Skip to main content

Coronavirus (COVID-19) and the Attorney-General’s Department: Find out how our services are being delivered and how you can access them. For the latest COVID-19 news, updates and advice from the Australian Government, visit

Automatic notification of high-risk activities and transactions


Previous page


Next page


System generated notifications of high-risk transactions, such as:

  • access to online accounts,
  • submission of claims or requests,
  • changes to contact details
  • changes to bank accounts, and
  • outcomes of claims or requests.

Notifications may alert customers or staff of fraudulent activity.


Some examples of this type of countermeasure include:

  • Customers receive an SMS notification to confirm receipt of a new claim.
  • Providers are automatically notified via email that their bank account details have been updated.
  • Customers are automatically notified when their online account is accessed.
  • Regular payment statements are automatically sent to recipients.

Purpose of this countermeasure

Someone can provide false or misleading information or stolen evidence of identity to support a request or claim. A staff member can also abuse their position of trust to process fraudulent requests or claims for themselves or another person.

Acting dishonestly and providing false or misleading information to commit fraud are offences under the Criminal Code Act 1995.

Not notifying customers or staff of high-risk transactions, such as changes to their bank account, may allow fraudulent activity to go undetected, or delay any investigation and response.


This type of control is supported by:

How do I know if my countermeasures are effective?

You can apply the following methods to measure the effectiveness of these types of countermeasures:

  • Analyse data related to automatic notifications. Measure results against data related to activities/transactions.
  • Evaluate the method and destination of notifications. Are they sent to the best person via the best method?
  • Confirm that notifications can't be modified, suppressed, redirected or intercepted. Test controls if required.
  • Consider the timeliness of notifications, i.e. when they are sent or when they would be received. Would this provide sufficient time to respond to fraud?
  • Review the notification to determine if messages are clear and relevant to the receiver.
  • Test high-risk activities and transactions to confirm that notifications are sent.


Previous page


Next page



Commonwealth Fraud Prevention Centre logo