Collect accurate and relevant data
Whole-of-Government policies require us to have a high level of confidence in data when providing government services and payments. Create policies, rules, processes and systems to collect accurate and relevant data to help:
- process claims
- make decisions
- check and verify data
- analyse data to detect fraud
- investigate potential fraud
- define new indicators of fraud.
Why this countermeasure matters
Services provided to someone without accurate and relevant data being collected can lead to fraudsters:
- impersonating clients or third parties to receive fraudulent payments or gain access to information
- providing false or misleading information to support a request or claim
- using stolen identity documents to support a request or claim
- obtaining benefits or services they are not entitled too
- benefiting from incorrect decisions or payments.
Collecting accurate and relevant data can also assist in preventing and detecting fraud through data matching, especially through entities having complete sets of data and aligned data categories.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- Putting systems in place to independently check and verify the accuracy of data.
- Having clear and relevant categories of data to be collected that can be verified with relevant stakeholders.
- Having clear, simple and secure processes for clients and stakeholders to update their data.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- Review data collection controls and policies to see if they conform to national guidelines and frameworks.
- Review the information threshold for collecting data by asking what level of information is publicly available, for example, what can be found on social media?
- Confirm the existence of reference and guidance material.
- Confirm processes are consistently applied both within channels and across channels.
- Review a sample of completed transactions to confirm correct processes were undertaken.
- Ask staff about the collection of data to make sure they have a consistent and correct understanding.
- Undertake active testing or a process walk-through to confirm there is no way around processes.
- Identify how the requirement to collect accurate and relevant data is communicated to staff.
- Identify whether lack of accurate or relevant data hinders claims or data matching.
- Review identified cases of fraud involving the exploitation of inaccurate data or not having relevant data.
Adequately resourced prevention and compliance areas enable entities to perform effective countermeasures.
Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.
Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.
Make sure forms or system controls require mandatory information to support claims or requests.
Verify any requests or claim information you receive with an independent and credible source.
Match data with the authoritative source and verify relevant details or supporting evidence. Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.