Verify any requests or claim information you receive with an independent and credible source.
Why this countermeasure matters
Not verifying the information you receive may lead to:
- fraudsters providing false information or evidence to support a request or claim
- fraudsters hiding information that would affect their entitlements
- fraudsters successfully using forged documents to support a request or claim
- difficulties responding to fraud.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- verifying claim evidence though the Document Verification Service
- requiring a claim to have a valid provider number and then cross-referencing this with a provider register
- verifying claim eligibility by cross-referencing details held by another program or entity
- obtaining corresponding evidence from both a client and provider
- verifying professional qualifications with the education provider
- confirming business details through ABR Explorer.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- confirm the existence of reference and guidance material for manually verifying information
- review controls and policies to see if they conform to national guidelines and frameworks
- review a sample of completed requests/claims to confirm information was verified on all occasions
- undertake pressure testing or a process walk-through to confirm that verification processes cannot be forgotten or ignored
- review procedures or guidance to confirm it clearly specifies the requirements for verifying information
- identify how verification requirements are communicated to staff, customers and third parties
- ask staff about the process requirements to make sure they have a consistent and correct understanding
- confirm that someone cannot bypass or manipulate the verification requirements even when pressure or coercion is applied
- review the approvals process to find out if the decision-maker confirms that information was verified
- review the training staff receive to make sure it includes information about how to verify information.
This type of countermeasure is supported by:
Adequately resourced prevention and compliance areas enable entities to perform effective countermeasures.
Match data with the authoritative source and verify relevant details or supporting evidence. Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.
Make sure forms or system controls require mandatory information to support claims or requests.
Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.