Fraud detection software

Type of countermeasure

This is a detection countermeasure. Detection countermeasures can help to identify when fraud has occurred. They can help disrupt additional fraud and reduce the consequences.

Summary

Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.

Why this countermeasure matters

A lack of fraud detection software programs may lead to:

  • fraudsters feeling confident they will not be caught
  • fraud or corrupt activity going unnoticed or unchallenged
  • delays in investigations and responses
  • unknown systemic fraud or corruption.

How you might apply this countermeasure

Some ways to implement this countermeasure include setting up fraud detection programs that:

  • analyse system access logs to detect unauthorised access to internal systems or online accounts
  • monitor for suspicious changes to client or provider bank accounts, such as common accounts being used
  • monitor the use of compromised personal identity information
  • analyse bulk data sets to identify suspicious patterns and anomalies
  • automatically review system access logs to detect unauthorised access
  • monitor for suspicious changes to provider bank accounts, including matching the user/recipient to the bank account
  • analyse claiming data to identify suspicious patterns and anomalies.

How to check if your countermeasures are effective

Here are some ways to measure the effectiveness of this type of countermeasure:

  • conduct pressure testing to determine if fraudulent activity would be detected
  • consult subject matter experts and observe how the detection program operates
  • review the extent of the detection program to determine if it would identify different methods of fraud
  • confirm that the detection program settings are appropriate. Are the settings too broad, leading to many false positives? Or are they too narrow, leaving the potential for undetected fraud?
  • confirm that the detection program settings are not widely known, allowing someone to deliberately avoid detection
  • confirm that the data/logs underlying the detection program are adequate and reliable
  • confirm that detection program reports are actually produced and used, and the process is adequate
  • confirm that detection program results go to an independent and appropriate reviewer
  • review a sample of detected incidents
  • review reports related to the detection program to discover how many potential incidents are reported and how often. Note: zero detected incidents is not evidence the detection program does not work
  • review who has access to detection program reports
  • confirm that someone cannot manipulate the detection program, including the data that underlies the program. Test the access and data protection controls if required
  • check what other reporting occurs, such as if executives review detection program reports during committee meetings.

Related countermeasures

Collect accurate and relevant data

Whole-of-Government policies require us to have a high level of confidence in data when providing government services and payments. Create policies, rules, processes and systems to collect accurate and relevant data to help: • process claims • make decisions • check and verify data • analyse data to detect fraud • investigate potential fraud • define new indicators of fraud.

Watchlists

Create lists to quickly compare information to automate or require further actions.

Match data

Match data with the authoritative source and verify relevant details or supporting evidence. Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Document capture and storage

Capture documents and other evidence for requests, claims and activities to detect, analyse, investigate and disrupt fraudulent activity.

Audit logging

Audit logging is system-generated audit trails of staff, client or third-party interactions that help with fraud investigations.

Related Fraudster Personas

This countermeasure helps prevent, detect or respond to the following Fraudster Personas:

The Fabricator

The Fabricator invents or produces something that is false to dishonestly gain personal benefits.

The Organised

The Organised are groups which use a combination of methods in planned, coordinated and sophisticated ways to dishonestly gain benefits.

The Concealer

The Concealer hides their actions from being seen or known about to dishonestly gain personal benefits.

The Exploiter

The Exploiter uses something for a wrongful purpose to dishonestly gain personal benefits.

The Impersonator

The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.

The Deceiver

The Deceiver makes others believe something that is not true to dishonestly gain personal benefits.

Was this page helpful?