Fraud detection programs
Software programs that automatically analyse data to detect anomalies that may indicate fraudulent activity.
Some examples of this type of countermeasure include:
- Automatic review of system access logs to detect unauthorised access.
- Monitoring for suspicious changes to provider bank accounts.
- Analysing claiming data to identify suspicious patterns and anomalies.
Purpose of this countermeasure
Failing to automatically analyse data and evaluate anomalies can lead to fraud and corruption going undetected.
Customers, public officials or contractors can take advantage of this environment to commit fraud and avoid exposure.
Fraudsters will also be less deterred from committing fraud if they think the chance of detection is low.
This type of countermeasure is supported by:
- A specific form, process or system must be used
- Data matching
- Data protected from manipulation or misuse
- Tip-offs and Public Interest Disclosures
- Documentation and evidence storage
- Coordinated disruption activity
- Audit logging
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Conduct vulnerability testing – test if fraudulent activity would be detected.
- Consult subject matter experts.
- Process walk through - sit with a staff member while they run a detection program and respond to results.
- Review the detection program to determine if it would identify different methods of fraud.
- Confirm that the detection program tolerances or parameters are appropriate.
- Confirm that the detection program parameters or thresholds are not widely known.
- Confirm that the data/logs underlying the detection program are adequate and reliable.
- Confirm that detection program reports are actually produced and used. Is the process is adequate?
- Confirm that detection program results go to the most appropriate staff/team for review. Is this segregated from processing staff?
- Review a sample of detected incidents.
- Undertake analysis of data related to the detection program. E.g. how many anomalies are reported? How often?
- Review who has access to detection program reports.
- Confirm that someone cannot manipulate the detection program (including the data that underlies the program). Test this if required.
- Check what other reporting occurs, e.g. do executives review detection program reports during committee meetings?