Prompts and alerts

Type of countermeasure

This is a prevention countermeasure. Prevention countermeasures are the most common and cost-effective way to stop fraud. They prevent or limit the size of the fraud risk by reducing the likelihood and consequences of fraud.

decorative prevention countermeasures

Summary

Set up system prompts and alerts to warn users when information is inconsistent or irregular, which either requires acceptance or denies further actions.

Why this countermeasure matters

A lack of automatic prompts and alerts can lead to:

  • fraudsters feeling more confident their actions will not be detected
  • individuals deliberately or accidently not disclosing information that would affect entitlements
  • individuals deliberately or accidently providing false information or evidence to support a request or claim
  • insiders deliberately or accidently accessing information or systems they should not be accessing.

How you might apply this countermeasure

Some ways to implement this countermeasure include:

  • informing users or claimants up front about their obligations
  • alerting the user when the cheapest available fare is not selected
  • prompting the applicant to provide the correct information
  • staff warnings if inconsistent or erroneous information is recorded

How to check if your countermeasures are effective

Here are some ways to measure the effectiveness of this type of countermeasure:

  • review the type of prompts and alerts that exist
  • confirm that prompts and alerts are consistently applied
  • undertake pressure testing or a process walk-through to confirm that prompts and alerts exist
  • review reports to identify the number of incorrect actions completed despite prompts and alerts
  • analyse behavioural changes caused by prompts and alerts, such as claims or requests abandoned following the prompt or alert
  • review historical data to measure if the introduction of prompts and alerts improved compliance
  • consult system users about the prompts or alerts to discover if they notice them
  • consult behavioural insights experts on the prompts and alerts to find out if they influence behaviour and deter fraud
  • review approvals process and make sure there is a separation of duties, if required.

Related countermeasures

This type of countermeasure is supported by:

Clear and specific eligibility requirements

Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.

Parameters and limits

Apply limits on requests, claims or processes, such as maximum claim amounts or time periods. Enforce these limits using IT system controls.

Privileged access restrictions and monitoring

Limit and monitor privileged system accesses (those that allow staff, contractors and providers to perform special functions or override system and application controls). The Protective Security Policy Framework outlines the government protective security requirements to safeguard information from cyber threats, including to restrict administrative privileges.

Related Fraudster Personas

This countermeasure helps prevent, detect or respond to the following Fraudster Personas:

The Reckless

The Reckless acts without care, responsibility or regard to the consequences of their actions by disregarding requirements, procedures, warnings or directions to gain personal benefits.

The Impersonator

The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.

The Deceiver

The Deceiver makes others believe something that is not true to dishonestly gain personal benefits.

Was this page helpful?