Principle
| |
Member Organisations should implement and maintain a Case Management System to manage the response to fraud. This should facilitate the recording, monitoring and storage of data on the assessment, investigation, and resolution of suspected and identified fraud.
| |
Control Requirements
| |
| a. | Member Organisations should implement and maintain a Case Management System to manage the response to fraud and act as a database for fraud case data.
| |
| b. | The Case Management System should be used to record and monitor suspected fraud alerts, internal and external reports, and case investigations from initial assessment to resolution.
| |
| c. | The Case Management System should have the capability to:
| |
| | 1. | Restrict user access to authorised individuals and roles.
|
| | 2. | Create a workflow aligned to the operating model of the Member Organisation.
|
| | 3. | Be configurable to adapt to changes in the Member Organisation operating model or Fraud Response Plan.
|
| | 4. | Allocate cases to owners.
|
| | 5. | Categorise suspicions of fraud to inform reporting and trend analysis.
|
| | 6. | Track a case from initial alert or report to resolution.
|
| | 7. | Record investigative steps followed.
|
| | 8. | Act as a repository for all information required to investigate and resolve the fraud case (e.g., related party information, case notes, documentary evidence, customer communication, rationale for decision).
|
| | 9. | Capture an outcome at resolution of the case, including any losses and corrective actions.
|
| | 10. | Maintain records in line with the Member Organisation’s record retention schedule.
|
| d. | The Case Management System should require the capture and allow the extract of Management Information for reporting on fraud cases, including but not limited to:
| |
| | 1. | Alert unique identifier (where applicable).
|
| | 2. | Fraud transaction unique identifier.
|
| | 3. | Date of alert or initial notification.
|
| | 4. | Date and time of fraudulent transactions.
|
| | 5. | Customer name and account number.
|
| | 6. | Case status.
|
| | 7. | Origin of the incident (e.g., website, social media account or phone number used by the fraudster).
|
| | 8. | Channel used for fraudulent transactions.
|
| | 9. | Related parties.
|
| | 10. | Information on the fraudster (e.g., IP address, Device ID, Geolocation).
|
| | 11. | Outcome of the investigation.
|
| | 12. | Corrective actions.
|
| | 13. | Value of the fraud.
|
| | 14. | Losses (business and non-business).
|
| | 15. | The methods used to conduct the fraud/fraud typology (e.g., how the fraud was committed, where the funds were transferred if lost).
|
