Require mandatory information
Make sure forms or system controls require mandatory information to support claims or requests.
Why this countermeasure matters
Not collecting mandatory information to support claims or requests may lead to:
- manual follow-up and processing
- increased opportunities for omissions and errors
- fraudsters deliberately making false claims by omitting relevant information
- fraudsters receiving payments or services they are not entitled to
- fraudsters accessing information or systems without a business need
- fraudsters providing false information or evidence to support a request or claim
- fraudsters concealing information that would affect their entitlement.
How you might apply this countermeasure
Some ways to implement this countermeasure include requiring:
- mandatory fields to be completed on online claim forms
- applicants to provide income and asset statements with their claim
- providers to provide business details such as their ABN
- service providers, grant recipients or vendors to provide business details such as their ABN, ANZSIC code, business address, email address, phone number, authorised contact and associates. Note: you can verify these details using ABR Explorer
- supporting evidence to be attached with the claim.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- review policies and procedures to see if they conform to national guidelines and frameworks
- confirm the existence of reference and guidance material
- confirm mandatory information is consistently obtained
- review a sample of completed requests/transactions to confirm all mandatory information was provided
- ask staff about the mandatory requirements to make sure they have a consistent and correct understanding
- undertake pressure testing or a process walk-through to confirm that mandatory information must be provided even when pressure or coercion is applied
- identify how mandatory requirements are communicated to staff, clients and third parties
- review the training staff receive to make sure it includes information about collecting and using mandatory information
- review approvals processes and make sure mandatory information is checked.
This type of countermeasure is supported by:
Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.
Create and use unique and random identifiers to avoid misuse, such as: unique and random account numbers, claim references or asset numbers.
Make sure requests or claims use a specific form, process or system for consistency.
Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Verify any requests or claim information you receive with an independent and credible source.