Set up automatic notifications of high-risk events and transactions
Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.
Why this countermeasure matters
Allowing high-risk events or transactions to occur without automatically notifying clients or staff may cause:
- fraudulent activity to go unnoticed
- delays in investigations and responses
- additional opportunities for fraud.
How to put this countermeasure in place
Some ways to implement this countermeasure include setting up system generated notifications of high-risk events or transactions, such as when:
- online accounts are accessed
- claims or requests are submitted
- contact details are changed
- bank accounts are changed
- system accesses are updated
- claims or requests are processed.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this type of countermeasure using the following methods:
- Analyse data related to automatic notifications and compare it to events or transactions.
- Evaluate the method and destination of notifications to determine if they are sent to the best person using the best method.
- Confirm that notifications cannot be modified, stopped, redirected or prevented from arriving and test controls if required.
- Consider the timeliness of notifications, such as when they are sent or when they would be received and if this would provide sufficient time to respond to potential fraud.
- Review the notification to determine if messages are clear and relevant to the receiver.
- Test high-risk activities and transactions to confirm that notifications are sent.