Watchlists
Summary
Create lists to quickly compare information to automate or require further actions. This allows an organisation to:
- automatically block anything not included on the list
- temporarily block or place a limit on anything included on the list until an additional step is performed, such as a manual check.
Why this countermeasure matters
Not using watchlists can lead to:
- fraudsters operating across different government programs without detection
- fraudsters moving from one government program to another without detection
- fraudsters reusing methods such as compromised identities to access accounts
- fraudsters using the same bank account to hijack multiple payments.
How you might apply this countermeasure
Some ways to implement this countermeasure include:
- blocking suspect bank accounts so they cannot be used for a client, provider or vendor
- making listed providers go through additional suitability checks before being registered
- requiring someone to choose from only an approved list of providers or vendors.
How to check if your countermeasures are effective
Here are some ways to measure the effectiveness of this type of countermeasure:
- conduct pressure testing to confirm that the list works as intended
- consult subject matter experts about the lists
- review policies or other documentation related to the lists
- conduct a process walk through to observe how the lists work
- review reports to see how many blocks are reported and how often
- confirm the lists are 'always on' and automatically applied
- confirm that the systems/processes underlying the lists are adequate and reliable
- confirm that attempts to use listed information is flagged and reviewed
- confirm that watchlist information is not widely known or accessible
- confirm that someone cannot manipulate the lists even when pressure or coercion is applied
- confirm that access to the lists is monitored and reviewed
- confirm that the lists are kept up-to-date.
Related countermeasures
This type of countermeasure is supported by:
Create and use unique and random identifiers to avoid misuse, such as: unique and random account numbers, claim references or asset numbers.
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Legislation and policy can help prevent, detect and respond to fraud, such as by outlining clear rules, regulations and criteria, allowing entities to collect, use and disclose information and allowing entities to enforce penalties and recover fraud losses.
Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.
Make sure forms or system controls require mandatory information to support claims or requests.
Match data with the authoritative source and verify relevant details or supporting evidence.
Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential.
This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Conduct system testing to identify vulnerabilities prior to release. Untested systems can allow vulnerabilities to be released when the system goes live.
Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs. It can also include referrals to law enforcement agencies for those groups that reach the threshold for complex criminal investigations.
Related Fraudster Personas
This countermeasure helps prevent, detect or respond to the following Fraudster Personas:
