A quick guide to Cyber Essentials Plus

We have just successfully passed Cyber Essentials Plus, a test we undergo every year because we value highly the security of our IT systems. We also know it gives our corporate and individual customers piece of mind when searching for information on our websites or using our T2A API methods.

So here’s a bit more information about what the accreditation is, how it’s done, and some reasons to do it in your organisation…

What is Cyber Essentials Plus?

Cyber Essentials is a scheme, backed by the UK government, that helps you protect your organisation against a range of common cyber attacks. There are two types of certification:

  • Cyber Essentials
  • Cyber Essentials Plus

Cyber Essentials is the cheaper option at £300+VAT. This is a self-assessment where you answer of series of questions relating to your IT infrastructure. For those organisations that don’t have anyone with a technical IT background and may find some of the questions difficult to answer, there is help available from one of the Certification Bodies who are trained and licensed for the Cyber Essentials scheme.

Cyber Essentials Plus involves a hands-on technical verification that your IT systems meet the required standard to repel common cyber attacks. As these hands-on tests of your network and computers are done by experts from one of the Certification Bodies, having the Cyber Essentials Plus certification displayed to customers gives more assurance that you are complying with the scheme than the basic self-assessment option above.

This was the reason we felt it better to go for the “Plus” option even though it is more expensive. The price varies depending on the size and structure of your organisation and you can get a quote on the Government’s Cyber Essentials partner IASME website here: Cyber Essentials Plus Get a Quote – Iasme

In these times of the Covid-19 pandemic we expected that we would have to look at safe distancing measures etc. when someone from our chosen certification body came to visit our office. Instead they sent us an impressive looking case of technical equipment for us to plug in. They were then able to do all their necessary checks remotely, but just as good as if they has been in our office in person.

Reasons you should get Cyber Essentials certified

As we’ve already mentioned, at T2A we thought it was well worth going for Cyber Essentials Plus. But if you can’t afford that it’s still worth doing the basic Cyber Essentials certification. There are good reasons for doing either option:

  • It prompts a review of your IT security and procedures.
  • Gives customers piece of mind that you take cyber security seriously and are taking positive steps to block all common cyber attacks.
  • Customers know that you have taken extra steps to protect their personal details and passwords.
  • Certification of the scheme, especially the Cyber Essentials Plus option, gives you an extra positive selling point to new potential customers.
  • If you tender for public sector work, some government contracts will only deal with companies that have Cyber Essentials certification.

More information

There is a good FAQs section on the National Cyber Security Centre’s (NCSC) website: Frequently Asked Questions – NCSC.GOV.UK

Here is an overview of the scheme on the NCSC website: About Cyber Essentials – NCSC.GOV.UK

How companies can beat scalping and win over customers

What is Scalping?

You might be familiar with the gruesome act of removing an enemy’s hair (and scalp!) featured in many Hollywood westerns. However, there’s another meaning of scalping which is used increasingly in business.

A definition of scalping, in a business sense, from the Cambridge English dictionary:

The activity of buying things, such as theatre tickets, at the usual price and then selling them when they are difficult to get at higher prices.

Scalping is most prevalent online. The coronavirus pandemic has benefited online scalpers by creating the perfect storm of:

  • A huge consumer shift towards online purchasing.
  •  Delays in product delivery due to problems with global supply chains.
  • Other purchasing channels, such as high street retail, being closed during lockdowns.

What’s the problem?

The Scalpers say that buying up desirable items for sale on the internet, like the new PlayStation 5 console, and selling them for a handsome markup is just good business. They claim they are only being entrepreneurial and it’s not illegal to do it.

Indeed it is not illegal, but it’s certainly regarded as pretty unethical and angers many consumers who can’t get items they really want, like the PS5.

Scalpers often use bots to trawl the internet to find websites selling these desirable in-demand items. This practice adds to the view that this is unethical, with ordinary customers standing little chance of finding items in stock on a website against such mass volume automated techniques.

Many people have written to their MPs complaining about the practice and a debate on scalping was raised in parliament specifically about the unfairness on consumers of scalping in the computer consoles market.

Very few retailers have protection in place against scalping

In the gaming market, most retailers recognise the problem of scalping.

Our very quick mystery shopping exercise found that the current ‘hard to get’ PS5 cannot easily be bought on the internet at it’s RRP of £449.99 because stocks on retailer websites are all sold out.

However, you can get one if you’re prepared to pay the inflated cost of the scalpers on reseller websites like Ebay, some adding on hundreds of pounds. The cheapest PS5 we found on Ebay was £535.00, going up to £999.99.

Currys PC World seem to be one of the few online retailers trying to offer a fairer system. You can enter their PS5 VIP pass draw and if you’re one of the lucky winners you get a code to purchase a PS5 when they secure more stock.

Companies have a choice to retain their brand reputation and win over customers

The use of automated bots has only been made illegal for buying tickets for concerts and gigs.

For all other items currently in high demand scalpers can continue to use bots and buy up stock from websites that aren’t doing anything about it. There are many items that attract scalpers, here are just a few examples:

  • Game consoles
  • New technology and computer equipment
  • Hot tubs
  • Gym equipment
  • Special edition records
  • Limited edition trainers and clothing

Companies risk losing their brand reputation and customer loyalty when customers go to their website and cannot get what they want as it’s out of stock, scalpers with their automated bots having got there first and purchased the items in bulk.

Customers are less likely to return to a website in future when looking for other items if they have been unable to get their in-demand item before because the company has allowed scalpers to buy up much of the stock.

In fact, because it’s becoming such an issue, there’s an opportunity for companies to get ahead of their competitors by introducing anti-scalping operating procedures onto their website. This will create a fair and level playing field for consumers, plus a real positive PR story for their brand which in turn can increase customer loyalty and sales.

The Anti-Scalping solution for companies to keep their customers happy

Companies can use Person Identity Verification on their website to ensure an order is from a genuine name at the delivery address given. Person Verification matches the order details against the full Electoral Roll dataset. Steps for companies are:

  1. Restrict a product liable to scalping to 1 order per person.
  2.  Check the name and address typed in hasn’t already been used to buy it.
  3. Someone scalping would need to invent false names at their address, or other addresses they are using. Running this through Person Identity Verification would then tell the company that the name and address doesn’t exist and so refuse the purchase.

This data-based method of verification is easier and cheaper to implement for the company, and much less hassle for the customer, than having to find photo ID and upload to the website.

Our API for websites can integrate our Person Verification method easily into your website. We also offer Person Identity Verification on our public website ukphonebook.com.

Contact Us or visit our website for more information.

Selling age-restricted products to under 18’s is illegal – how to comply as an online retailer?

Companies will be aware that selling certain products such as alcohol, tobacco and fireworks to anyone under 18 years of age is illegal. However, companies may not be so aware of the positive steps they are required to take under UK Government guidelines to check the age of customers buying these products.

Proof of age can easily be done in a shop by judging whether the customer looks old enough, or asking for photo id if the shopkeeper is unsure. It is much more tricky for online retailers to be certain a customer is over 18, yet the same responsibility applies to a website owner as it does to a shop owner.

In this article we explain what an online retailer’s responsibilities are and how to comply with Trading Standards guidelines.

Duty of online retailers

It is the responsibility of online retailers not to sell age-restricted products to customers under the minimum legal age.

That is no surprise, but importantly it is also the duty of online retailers to use effective systems capable of verifying the age of potential purchasers to ensure they are old enough to buy a product.

The list of age-restricted products in the UK includes:

  • Alcohol
  • Tobacco and vaping products
  • Fireworks
  • Spray paints and hazardous chemicals
  • Cooking and camping knives
  • Certificate 18 films and games
  • Pharmaceuticals and medicines

What age checks are not likely to be viewed as taking ‘due diligence’ ?

What we mean by ‘due diligence’ here is all reasonable checks made by an online retailer to verify the customers age before selling them age-restricted products.

According to the Business Companion website (who describe themselves as “Trading Standards law explained”) the following checks are unlikely to satisfy ‘due diligence’ , and thus not be a reasonable defence if an online retailer appeared in court for selling to an under age person.

Not sufficient to satisfy ‘due diligence’:

  • Using tick boxes to ask purchasers to confirm they are over 18.
  • Asking the purchaser to give a date of birth.
  • Relying on the purchaser confirming that they are over 18.
  • Using a general disclaimer on your website – e.g. “anyone ordering this product will be deemed to be at least 18”.
  • An ‘accept’ tick box that the purchaser has read the website terms and conditions where it states they must be over 18.
  • Only taking credit card payment. Credit cards are not available to under 18s but some debit cards and pre-paid cards are.

Age verification methods that are likely to show compliance

Age verification checks are much more likely to display an online retailer’s compliance with ‘due diligence’ and their responsibilities when selling age-restricted products. Examples of these age verification methods are:

  • Age Verification of a purchaser by matching name and address details against a frequently updated dataset comprised of the Electoral Role and other UK data sources. See more details on T2A’s pay-as-you-go Age Verification method.
  • Obtaining proof of age at the door when delivering the product. However, third party delivery companies may not want to take responsibility for this on your behalf.
  • Follow up checks after the product has been ordered, for example if proof of age could not be done at the time of purchase. This can create time consuming admin for website owners and can be a problem if purchases slip through the net and forget to be checked.
  • If a website has stores as well, click and collect can be offered and age checks can be done face-to-face when the customer comes in to collect the product. This option is not likely to be viable for the majority of websites, just big brands with stores nationwide.


Considering the options above, the first option of verifying a purchaser’s age against third party data, seems to be the best for the vast majority of websites that sell age-restricted products. The reasons are:

  • First and foremost the online retailer is doing the most they can by checking age at the point of purchase. This represents a good level of ‘due diligence’ should the retailer be accused of selling age-restricted products to someone under age.
  • Matching against data sources like the Electoral Role before the purchase is confirmed make it a reliable way to verify the purchaser’s age without the admin that results from making manual age checks.
  • The online retailer does not have to rely on courier companies making an age check for them on delivery. A driver may forget to ask if they are busy with many deliveries, or the purchaser may not be at home which creates logistical issues when the product cannot be left at the door.

For more information on T2A’s Age Verification method for online retailers, please click here.

This is also available as an Age Verification plugin for websites built using WordPress and WooCommerce.

How to use bulk options for Person Verification and Age Verification.

Our API offers the option, on both Person Verification and Age Verification, of a bulk method so you can check a file of multiple names and addresses in one go.

This is ideal for companies that want to check their customer database to verify that they hold the correct and genuine name/address details in the case of Person Verification, or that customers are 18 years old or over if running the file against our Age Verification.

Person Verification

To check that a person applying for your product, or that has registered an account with you, is who they say they are is invaluable as a way to prevent fraud and money laundering within your business. Our Person Verification method does just that by checking against our vast dataset of over 48+ million UK people.

‘Knowing Your Customer’ (or KYC as it’s commonly abbreviated to) by using our Person Verification facility is vital in many business sectors including:

  • Banks and Building Societies
  • Lending companies
  • Insurance companies & brokers
  • Rail industry (for ticket inspectors issuing fines)
  • Legal practices and solicitors

Read more on the bulk tab of our T2A Person Verification page.

Age Verification

Under UK law any business selling age-restricted products or services must check that the customer is old enough to purchase them. Trading Standards guidance from the Government states that a customer ticking a box on a website to say they are 18 or over is not sufficient to verify their age.

Our Age Verification method checks a UK person’s age against actual date of birth data within our comprehensive set of data sources including the Full Electoral Roll.

There is a need for reliable age verification amongst a wide range of industries that sell age restricted products including:

  • E-Commerce retailers of alcohol, tobacco or DVDs
  • Pharmaceutical companies selling their products online
  • Retailers of kitchen knives and other items that can be classed as “offensive weapons”
  • websites selling potentially harmful cleaning products and other dangerous chemicals.

Read our Age Verification page on T2A to see how we check age against actual data. Click the bulk tab for information on the bulk age verification method.

How our bulk Person Verification and Age Verification services work

Step 1 – download the names and addresses from your database that you want to verify into a csv file.

Step 2 – make sure your file has these fields included as a minimum:

  • First name
  • Surname
  • Address line 1
  • Postcode

Step 3 – upload your file to T2A

Step 4 – T2A matches your information against our vast dataset which is updated daily to provide the most accurate, up to date results.

Step 5 – your csv results file will contain the original data plus an extra column to give one of the following results next to each person:

For Person Verification…


For Age verification…


Try our verification services for free

There is a free demo for each of our verification methods:

Go to the demo tab on this page to try Person Verification.

Go to the demo tab on this page for Age Verification.

So if you want to ensure your customer database contains genuine verified UK individuals, and that they are old enough to buy your age restricted products in the future, why not get in touch.

How one customer has harnessed the power of our API

The T2A API is powering lots of companies’ websites, apps and internal systems to help them deliver new efficient processes in their business. They depend on our UK data sources, the most accurate and up to date available, to deliver instant reliable results for their staff’s people, address and company information searches.

Our customers are wide and varied, from delivery companies to fraud prevention specialists, E-Commerce websites to estate agents, telemarketing agencies to building societies.

Here is a case study about one of our customers to give you a flavour of how we help companies, working with them as their data partner…

T2A Customer Focus – Raspberry Software Systems Ltd

Raspberry Software Systems, providers of software solutions to the UK rail industry since 2004, have been working with us for 10 years and have increased their usage of our T2A data during that time.

Through Raspberry Software’s Ticket Inspection and Prosecution System (TIPS) their rail clients have been able to replace paper based systems, and arduous record checking over the phone by Revenue Protection Officers on the train, with instant passenger identification through the app on an Officer’s tablet or smart phone.

At the heart of the TIPS system is the T2A data upon which it replies, delivered by API methods that we worked on in partnership with Raspberry Software to help them deliver the unique tailored system they wanted to develop.

The feedback that Raspberry Software has had from their clients has been excellent. Rail companies using TIPS have reported a much greater number of Penalty Fare Notices issued and a marked increase in those settled.

Working with T2A has been a very rewarding process for us. Their agile and flexible approach to delivering quick solutions to the data requirements we had for our system has been very refreshing. Add to that the fact that through their API we have access to good quality data at very good value prices, this relationship has been a win for us and a win for our clients.

Peter Jarvis | Director
Raspberry Software Systems Ltd

In the case study example above, Raspberry Software are using our API methods relating to finding who lives at a UK address, accessing the Electoral Roll and our other data sources.

We have a host of other methods too within our API to help you with whatever people, address and company data searching you need to perform within your system. Here is our full method list to show what the T2A API can do.

Some of our most popular applications of the API are:

…and much more. See all our API services

Try before you buy!

One of the best things about our API is that you can sign up for an account and start testing it out straight away without any financial commitment. There are free demos (using limited access to live data) and example scripts to get an idea of how accessing the API could work for you with HTML, CSS and JavaScript.

So if you have an app, website or internal system (or you’re looking to develop one) and need an API to return results using comprehensive up to date UK data sources…let’s talk!

Quick links:

Sign up to try out how our API can work for your system, on a trial basis with no commitment!

Contact Us – we’d love to hear from you!

Find out more – a summary of what you can do with the T2A API

How to recover file contents after Notepad++ crash

Notepad++ is generally a pleasure to use but it does very occasionally crash and empty whatever file you happened to be editing at the time too… Here’s where you can find a backup version to recover your file if this ever happens to you too:


Note: At the time of writing I’m running Notepad++ v6.7.8.2 on Windows 7 Professional, but you’ve not got anything to lose by trying this for other versions of Notepad++/Windows.

Thanks to Indrajit on Stack Overflow for posting the solution originally!

Form validation made super easy with jQuery

We spend a lot of time coding both client and server-side form valdilation.

This is the routine I now always use for client-side validation, which has been refined over the years to become what I’d consider to be some pretty tight code, whilst providing good quality feedback to the user to help them complete forms quickly and with minimal confusion.

Hopefully you can learn a trick or two that you can use yourself, by looking at the code…

function errorBefore(error, $insertBefore) {
  $('<p class="error">' + error + '</p>').insertBefore($insertBefore);

$(function () {

  $("#my-form").submit(function (e) {

    // remove any errors from previous form submission
    $('.error', $(this)).remove();

    // get jQuery reference to form fields
    var $name = $('#name');
    var $email = $('#email');

    // validate name input
    if (!$name.val()) {
      errorBefore('Please enter your name.', $name);

    // validate email input
    if (!$email.val()) {
      errorBefore('Please enter your email.', $email);

    // check for errors
    if ($('.error', $(this)).length) {

      // find first error and focus on form field it relates to
      $('.error', $(this)).first().next('input, select, textarea').focus();

      // stop form submission



SQL, NULL and the 42nd President

Virtually anyone who has written a SQL query will have encountered NULL column items. All of the text books repeat the same sermon:-

NULL is not equal to anything, not even itself.

..which of course means that if a field is not set (i.e. is NULL) it will be ignored by a query such as:-

select name,'good' from player where score >= 60
select name,'poor' from player where score < 60 ;

At first glance the above query would appear to return all players, poor and good. If however a player’s score value is not set, the query will not return that player. If the query is modified thus:-

select name,'good' from player where score >= 60
select name,'poor' from player where score < 60
select name,'unknown' from player where score is NULL

..all players are returned. Note the use of IS NULL to ensure that rows with an undefined score are returned.

Name Rating
Jason good
Phineas poor
Medea unknown

However it is also in a sense correct to say:-

NULL is not not equal to anything


Consider the following simple table, holding the name, year of coming to office, and current status of the President of the United Status (or POTUS):-

`name` varchar(255),
`year` SMALLINT,
`status` varchar(20),

We then populate the table with the holders of that particular job over the past century:-

insert into potus (name,year,status) VALUES
('Barack Obama', 2009,'current');

insert into potus (name,year,status) VALUES
('George W Bush', 2001,'former');

insert into potus (name,year) VALUES
('Bill Clinton', 1993);

insert into potus (name,year,status) VALUES
('George H Bush', 1989,'former');

insert into potus (name,year,status) VALUES
('Ronald Reagan', 1981,'deceased');

insert into potus (name,year,status) VALUES
('Jimmy Carter', 1977,'former');

insert into potus (name,year,status) VALUES
('Gerald Ford', 1974,'deceased');

insert into potus (name,year,status) VALUES
('Richard Nixon', 1969,'deceased');

insert into potus (name,year,status) VALUES
('Lyndon Johnson', 1963,'deceased');

insert into potus (name,year,status) VALUES
('John Kennedy', 1961,'deceased');

insert into potus (name,year,status) VALUES
('Dwight Eisenhower', 1953,'deceased');

insert into potus (name,year,status) VALUES
('Harry S Truman', 1945,'deceased');

insert into potus (name,year,status) VALUES
('Franklin Roosevelt',1933,'deceased');

insert into potus (name,year,status) VALUES
('Herbert Hoover', 1929,'deceased');

insert into potus (name,year,status) VALUES
('Calvin Coolidge', 1923,'deceased');

insert into potus (name,year,status) VALUES
('Warren Harding', 1921,'deceased');

insert into potus (name,year,status) VALUES
('Woodrow Wilson', 1913,'deceased');

Keen observers will note that an error was made when inserting the 42nd President, a Mr Clinton; his current status was not inserted into the table, and is thus NULL.

The following query thus, as you would expect, fails to return Mr Clinton, given that his status is not equal to ‘current’ or ‘former’:-

select name from potus where status IN ('current','former');

However you may think that this query, to return all presidents who are not deceased, would return Mr Clinton:-

select name, year from potus
where status !='deceased'
order by year desc

… but it does not. Mr Clinton’s status is NULL, and so it is not not equal to ‘deceased’.
NULL will not work with any regular comparitor (equals, not equals, less than etc).

The query produces:-

Name Year
Barack Obama 2009
George W Bush 2001
George H Bush 1989
Jimmy Carter 1977

The following query returns any live presidents, plus any whose health is undefined:-

select name,year from potus where
(status !='deceased' or status is NULL)
order by year desc

Name Year
Barack Obama 2009
George W Bush 2001
Bill Clinton 1993
George H Bush 1989
Jimmy Carter 1977