Skip to main content

Apply fraud detection software programs and processes

Type of countermeasure

This is a detection countermeasure. Detection countermeasures can help to identify when fraud has occurred. They can help disrupt additional fraud and reduce the consequences.


Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.

Why this countermeasure matters

A lack of fraud detection software programs may lead to:

  • fraudsters feeling confident they will not be caught
  • fraud or corrupt activity going unnoticed or unchallenged
  • delays in investigations and responses
  • unknown systemic fraud or corruption.

How to put this countermeasure in place

Some ways to implement this countermeasure include setting up fraud detection programs that:

  • analyse system access logs to detect unauthorised access to internal systems or online accounts
  • monitor for suspicious changes to client or provider bank accounts, such as common accounts being used
  • monitor the use of compromised personal identity information
  • analyse bulk data sets to identify suspicious patterns and anomalies.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasure by applying the following methods:

  • Conduct pressure testing to determine if fraudulent activity would be detected.
  • Consult subject matter experts and observe how the detection program operates.
  • Review the extent of the detection program to determine if it would identify different methods of fraud.
  • Confirm that the detection program settings are appropriate. Are the settings too broad, leading to many false positives? Or are they too narrow, leaving the potential for undetected fraud?
  • Confirm that the detection program settings are not widely known, allowing someone to deliberately avoid detection.
  • Confirm that the data/logs underlying the detection program are adequate and reliable.
  • Confirm that detection program reports are actually produced and used, and the process is adequate.
  • Confirm that detection program results go to an independent and appropriate reviewer.
  • Review a sample of detected incidents.
  • Review reports related to the detection program to discover how many potential incidents are reported and how often. Note: zero detected incidents is not evidence the detection program does not work.
  • Review who has access to detection program reports.
  • Confirm that someone cannot manipulate the detection program, including the data that underlies the program. Test the access and data protection controls if required.
  • Check what other reporting occurs, such as if executives review detection program reports during committee meetings.

Related countermeasures

Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.

Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Related Fraudster Personas

Was this page helpful?