Skip to main content

Fraud detection software

Type of countermeasure

This is a detection countermeasure. Detection countermeasures can help to identify when fraud has occurred. They can help disrupt additional fraud and reduce the consequences.


Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.

Why this countermeasure matters

A lack of fraud detection software programs may lead to:

  • fraudsters feeling confident they will not be caught
  • fraud or corrupt activity going unnoticed or unchallenged
  • delays in investigations and responses
  • unknown systemic fraud or corruption.

How you might apply this countermeasure

Some ways to implement this countermeasure include setting up fraud detection programs that:

  • analyse system access logs to detect unauthorised access to internal systems or online accounts
  • monitor for suspicious changes to client or provider bank accounts, such as common accounts being used
  • monitor the use of compromised personal identity information
  • analyse bulk data sets to identify suspicious patterns and anomalies
  • automatically review system access logs to detect unauthorised access
  • monitor for suspicious changes to provider bank accounts, including matching the user/recipient to the bank account
  • analyse claiming data to identify suspicious patterns and anomalies.

How to check if your countermeasures are effective

Here are some ways to measure the effectiveness of this type of countermeasure:

  • conduct pressure testing to determine if fraudulent activity would be detected
  • consult subject matter experts and observe how the detection program operates
  • review the extent of the detection program to determine if it would identify different methods of fraud
  • confirm that the detection program settings are appropriate. Are the settings too broad, leading to many false positives? Or are they too narrow, leaving the potential for undetected fraud?
  • confirm that the detection program settings are not widely known, allowing someone to deliberately avoid detection
  • confirm that the data/logs underlying the detection program are adequate and reliable
  • confirm that detection program reports are actually produced and used, and the process is adequate
  • confirm that detection program results go to an independent and appropriate reviewer
  • review a sample of detected incidents
  • review reports related to the detection program to discover how many potential incidents are reported and how often. Note: zero detected incidents is not evidence the detection program does not work
  • review who has access to detection program reports
  • confirm that someone cannot manipulate the detection program, including the data that underlies the program. Test the access and data protection controls if required
  • check what other reporting occurs, such as if executives review detection program reports during committee meetings.

Related countermeasures

Whole-of-Government policies require us to have a high level of confidence in data when providing government services and payments. Create policies, rules, processes and systems to collect accurate and relevant data to help: • process claims • make decisions • check and verify data • analyse data to detect fraud • investigate potential fraud • define new indicators of fraud.

Create lists to quickly compare information to automate or require further actions.

Match data with the authoritative source and verify relevant details or supporting evidence. Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Make sure sensitive or official information cannot leave your entity's network without authority or detection. The Protective Security Policy Framework articulates mandatory information security requirements to maintain the confidentiality, integrity and availability of all official information.  Personal and government information is highly sought after by fraudsters and organised criminals. The way data is collected and stored can also change the scale of a potential breach.

Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Related Fraudster Personas

Was this page helpful?