Automatically notify clients or staff about high-risk events or transactions, such as:
- access to online accounts
- submission of claims or requests
- changes to contact details
- changes to bank accounts
- outcomes of claims or requests.
This can alert them to potential fraud and avoid delays in investigating and responding to fraud.
Why this countermeasure matters
Allowing high-risk events or transactions to occur without automatically notifying clients or staff may cause:
- fraudulent activity to go unnoticed
- delays in investigations and responses
- additional opportunities for fraud.
How you might apply this countermeasure
Some ways to implement this countermeasure include setting up system generated notifications of high-risk events or transactions, such as when:
- online accounts are accessed
- claims or requests are submitted
- contact details are changed
- bank accounts are changed
- system accesses are updated
- payments are made
- claims or requests are processed.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- analyse data related to automatic notifications and compare it to events or transactions
- evaluate the method and destination of notifications to determine if they are sent to the best person using the best method
- confirm that notifications cannot be modified, stopped, redirected or prevented from arriving and test controls if required
- consider the timeliness of notifications, such as when they are sent or when they would be received and if this would provide sufficient time to respond to potential fraud
- review the notification to determine if messages are clear and relevant to the receiver
- test high-risk activities and transactions to confirm that notifications are sent.