Apply fraud detection software programs and processes
Summary
Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.
Why this countermeasure matters
A lack of fraud detection software programs may lead to:
- fraudsters feeling confident they will not be caught
- fraud or corrupt activity going unnoticed or unchallenged
- delays in investigations and responses
- unknown systemic fraud or corruption.
How to put this countermeasure in place
Some ways to implement this countermeasure include setting up fraud detection programs that:
- analyse system access logs to detect unauthorised access to internal systems or online accounts
- monitor for suspicious changes to client or provider bank accounts, such as common accounts being used
- monitor the use of compromised personal identity information
- analyse bulk data sets to identify suspicious patterns and anomalies.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasure by applying the following methods:
- Conduct pressure testing to determine if fraudulent activity would be detected.
- Consult subject matter experts and observe how the detection program operates.
- Review the extent of the detection program to determine if it would identify different methods of fraud.
- Confirm that the detection program settings are appropriate. Are the settings too broad, leading to many false positives? Or are they too narrow, leaving the potential for undetected fraud?
- Confirm that the detection program settings are not widely known, allowing someone to deliberately avoid detection.
- Confirm that the data/logs underlying the detection program are adequate and reliable.
- Confirm that detection program reports are actually produced and used, and the process is adequate.
- Confirm that detection program results go to an independent and appropriate reviewer.
- Review a sample of detected incidents.
- Review reports related to the detection program to discover how many potential incidents are reported and how often. Note: zero detected incidents is not evidence the detection program does not work.
- Review who has access to detection program reports.
- Confirm that someone cannot manipulate the detection program, including the data that underlies the program. Test the access and data protection controls if required.
- Check what other reporting occurs, such as if executives review detection program reports during committee meetings.
Related countermeasures
Make sure requests or claims use a specific form, process or system for consistency.
Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Put protections in place to prevent data from being manipulated or misused.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.
Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.
Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.