Apply fraud detection software programs and processes
Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.
Why this countermeasure matters
A lack of fraud detection software programs may lead to:
- fraudsters feeling confident they will not be caught
- fraud or corrupt activity going unnoticed or unchallenged
- delays in investigations and responses
- unknown systemic fraud or corruption.
How to put this countermeasure in place
Some ways to implement this countermeasure include setting up fraud detection programs that:
- analyse system access logs to detect unauthorised access to internal systems or online accounts
- monitor for suspicious changes to client or provider bank accounts, such as common accounts being used
- monitor the use of compromised personal identity information
- analyse bulk data sets to identify suspicious patterns and anomalies.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by applying the following methods:
- Conduct pressure testing to determine if fraudulent activity would be detected.
- Consult subject matter experts and observe how the detection program operates.
- Review the extent of the detection program to determine if it would identify different methods of fraud.
- Confirm that the detection program settings are appropriate. Are the settings too broad, leading to many false positives? Or are they too narrow, leaving the potential for undetected fraud?
- Confirm that the detection program settings are not widely known, allowing someone to deliberately avoid detection.
- Confirm that the data/logs underlying the detection program are adequate and reliable.
- Confirm that detection program reports are actually produced and used, and the process is adequate.
- Confirm that detection program results go to an independent and appropriate reviewer.
- Review a sample of detected incidents.
- Review reports related to the detection program to discover how many potential incidents are reported and how often. Note: zero detected incidents is not evidence the detection program does not work.
- Review who has access to detection program reports.
- Confirm that someone cannot manipulate the detection program, including the data that underlies the program. Test the access and data protection controls if required.
- Check what other reporting occurs, such as if executives review detection program reports during committee meetings.