Create and use unique and random identifiers to avoid misuse, such as: unique and random account numbers, claim references or asset numbers.
Why this countermeasure matters
Unique and random identifiers may help:
- prevent fraudsters from guessing identifiers due to them being sequential
- indicate if a document or identifier is forged.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- using randomly generated numbers to avoid fraudsters guessing identifiers
- having codes or sequences in numbers to link the identifier to the person’s identity such as, including their birthdate or date of initial application
- using check-sums – if the number doesn’t pass the check-sum then it may be fraudulent.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- check how identifiers are issued
- conduct a quantitative or trend analysis of misuse of identifiers
- review sample of identifies to confirm sequencing is random
- confirm identifiers are stored securely in accordance with the Protective Security Policy Framework
- review identified cases of fraud involving false or stolen identifiers
- check identifiers can be matched back to verified identity documents.