FREQUENTLY
ASKED
QUESTIONS

Counter Fraud Fundamentals

What is Open Banking (OB)?

Open banking is the practice of sharing financial information electronically, securely, and only under customer approved conditions. It enables a user, through an app on their phone or electronic device, to view different bank account balances (like a HSBC current account and a Barclays credit card) on the same dashboard. It also allows a potential lender to view your spending and income, so they can get a better idea of how affordable a loan is for you or your business. The app can even review your savings and tell you where and when you could get a better deal.

Who are Open Banking Implementation Entity (OBIE)?

OBIE are the company set up by the The competition and Markets Authority (CMA) in 2016 to deliver open banking. They were set up to help facilitate innovation and competition within the banking sector. OBIE have been collaborating with IASME to deliver the Counter Fraud Fundamentals Scheme (CFF). You can download more information from the Open Banking website.

What does Counter Fraud mean?

Fraud is wrongful or criminal deception intended to result in financial or personal gain. Counter fraud is the investigative measures taken to prevent, detect or respond to fraud

What types of fraud could my organisation be susceptible too?

There are three main types of fraud that an organisation could encounter in its day-to-day business.

First Party Fraud: A person or group of people give false details when applying for a product or a service. They either have no intention of repayment or receive a more favourable rate for their misrepresentation. An example of this would be a person making a false claim on their house insurance, or a married couple giving false details to their bank about how much they earn in order to obtain a better mortgage deal.
Second Party Fraud. A person knowingly gives their identity or personal details to another person to use to commit fraud. An example being, a person sees an advertisement in a shop window that says, “do you want to earn cash now?, call this number” When they call, they are coerced into handing over their bank account details, with the promise that they will receive a payment if they allow a sum of money to be deposited into their account, which they would then withdraw and send it to another account by an electronic transfer such as Western Union.
Third Party Fraud. A person or group of people use another person’s identity or personal details without their consent or knowledge to open or take over a financial account. This can happen when someone has had their payment card stolen or had their details compromised online, it can lead to the counterfeit manufacture of passports, driving licences and other ID documents, either creating a “fictitious” person or using the details of a “real” person to create documents.

What is the Counter Fraud Fundamentals Certification Scheme?

The Counter Fraud Fundamentals (CFF) scheme certifies companies of all sizes, who show that they have the fundamental fraud controls in place.

The certification will show that the correct controls are in place to protect companies and give their customers, and those within their supply chains, the assurance that the most important measures are in place to prevent fraud and protect their information.

How will this help my organisation once I am certified?

Due to the added assurance that good practice counter fraud measures are in place, the certification can attract new business to your certified organisation. This then acts as a “Trustmark” for your respected clients and business partners.

What does the assessment contain?

It consists of a set of questions which are answered via a secure assessment platform. These questions are in relation to what counter fraud controls you have in place for the company, for example.

Do you have a Fraud Policy and Strategy?
Who’s responsible for managing fraud?
What audit trails are in place to show user access and activity?
What background checks are in place for customers and suppliers?
What security systems are in place to block/eliminate a fraudster?
How do you monitor and identify potentially fraudulent activity?
Do you provide fraud training to your staff?
How do you potentially investigate fraud and which law enforcement agencies can you contact to report such criminal activity to?

I’m unsure if I have the all the answers to the questions that will be asked of my organisation?

There are guidance documents and templates available from IASME to help you complete your assessment and are available here

How do I sign up to take part in the certification?

You can apply for Counter Fraud Fundamentals Self Assessment online here. Once you have applied and paid for the assessment you will be sent login details to the online assessment platform to complete your assessment.

My company has failed the assessment can I re-apply?

If you are unsuccessful in your first assessment attempt, we will highlight the areas that require addressing. You are then given the opportunity to rectify the issues. We will conduct one further assessment free of any additional charge provided that your resubmission is made within 48 hours of receipt of our notice that your first assessment attempt has failed. Any further failures will require a new payment to be made.

How quickly can I get the results and get certified to the Counter Fraud fundamentals scheme?

We always do our best to get the Counter Fraud Fundamentals assessment results back to you as quickly as possible. It usually takes us 1 – 3 working days from the time you submit your assessment. If you have a tight deadline please let us know and we can try to fast-track your assessment.

How long does the certification last for?

It is valid for twelve months from the date of issue and will then need to be renewed after this date. We will email you with a reminder roughly a month before you have to be re-certified.

How do I get a Counter Fraud Fundamental scheme certificate?

A copy of the questions in both Excel and PDF format can be found on the Counter Fraud Fundamentals question download page.

I really want to complete this assessment, but it may take some time to get the answers needed.

You will have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund if this happens so please do not apply until you think you are ready for the assessment.

Once my organisation completes the assessment, what then happens to it?

A board/ senior member or owner manager of your organisation signs a declaration to verify that all answers on the assessment are true. It is then submitted and assessed by a trained assessor from one of IASME’s licensed Certification Bodies.

How much does it cost for a Counter Fraud Fundamentals Assessment?

It costs £400 + VAT for an assessment payable at the point of application. As soon as you have paid we will send you login details for your online assessment portal.

Find Out More

Have a look at our Frequently Asked Questions or speak to our team

FAQs

Cookie	Type	Duration	Description
cookielawinfo-checkbox-analytics		1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-analytics	persistent	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary		1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
cookielawinfo-checkbox-non-necessary	persistent	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".

Cookie	Type	Duration	Description
__cfduid		1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__cfduid	persistent	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_ga		2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga	persistent	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag		1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gat_gtag	persistent	1 minute	Used to throttle too many requests from being issued within a short time. This is part of the Google Analytics suite of services.
_gid		1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_gid	persistent	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_hjAbsoluteSessionInProgress	persistent	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	Session	1 year	This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	persistent	365 days	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
ajs_anonymous_id	persistent	365 days	This cookie is set by Segment as a randomly generated ID for anonymous users.

FREQUENTLYASKEDQUESTIONS