Identity verification

This control targets both internal and external fraud risks.

Examples

Examples of this control include: 

• using RealMe to confirm an individual’s identity online
• performing entry-level checks to confirm the identity of employees and contractors
• requiring service providers to present evidence of identity for company directors
• requiring applicants to provide certified copies of primary and secondary identification.

Risks from control gap

Accepting claims or requests without confirming an applicant’s identity can lead to:

• fraudsters impersonating customers or third parties to receive fraudulent payments or gain access to information
• fraudsters using false or stolen identities to receive fraudulent payments or gain access to information
• spoofing, which is the act of disguising communication from an unknown source as being from a known, trusted source.

Assessing effectiveness

Methods to evaluate the effectiveness of this control include:

• reviewing identity verification policies to make sure it is clear when a policy applies
• reviewing a sample of completed claims to confirm correct processes are being carried out
• reviewing identified cases of fraud that used a false or stolen identity to confirm whether changes are required to identity verification processes
• confirming that employees are applying processes consistently both within and across channels.

Related fraudster personas

Types of behaviour this control is designed to mitigate:

More information

• See how a robust and well-structured procurement process is the first line of defence against procurement fraud and corruption
• Check out our range of guidance to see where to start your counter fraud journey
• Learn what gaps and weaknesses to watch out for in contracting and supplier management processes
• Scan your public sector organisation to identify potential areas of fraud risk and exposure