Author: Paul

Cash Under Threat

A new report has concluded that with the recent steep fall in the use of cash, particularly by young people, the government and regulators need to step in to ensure that cash remains a viable method of payment in the future.

The ‘Independent’ Research

The independent research called ‘Access to Cash Review’ was authored by Natalie Ceeney (a former financial ombudsman) and financed by cash machine network operator Link and used evidence from nearly 100 businesses and charities in the UK to reach its conclusions.

What’s The Problem?

The use of cash has been in decline while the use of cards (particularly contactless) has experienced a huge boost, particularly among the young. For example, for the first time, debit card use, driven by contactless payments, overtook the number of payment transactions made in cash in the UK back in 2017.

Also, the Access To Cash research has concluded that at its current rate of decline, cash use would end by as soon as 2026, although notes and coins may still be used in 15 years’ time, but only for an estimated 10% and 15% of transactions.

The declining use of cash has also forced the removal of many ATMs, and a move to online and mobile banking has contributed to the closure of many bank branches.

All these factors have put pressure on the whole cash system and have threatened to drive cash out of popular use within 10 years.

Benefits Of Cashless

In UK cities such as London and Manchester, there are already cashless cafés and pubs e.g. the Crown and Anchor pub in South London which, in October, switched to fully cashless with customers only able to use debit cards, credit cards and contactless payments including Android Pay and Apple Pay. 

There are several key benefits for business that choose to go cashless including:

  • Saving time that could be used elsewhere in the business.  For example, going cashless means no more time spent cashing up, getting change, or going to and from the bank.
  • Cost savings e.g. no need for cash registers.
  • Faster transactions, which could lead to smaller queues and better customer experiences, which could improve customer loyalty and attract new customers.
  • Lower insurance premiums because there is no cash on the premises, thereby deterring burglars and thieves.

Drawbacks

There are some drawbacks to going cashless, which include:

  • Excluding poorer and older members of society, and those with mental health challenges, many of whom rely on cash and may not have a bank account.
  • Businesses in rural areas may be less able to go cashless due to those areas being less well served by broadband and mobile connections.

Ideas

Ideas to help save the use of cash as a viable system include:

  • Putting infrastructure in place before cash usage declines beyond anyone’s control.
  • Appointing an independent body to oversee a guarantee that people won’t need to travel too far to get access to cash.
  • Calling for a regulator (as Which? has done) who has a statutory duty to protect access to cash and build a sustainable cash infrastructure for the UK.
  • Local shops offering cash-back to customers, rather than expecting customers to rely on a dwindling number of ATMs.
  • Small businesses being allowed to deposit cash in secure lockers or “smart” ATMs, rather than having to make regular trips to a bank branch.
  • Big changes being made to the infrastructure behind cash, overseen by the Bank of England, in order to lower the cost and maintain free access for consumers.
  • Introducing a law that requires businesses to accept cash.

What Does This Mean For Your Business?

This latest research supports the findings of other research which shows cash use to be in decline and being overtaken by debit card and contactless in most lower value daily transactions.  Cashless and particularly contactless can be very convenient, fast, and beneficial for customers, businesses and banks alike when it comes to purchases of £30 and under and hence it can favour supermarkets, shops, bars and other retail and convenience outlets.

This new research appears to be making the point that the cash system could become a non-viable system much more quickly than many of us may have thought, and that work needs to be done now in order to prop it up and prolong its life.  Poorer and more disadvantaged and challenged members of society, of which there are many, need to use cash and may simply not have a bank account and a card with contactless/cashless payments enabled, and therefore, may find themselves being discriminated against, and facing real practical difficulties if the cash system were to collapse. Some businesses and events that deal in cash may also find it challenging and costly to convert to a cashless situation.

Cashless transactions look likely to increase in the UK, and many retail businesses may soon find themselves seriously considering whether a switch to cashless could be workable and beneficial. The likely introduction of biometric ‘fingerprint’ bank cards which allow individual transactions of more than £30 may also make a wider range of businesses see cashless as a real possibility.

Fingerprint Bank Card

RBS is reportedly about to hold trials of a new, more secure biometric bank card where customers can use their fingerprint instead of a PIN to verify purchases.

April

The trial, which will involve some 200 RBS and NatWest UK-based customers, is due to begin in April this year and will and last for three months. Although this is the first time this kind of advanced card technology has been trialled in the UK, a similar trial has already taken place in Cyprus.

Partners

RBS is working on the biometric fingerprint-verified card project in partnership with digital security company Gemalto, Visa, and Mastercard.

Advantages

The advantages of a biometric card of this kind include improved security, speed and convenience for customers with no need to worry (as with contactless) about the £30 limit because the biometric card will be able to verify payments of larger amounts.

Already Used For RBS App

RBS already offer their customers a mobile banking app that uses fingerprint log-in on iPhone, iPad or Android.

Fingerprint Sensor On The Card

Gemalto, one of the partners in the new RBS project explains that the fingerprint card works by using a fingerprint sensor on the card body.  When paying, a customer places the card next to the POS terminal (as with contactless) and places their finger on this part of the card.  This securely authenticates their fingerprint and enables the transaction to go through without the need for a PIN.  Gemalto says that the user’s biometric data never leaves the card, so is kept secure.

Enrolment

In order to activate and start using such a card, customers would have to record their fingerprint with an enrolment procedure.  This is likely to be possible from home a self-enrolment sleeve shipped with the card with activation which is then completed at the first transaction at the POS, or by going to a go bank branch and using a secure enrolment tablet or kiosk.

Own Research

Gemalto’s own research has found that 54% of UK cardholders who have evaluated the information about the card would get one today if it were available from their bank, and 82% said it would become their preferred payment card.

Security Concerns

Although biometrics are preferred over password verification systems in terms of security, there is still concern about where a person’s biometric data is stored, and how securely that data is stored.  Also, biometric voice-activated systems have already shown themselves to be vulnerable.  For example, back in May 2017, a BBC Click reporter was able to fool HSBC’s biometric voice recognition system by passing his brother’s voice off as his own.

What Does This Mean For Your Business?

Biometric authentication and verification systems appear to be much more secure than password and PIN systems, which is why banks and credit companies are already adopting and using them.  The popularity of contactless cards with businesses and users is clear, and introducing a more secure authentication method e.g. fingerprint, is a way of getting customers to feel more comfortable with spending over £30 amounts with a quick, contactless system.  This could bring benefits to a wider range of businesses, and contactless has mainly favoured those retail businesses with typically lower value transactions.

Many people are already getting used to mobile apps that use biometric authentication, so a card that uses a similar idea is not a big step, plus the unique nature of fingerprints would make card fraud less likely, which should please the banks and users.

Other types of biometric systems e.g. voice activated systems have run into problems and some opposition (e.g. privacy groups) challenging the lawfulness of HMRC’s Voice ID system which has collected and stored more than 7 million “audio signatures”.

This new type of fingerprint card is still awaiting its trial in the UK, but the signs are that it looks like it could be an acceptable next step for bank customers who want to use a more secure contactless card system that works for everything.

Businesses Delayed Security Breach Disclosure

An FoI request to the Information Commissioner’s Office (ICO) has revealed cause for concern over whether businesses on the run up to the implementation of GDPR were preventing, detecting and responding to security threats and breaches in a good and compliant way.

Delay In Identifying and Reporting

An FoI request to the ICO by threat detection and response firm Redscan found that, in the year leading up to the implementation of GDPR on 25th of May, many UK businesses appeared to be routinely delaying data breach disclosure to the ICO.

The data revealed in the request indicated that companies took an average of 60 days to identify that they’d been a victim of a data breach and an average 3 weeks after discovery to report a breach to the ICO.  The worst offending business (in the data revealed) took a massive 44 months to identify a breach, and some organisations took an average of 142 days to report their breaches to ICO.

Financial and Legal Quicker at Identifying & Reporting Breaches

The FoI data did, however, show that financial and legal sector organisations were better at identifying and reporting breaches.  For example, financial services firms took 37 days to identify a breach and legal firms took 25 days.  These figures compare favourably to the general business category where companies took 138 days to identify breaches.

Also, when it came to reporting the breaches, financial services companies took an average of 16 days and legal firms an average of 20 days.  These figures, again, compare favourably to ‘general business’ category organisations which took 27 days on average to report breaches to the ICO.

Full Impact Not Reported

The requested data also showed that 9 out of 10 businesses did not fully specify the nature and impact of the breach to the ICO.

Dates Not Reported

The same figures showed that 21% of businesses did not report the breach incident date, and 25% did not report the breach discovery date to the ICO. It may be fair to assume that these figures could indicate that businesses may have either lacked awareness about the breaches or perhaps made a conscious decision to withhold important information due to fear of the consequences.

Most Hacks Happen At Weekends

The FoI data also showed that hackers tend to prefer attacking at the weekends as this is most likely to be the time when many Monday to Friday businesses are not monitoring for threats and essentially have their guard down, and attackers have two days to break into systems.  For example, the requested data showed that more than three-quarters of incidents happen on a Saturday.

What Does This Mean For Your Business?

This data relates to behaviour before the introduction of GDPR, but with GDPR now in place, and with the legal risks (big fines) and reputational stakes now escalated, businesses need to make sure that they can be compliant going forward.

Attacks are getting more diverse in nature, are occurring across a wider front, and are becoming more sophisticated.  Businesses must, therefore, make sure that they have the appropriate skills, technology, controls and procedures in place to identify a breach in the first place

Also, businesses now need to make sure that they report identified breaches in enough detail, and within 72 hours of becoming aware of the breach, where feasible.  These things are now vitally important as reporting requirements are much stricter under GDPR.

The fact that most businesses are hit by hackers at weekends indicates that businesses need to ensure that they have 24/7, 7-day-a-week controls, defences and procedures in place to be able to protect their systems and the data they hold.

Serious Windows 7 Bug Reported

Google has warned those who are still using Windows 7 that they are at risk of hackers being able to take over their computer by exploiting the combination of a flaw in the Window 7 OS and Google’s Chrome Browser.

Google Alert

The threat to Windows 7 comes from combined flaws in its OS, and a flaw in Google Chrome.  It was Google that announced the discovery of the zero-day vulnerability CVE-2019-5786 in Chrome.

A zero-day vulnerability is one that gives Google, for example, zero days to find a fix because it is already being exploited.  In this case, Clement Lecigne, a security researcher at Google, discovered the vulnerability which resides in the Chrome web browsing software and could impact upon all major operating systems, not just Windows 7, although Windows 7 is vulnerable because it’s a 10-year-old OS in its final year of official support from Microsoft.

Details of the exact nature of the flaw in Googles’ Chrome are not abundantly clear at this point, but it has been described as a use-after-free vulnerability in the FileReader component of the Chrome browser. The FileReader is a standard API that enables web applications to asynchronously read the contents of files stored on a computer.  This essentially means that the flaw in Google’s Chrome provides a way in for hackers who can use it to transfer attack code from Chrome into other applications to help them compromise a machine.

The Windows 7 Side

The flaw in Windows 7 is reported to be in the very core elements that are supposed to stop the data in one program interacting with anything outside that application.

Combined

The combination of these two flaws means that hackers could use Google’s Chrome Browser to take over a computer running Windows 7.

What Can You Do?

The advice from security commentators is (unsurprisingly) to upgrade to Windows 10.  The advice from Google is to make sure that Google Chrome is up to date. You can do this by clicking on the three stacked dots (top right) in Chrome, selecting ‘Help’ and ‘About Google Chrome’, which takes you to the settings page chrome://settings/help.  If it says that you’re running Version 72.0.3626.121 (Official Build) you have the updated version.  If not, you need to update Chrome to the latest version.

What Does This Mean For Your Business?

According to Mr Lecigne, the Google security researcher, there is only evidence of active exploitation against Windows 7 32-bit systems, but it is alarming that a security flaw exists in the core elements of the OS. Since the real risk comes from the combination of a flaw in both Chrome and Windows 7, updating Chrome, which only takes a matter of minutes should provide protection (for the time being) from this risk, although it’s not possible to know what other zero-day bugs are waiting to be discovered.

This story shows the importance of keeping software up to date and patched and is likely to put more pressure on those businesses still using Windows 7 to make the switch to Windows 10.  The fact is though that Windows 7 is still a popular operating system with 37% market share and switching to Windows 10 has cost and time implications in terms of identifying any issues in individual environments and project planning.  The 14th Jan 2020 end of official support date for Windows 7 and the discovery of this kind of OS flaw being made public may now mean that businesses that have been holding out may simply feel that it’s time to bite the bullet and start the shift to Windows 10.

Chatbot Supports Students

Lancaster University has announced that it has launched a chatbot “companion” for students which allows them to ask almost any question about their university experience, from student life, and welfare, to academic studies and more.

Ask L.U.

The chatbot service, called ‘Ask L.U.’, was built on Amazon Web Services (voice) and delivers a voice interface that interacts with users.

The chatbot companion was designed and built by Lancaster University’s Information Systems Services (ISS) and enhances the existing iLancaster mobile app with a range of student-focused voice services.

The chatbot project also includes special facilities for disabled students, developed in conjunction with the University’s Disability Service.

Asked Students

In order to make the chatbot as relevant as possible to students, the University’s developers surveyed Lancaster University students to gauge which questions they were most likely to ask. From this information, they were able to compile a list of more than 300 queries that could be divided into categories such as learning & teaching and campus activities & social.  All of these could then be put to Ask L.U.

Access

The chatbot can be accessed via the iLancaster App on mobile phones and tablets, or by asking “Alexa, Ask L.U.” on any Amazon Echo device.  Amazon Cognito is used to authenticate user data via the Echo providing a completely personalised experience.

Whole Suite of AWS Used

The Chatbot project uses the whole suite of AWS services, including AWS Cloudwatch, AWS Virtual Private Cloud and AWS ElasticSearch.  The natural speech is provided by Amazon Lex and Amazon Alexa.

Fast and Convenient

The chatbot companion is intended to enable students to get information in a fast, easy and convenient way, and delivering information via voice activation fits in well with the packed academic and social lives of students.

Chatbots

Chatbots are now used by many organisations, in conjunction with AI, to help deal with common enquiries, to save costs and resources, to free-up time for human staff to work on other aspects of the business, and to enable businesses to offer 24-hour customer service.

There has been criticism of bots where transparency is lacking and where they may possibly lead users to believe that they are talking to a human.  This is why the state of California passed laws to make AI bots ‘introduce themselves’ (i.e. identify themselves as bots).

What Does This Mean For Your Business?

Many of us are now used to encountering chatbots on websites and voice-activated digital assistants, and this innovative new chatbot from Lancaster University shows how these new technologies can be put together in a value-adding and easy to access way, and in a way that is compatible with its target market.  It may also enable the university to save time and money, and free up valuable resources, and offer 24/7 help to student users.

Bearing in mind that it has been made at a University, it is also a good way of showcasing the technology skills of the university, and the voice activation aspect means that it has been built with an eye on the future.

This kind of chatbot could also have applications in many other businesses, organisations, venues, events, and experiences, and could help improve and support services where there are large numbers of users whose experiences could be enhanced by being able to get on-the-spot spoken answers to popular questions.

Tech Tip – Save Your Passwords Securely on Mobile Devices

If you’d like to be able to save all your login credentials in a secure and safe manner on your mobile device, an app like the ‘LastPass’ password manager may prove very helpful.  It’s one of many such apps, but it’s been rated highly.

LastPass is a ‘freemium’ model password manager that stores encrypted passwords online.

– Download the LastPass Mobile App from Google Play or Apple’s App Store.

– Follow the app instructions.

– Log in with the same LastPass account to sync data between devices, or you can swipe into the LastPass app with your fingerprint for extra security.

There is a built-in random password generator so all your passwords can be different.

Your passwords can be stored and viewed in a secure vault and the app offers autofill, sharing of passwords securely, password auditing, and the ability to keep digital notes with the passwords for e.g. memberships, prescription etc.

See https://www.lastpass.com for details.

New 1TeraByte (Yes, TeraByte) MicroSD Cards Launched

Both Micron and Western Digital’s SanDisk brand have announced at the Mobile World Congress that they are launching the first 1TB microSD cards.

A First

Up until now, companies haven’t been able to produce anything above 128GB, so the jump to a 1TB capacity card is a big jump that could mean less reliance on the Cloud for storage, and better performance from smartphones and other devices.

Micron

Micron Technology, Inc., the US global corporation based in Idaho has announced the launch of the c200 1TB microSDXC UHS-I card, an innovative removable MicroSD Card that boats a terabyte of A2 grade storage with V30 certification.  This should mean that although it can seriously ramp-up the performance of a smartphone, it could suitable for any number of devices and gadgets.  The new card uses an (up to) 100MB/s read-write rate, which means that it can support and can store up to 40 hours of 4K HDR video, thousands of 40MP+ photos, and mobile.

Micron reports that the new card leverages 96-layer 3D quad-level cell (QLC) NAND technology, thereby providing cost-effective storage for consumer electronic devices.

The Micron website says that the new c200 1TB microSD card “gives consumers the freedom to capture, share, store and enjoy more content while supporting their mobile-centric lifestyles.”

When For Micron?

Micron can only say that the new MicroSD should be broadly available, sometime in Q2 2019.

SanDisk

Western Digital’s SanDisk Extreme “microSDXC™ UHS-I” MicroSD card is available in both 512GB and 1TB capacities, and can reach speeds up to 160mb/s with A2/V30.  It can be used in Android™ smartphones, action cameras and drones, and offers supports 4K UHD video recording, full HD video and high-resolution photos.

Also A2 rated, the card reads up to a reported 160MB/s, and writes up to 90MB/s, thereby providing fast app performance on smartphones.  Its fast read speeds should mean that users can save a lot of time e.g.when transferring high-resolution photos and video.

When For Sandisk?

Reports indicate that it will not be available until April, and as a guide, expect a price tag of $449.99 for the 1TB version, and $199.99 for the 512GB version.

What Does This Mean For Your Business?

The huge storage capacity and the speed of these new cards is, of course, good news in terms of versatility and flexibility, saving time, and requiring less reliance on moving and storing everything in the cloud. A card like this is, however, likely to set you back around £375 but you may decide that this is a price worth paying for the extra capacity, speed and convenience.

Although these two new cards are A2 standard, so are suitable for running applications, most microSD cards are slower in practice than stated in the tech spec, and most devices don’t try to run applications from SD cards.  Also, being removable cards, they can still be lost or stolen, and could, therefore, be a security/data security risk depending on what you have stored on them, not to mention the expense of having to buy another one. You may decide that a fast, standard microSD card is still good enough, and you’re prepared to still rely upon secure cloud storage for most things.

It is also worth remembering that a new, super-fast SD Express standard, part of the wider SD 7.1 strategy, could soon be introduced, and could deliver read speeds of up to 985MB/s (if there were products that lived up to the standard).

Nest Locking Customers Out Over Suspected Security Breach

Nest Labs, the US manufacturer of smart home products is reported to have been locking some customers out of their accounts over possible password breaches.

Nest

Nest Labs (founded by iPod inventor Tony Fadell and purchased by Google back in 2014) is a manufacturer of smart home gadgets, including thermostats, cameras, a video doorbell, a smoke and CO2 alarm, and the Nest Aware system where customers can monitor all activity at their home via an app.

What’s Happened?

Nest has recently been the subject of several hacks e.g. there have been reports of Nest cameras being hacked, such as the family in Northern California who reported their camera giving a message (from hackers) warning them of a fictional North Korean missile attack.  Also, more recently in the US, on Superbowl Sunday, a mother reported an unknown male hacker talking to her 5-year-old son through the Nest security camera in his bedroom.

Advice From Google

In the light of the increase in hacks, in the early part of February, Google emailed out a warning to the owners, urging them to secure their login credentials with measures such as two-factor identification and stronger passwords. In the email, Google said that there hadn’t been a breach, but that it was simply reminding users that breaches are possible and that there are measures they can take to help protect themselves and get the most out of Nest products.

Google says that the recent reports of hacks are based on customers continuing to use compromised passwords i.e. passwords that have been exposed through breaches on other websites, and probably shared and sold-on among the hacking fraternity.

Locked Out

The lock-outs of accounts that some customers are now experiencing appear to be strong reminders from what is essentially a security app to those who are known to still be using compromised passwords and who haven’t yet set-up 2-factor authentication, that now is the time to address these issues.

One added bit of motivation to do so could be the relatively high monthly fees for Nest products and services that customers will be paying for nothing if they don’t act now.

Other Troubles

Nest has also found itself in hot water recently after it was discovered that a “secret” microphone is incorporated in Google’s Nest Guard product that has not been listed in the product’s  tech spec.  This has led to a serious backlash, and calls from a Senator for action to be taken to help protect users from the privacy and security threat that some smart products can pose.

What Does This Mean For Your Business?

Even though these are security related products, their basic protection has been through the use of passwords.  Due to the number of hacks of other sites, and the fact that people often use the same password for multiple sites, and due to the bizarre and terrifying nature of some of the hacks of Nest speakers, it is not a surprise that the company is taking strong action to try and force users to set up a secure, new password, and the extra security layer of 2FA.

This story is a reminder that it is not a good idea to use the same passwords on multiple websites, as hackers now have software to enable them to quickly try the same password details in multiple websites (credential stuffing).

Although 2FA does add another relatively solid layer of security to online accounts, Google (Nest) has said that it is also considering new security measure to prevent this kind of hacking from happening with Nest’s products again.

Response To Freedom of Information Requests Concerning Brexit Involves ICO

Two government departments and a Kent-based Brexit planning group are reported to have given local councils advice on how to avoid releasing information about the no-deal Brexit plans, prompting UK. Gov and the ICO to intervene.

What Happened?

Kent Online reported that at the end of January, a leaked report showed that local councils were being given advice about how to handle Freedom of Information requests relating to the councils’ work and plans towards a no-deal Brexit, in a way that would not cause public harm.

It has been alleged that the threat of a no-deal Brexit situation has led to an increase in the amount of FIOA requests that councils receive about their plans for it, but that certain government departments and others may have sought to manage the amount of information making its way into the papers by issuing tips on how to keep emergency plans secret.

A blanket approach of this kind would go completely against FOIA laws.

Who?

According to Kent Online, the leaked report came from the Kent Resilience Forum, which is a group co-ordinating the strategy in the county for how it would deal with disruption in the event of a no-deal Brexit. Also, guidance issued by the Department for Exiting the EU DExEU was also cited in the report, as was guidance by the Cross-Border Delivery Group.

What Kind of Guidance?

The ‘guidance’ in question, mentioned in the leaked report, is alleged to include:

  • The DExEU suggesting that councils and other organisations should refuse FOIA requests in relation to their emergency planning and, in some circumstances, that they should not confirm whether they hold information.
  • Guidance from the DExEU leading to emergency services and councils being given a ready-made template for FOIA requests on Brexit plans.
  • Local Resilience Forums or individual partner organisations being told to argue that disclosure would not be in the public interest as it “would undermine the effective conduct of public affairs”.
  • Guidance that has led to the government tying ports to non-disclosure agreements, which prevent them from releasing any details about their discussions. Recommendations from the Cross-Border Delivery Group mean that while port authorities can share information with other organisations, these non-disclosure agreements are in effect for general disclosure to the public domain.

ICO Involved

The idea that FOIA requests could be treated in this way has prompted the involvement of the Information Commissioner’s Office. It has been reported that the ICO’s director of FoI, Gill Bull, has written to DExEU, the local government department, and the Kent Resilience Forum to express the ICO’s concern about the guidance.

The Council Says…

Kent Council has said that “We are keen to provide our partners with advice on how they can prepare for a worst-case EU Exit scenario”. The council has also said that it will soon be issuing an updated partner pack without the previous FOIA guidance.

The Government Says…

It has been reported that a government spokesperson has said that the original advice has now been revised, and new, updated guidance has now been issued.

What Does This Mean For Your Business?

Brexit is a complicated and divisive subject, but a Freedom of Information Request is an important legal right in the UK that allows for greater transparency in the way that companys and organisations operate, and each FOIA request should be considered individually.  It is worrying that advice should be given by government departments and other organisations, supposedly in the public interest, that appears to go against the Freedom of Information Act, by suggesting that some kind of blanket response, designed to withhold information should be applied. Businesses would not be able to behave this way without being held to account in a very damaging way, and it is understandable, therefore that the ICO has stepped in.

Potential £ 1 Million Court Bill Over £1 Uber Receipt

A millionaire barrister who raised crowdfunding money to fight ride-sharing company Uber in court over a £1.06 VAT receipt has lost attempts to limit his court costs liability and could face a £1 Million legal bill.

What Happened?

The initial reason given for tax lawyer Jolyon Maugham QC bringing the case against Uber was that he was not given a VAT receipt for £1.06 for his £6.34 taxi journey which he could have reclaimed from HMRC as a business expense and that Mr Maugham QC believed that Uber was undercharging VAT on its taxi services.

However, as commentators have noted there may be a wider angle to this story as the barrister accepted that the VAT receipt amount that he sought was trivial and that it may be more about establishing whether Uber as a company is subject to VAT.  If Uber is found to be subject to VAT, Mr Maugham QC’s action could trigger a £1bn VAT bill against Uber.

More Than Half Raised From The Black Cab Trade

Even though Mr Maugham QC managed to raise £107,650 to bring the case, one of the factors that appears to have influenced Mr Justice Trower’s rejection of Mr Maugham QC’s attempt to shield himself from the £1M legal bill and his attempt to appeal against the rejection is the proportion of money raised from the black cab trade to fight Uber. For example, the judge pointed out that “well in excess of 50%” of the crowdfunding money came from the black cab trade, and this included a donation of £20,000 from just one unidentified black cab source.

Income A Factor

Even though Mr Maugham QC wanted to limit his legal costs liability to £20,000 in the High Court case he brought against Uber, some commentators have noted that Mr Maugham QC’s alleged net annual income of £400,000, and his ownership of two properties may also have been a factor in the judge deciding not to stop Uber from recovering its estimated £1 million legal costs if it wins the main case.

The VAT Argument

This case was originally intended to focus on VAT, and one thing it has done is to shine a light on an argument about whether it is the individual Uber drivers who need to be VAT registered to give a VAT receipt, or whether Uber now has a large VAT liability.

What Does This Mean For Your Business?

The case was originally based on an assertion that Uber may be undercharging VAT on the taxi services it offers, and that HMRC may be treating big US multinationals such as Uber with kid gloves and an allegation that Uber could be thought by some to have a business model that’s designed to minimise its tax liability, and to minimise the workers’ rights that it has to offer to its drivers.

According Jolyon Maugham QC, in his statement via the Good Law Project, the decision to reject his attempt to limit his liability for legal costs could be seen as an example of how corporations can use the threat of costs liability to somehow dodge legal accountability, thereby making it difficult for other individuals or organisations to hold them to account.

Although Mr Maugham QC’s personal income and property assets may have had a bearing on the Judge’s decision not to grant him protection from an estimated £1 million legal bill if Uber wins, the outcome could also send a warning to businesses that taking on a big company/corporation in court could be make or break and could have serious financial implications.