Data is automatically matched with another source to obtain or verify details relevant to the request or claim.
NB: This may also be a detective control (depending on the type of control).
This control is underpinned by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Some examples of this type of countermeasure include:
- A batch file automatically compares claim or recipient data with a corresponding data file.
- Data link is used to automatically populate claim data.
- Data files are shared between agencies to match programme participants.
- Employment details are automatically matched with Tax File Number declarations held by the ATO.
- Recipient income is automatically verified through Single Touch Payroll.
Purpose of this countermeasure
Someone can provide false information to support a request or claim, or fail to disclose changes or information that would affect their entitlement.
Providing false or misleading information or forged documents to commit fraud are offences under the Criminal Code Act 1995.
Data matching is useful for automatically obtaining or verifying information from another source, or identify changes in circumstances.
This type of control is supported by:
- Collaboration with strategic partners
- Legislation and Policy
- Procedural instructions or guidance
- Staff are trained to apply correct processes and decisions
- A specific form, process or system must be used
- Requests or claims must meet specific eligibility requirements
- Mandatory information is required to complete the request or claim
- Prompts and alerts
- Internal escalation procedures
- Duplicates are prevented, identified and corrected
- Data protected from manipulation or misuse
- System testing
- Coordinated disruption activity
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Consult subject matter experts about the data matching process.
- Undertake quantitative analysis to determine the accuracy of the data match, e.g. the percentage of successful matches.
- Undertake quantitative analysis to determine the reliability of the data match, e.g. the data is reliable/trustworthy.
- Undertake qualitative analysis to determine the usefulness of the data match for preventing fraud.
- Review any data quality issues. Do these affect the usefulness of the data match for preventing fraud?
- Review a sample of completed requests/claims to confirm the data matching is working correctly.
- Review the original source of the data. Is this an impartial, reliable or trustworthy source?
- Review system specifications to confirm the data match is working as designed.
- Undertake testing or a process walk-through to confirm that data matching occurs and is used to support decision-making.
- Confirm data matching is always on/available.
- Confirm that someone cannot bypass data matching even when subject to pressure or coercion.