Fraud detection software

Use fraud detection software to automatically analyse data to detect any anomalies that may indicate fraud or corruption.

This control targets both internal and external fraud risks.

Examples

Examples of this control include:

analysing system access logs to detect unauthorised access to internal systems or online accounts
monitoring for suspicious changes to client or provider bank accounts, e.g. accounts being used more than once or for multiple clients
monitoring the use of compromised personal identity information
analysing bulk data sets to identify suspicious patterns and anomalies
automating reviews of system access logs to detect unauthorised access
analysing claims data to identify suspicious patterns and anomalies.

Not using fraud detection software can lead to:

reduced transparency
a belief among fraudsters that they will not be caught
not identifying fraudulent or corrupt activity
difficulty in early detection, investigation and response to allegations of fraud.

Methods to evaluate the effectiveness of this control include:

conducting pressure testing to determine if fraudulent activity would be detected
confirming if subject matter experts are confident about how the detection programme operates
confirming that the detection programme settings are not widely known, allowing someone to deliberately avoid detection
confirming that the data or logs underlying the detection programme are adequate and reliable
confirming that detection programme reports are produced and used, and the process is adequate
confirming that detection programme results go to an independent and appropriate reviewer
reviewing a sample of detected incidents to identify areas to improve processes.

Other capability, prevention, detection and response controls that can enhance this control’s effectiveness:

Types of behaviour this control is designed to mitigate:

Explore a range of controls that can be put in place to reduce the risk of fraud happening in your organisation.