Skip to main content

Match data

Type of countermeasure

This is a prevention countermeasure. Prevention countermeasures are the most common and cost-effective way to stop fraud. They prevent or limit the size of the fraud risk by reducing the likelihood and consequences of fraud.

decorative  prevention countermeasures


Match data with the authoritative source and verify relevant details or supporting evidence.

Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential.

This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Why this countermeasure matters

Not matching data with similar data points may lead to:

  • an inability to obtain or verify information
  • false information being used to support a request or claim
  • changes or information not being disclosed that would affect entitlements
  • changes in circumstances being missed.

Data matching can also help identify trend and patterns, which can help improve intelligence and targeting capabilities as well case claims processing.

How you might apply this countermeasure

Some ways to implement this countermeasure include:

  • automatically comparing claim or recipient data by comparing new data with a corresponding data file
  • automatically populating claim data by using a data link
  • matching program participants by sharing data files between entities
  • automatically matching employment details with Tax File Number declarations held by the Australian Taxation Office
  • automatically verifying recipient income through Single Touch Payroll
  • a plagiarism check using a specified process and/or tool.

How to check if your countermeasures are effective

Here are some ways to measure the effectiveness of this type of countermeasure:

  • consult subject matter experts about the data matching process
  • review controls and policies to see if they conform to national guidelines and frameworks
  • review reports to determine the accuracy of the data match, such as the percentage of successful matches
  • evaluate the reliability of the data match, such as checking whether the data is consistent and trustworthy
  • evaluate the usefulness of the data match for preventing fraud
  • review relevancy of data categories being matched
  • review any data quality issues and find out if these affect the usefulness of the data match for preventing fraud
  • review a sample of completed requests/claims to confirm the data matching is working correctly
  • review the original source of the data and see if it’s an impartial, reliable or trustworthy source
  • review system specifications to confirm the data match is working as designed
  • undertake testing or a process walk-through to confirm that data matching occurs and is used to support decision-making
  • confirm data matching is always on/available
  • confirm that someone cannot bypass data matching even when subject to pressure or coercion.

Related countermeasures

This type of countermeasure is supported by:

Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.

Legislation and policy can help prevent, detect and respond to fraud, such as by outlining clear rules, regulations and criteria, allowing entities to collect, use and disclose information and allowing entities to enforce penalties and recover fraud losses.

Develop clear instructions and guidance for activities and processes, such as instructions for collecting the right information to verify eligibility or entitlements, procedures to help staff apply consistent and correct processes and guidance to help staff make correct and ethical decisions.

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Create and use unique and random identifiers to avoid misuse, such as: unique and random account numbers, claim references or asset numbers.

Create lists to quickly compare information to automate or require further actions.

Whole-of-Government policies require us to have a high level of confidence in data when providing government services and payments. Create policies, rules, processes and systems to collect accurate and relevant data to help: • process claims • make decisions • check and verify data • analyse data to detect fraud • investigate potential fraud • define new indicators of fraud.

Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.

Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.

Escalate non-standard requests or claims for further review or scrutiny. Non-standard requests or claims might include those that are late, do not meet normal conditions, include evidence that is difficult to verify (such as from overseas) or are for amounts that are higher than normal.

Have processes in place to prevent, identify and correct duplicate records, identities, requests or claims.

Make sure sensitive or official information cannot leave your entity's network without authority or detection. The Protective Security Policy Framework articulates mandatory information security requirements to maintain the confidentiality, integrity and availability of all official information.  Personal and government information is highly sought after by fraudsters and organised criminals. The way data is collected and stored can also change the scale of a potential breach.

Conduct system testing to identify vulnerabilities prior to release. Untested systems can allow vulnerabilities to be released when the system goes live.

Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.

Related Fraudster Personas

Was this page helpful?