny. It is legally required that they store this information, so the authorities must ensure they are properly set up to do so. Yes, eBay could be subject to a hack, or could ignore their legal duty of care, but they're no more likely to, than any other organisation which already holds the info.

---

That's your opinion.

But for one moment let's agree that there is all the stringency, up to date scrutiny and have the approved levels of security that you suggest ebay has put in place at HMRC's insistence, just like all the other companies that are hacked.   The FACT is that they ARE hacked with monotonous regularity.

So please stop trying to make out that anyone with a different opinion is lacking common-sense, any sense at all, is looking for the worst-case scenario, scare-mongering or any other dismissive phrase you care to think of and answer my question.

Why do I have to give ebay my NINO when I have a UTR that I consider is safer to hand over and which will allow HMRC to link my sales info. to the rest of my income just as well, but with less risk to my security ?

@theelench  The answer to your question, as you know, is pretty obvious. Not everyone has a UTR, whereas everyone (with a few readily resolved exceptions) has a NINO. Requesting only NINO's  keeps it as simple as possible.

Again, you're just going out of your way to manufacture reservations. 

---

@a45heaven wrote:

 

The HMRC web site warns against sharing the NINO with anyone not included in the list they posted, wouldnt a simple solution be for HMRC to authorise sharing this info to an entity like ebay?

---

As I have pointed out exhaustively before; HMRC state that NINOs can be shared with "authorised financial service providers". eBay Commerce (UK) Ltd is an authorised financial service provider; you can see their entry in the Financial Conduct Authority's register here. 

---

@theelench wrote:

---

Why do I have to give ebay my NINO when I have a UTR that I consider is safer to hand over and which will allow HMRC to link my sales info. to the rest of my income just as well, but with less risk to my security ?

---

The requirements (stipulated by the OECD and not HMRC) require a unique Government-issued tax identification number. The vast majority of private sellers will only have a NINO serving this purpose; for some reason it seems eBay has decided that sole traders will also be required to provide their NINO even though they will have a UTR sufficient for the purpose. 

authorised financial service providers who help you buy and sell investments like shares, bonds and derivatives -

Is this what you mean?

If ebay are a "authorised financial service providers". - Then why was adyen drafted in ?

---

@vinylscot wrote:

eBay will have been subject to the most stringent, most up-to date scrutiny. It is legally required that they store this information, so the authorities must ensure they are properly set up to do so. 

---

Sometimes the authorities themselves mess up. 

I don't think the idea there is some sort of independent scrutiny and monitoring is the reality. For example, we take card payments directly via our own website and in-store via our own direct merchant accounts. In order to do this we are required to be PCI DSS compliant to ensure sensitive customer details - including card details, names, addresses, order details etc. are stored securely. For the record we are compliant but there is no independent verification that we are; compliance is verified by completing a yearly questionnaire. eBay will obviously need to have more measures than a yearly questionnaire that someone completes in place but ultimately I believe their measures are most likely self-policed and would only be investigated if they did report a breach.  

For the record I don't believe there is any more risk providing a NINO to eBay than any employer, bank, local authority etc. However, I do believe the more organisations that have it the more the risk increases.

That clears-up that point then, HMRC are complying with the OECD requirements and now require ebay (et al) to report sales info. linked to a "...unique Govt.-issued tax ID identification number."

Fair enough, I have no problem with that.

My problem is that being as cautious as I am in trying to protect my data from theft, I don't see why I should hand-out data un-necessarily.  I have a UTR, that I could use,  more securely than giving more info. to ebay (IMO).

As @4_bathrooms  says, the more organisations that have such data, the greater the risk, obviously.

I agree that (probably) a majority of ebay private sellers will only have a NINO, a few may not even have that, but (again, probably) a significant number will have a UTR, which by-passes the necessity to give ebay more personal information than they need to comply with the new reporting rules. They should be able to use it if they wish.

If it comes to a choice between what is convenient for ebay and my attempts at keeping my data safe, my safety will come first.

---

@a45heaven wrote:

 

If ebay are a "authorised financial service providers". - Then why was adyen drafted in ?

---

Adyen are a payment service provider; they provide eBay with a merchant account that enables them to accept card (and Paypal) payments. An organisation cannot take card payments without the involvement of a merchant account provider like Adyen (eBay's users do not have any contract with Adyen).

eBay are the party responsible for disbursing funds to sellers and act as (a mostly automated) judge, jury and executioner in disputes between buyers and sellers. It is actually a good thing they are FCA regulated as this provides a means to complain about or appeal a final decision eBay makes to the regulator or the ombudsman.

---

@theelench wrote:

 

My problem is that being as cautious as I am in trying to protect my data from theft, I don't see why I should hand-out data un-necessarily.  I have a UTR, that I could use,  more securely than giving more info. to ebay (IMO).

 

---

I have a feeling HMRC's internal guidance about the matter is where the NINO requirement for individuals (private sellers and sole traders) originates from:

"For most individuals in the UK the TIN will be their National Insurance Number."

That might explain why eBay requests a NINO from sole traders but a UTR from ordinary partnerships; that always struck me as odd before I read the above HMRC document.

That does seem to explain why ebay is only offering the NINO option to private sellers.

A shame really IMO as it leaves private sellers with only one choice, give ebay their NINO or stop selling on ebay, when for some it isn't really necessary.

Probably not the result that either ebay or HMRC wanted as in the longer term both will probably loose revenue because of it. 

@4_bathrooms   Thanks for posting that government link.  It contains a wealth of information which answers some of the common questions raised on this and associated threads.  I am surprised eBay have not referred to it in their limited communications on this subject to justify their actions.

One point stood out:  "Financial Institutions should rely on the IT systems they have in place at the time the electronic searches are carried out, they are not expected to build systems to carry out electronic searches solely for the purpose of reporting under their automatic exchange of information obligations."   Then why the new regulatory fee?  - I assumed eBay would have to introduce new systems, hence the new fee.

Another interesting point:  "Where a Financial Institution does not hold information in its records [see IEIM402300] on either the Account Holder’s taxpayer identification number [see IEIM402040] or date of birth [see IEIM402180] it is expected to make reasonable efforts to obtain the information by the end of the second calendar year following the year in which the account is identified as reportable."  This could explain why eBay have not started pushing for the information from existing sellers as in effect it can add another year onto the Jan 31, 2025 date.  While this may be beneficial to eBay in not scaring away sellers it could leave those affected, especially through ignorance, in an even bigger 'hole' when eventually reported.

Are you aware that in 2014 hackers accessed personal data of all 145 million users using the login credentials of three corporate employees. Easily readable online, if you were around at the time we all had to change passwords.

It's all ships n giggles until it goes belly up.

If you were not a business seller trading illegally on a private ebay account, ebay would have had that information already.