Experts have praised the security standards that companies have to meet if they are to interact with government IT systems such as the Police National Computer or the Government's secure intranet.
The standards were developed by the Computer Communications and Telecommunications Agency and later by the Computer Electronic Security Group, which is part of the Government's GCHQ.
"On the whole, the Government is very good [on fraud prevention and security on its systems]," said Neil Barrett, technical director at consultancy Information Risk Management.
However, with the ILA scheme much of this good work appears to have been ignored. The scheme was shut down after the Government discovered the system was rife with fraud. "It is surprising that this [the ILAs] could have got it so comprehensively wrong," said Barrett.
The Web site for registering ILA training providers and students only used a password and may have allowed fraudsters to guess account numbers. Fraudulent training providers were able to register with the system, pocketing millions of pounds in government funds.
Security software can restrict access to systems and spot fraud when it is occurring. Packages from suppliers such as HNC and SAS pick up suspicious transactions by monitoring bank account traffic and other data.
Who was running the IT systems?
The systems behind the Individual Learning Account scheme were outsourced to Capita. It was one of a number of large Government contracts the company holds. Others include:
BBC selects Capita as preferred supplier for a £500m, 10-year contract to take over the administration of the television licensing system.
Capita announces that it has won a £400m, 10-year contract with the Criminal Records Bureau for the development of its information systems infrastructure.
Capita wins a five-year, £9.5m outsourcing deal with the Navy, Army and Air Force Institutes to redevelop and operate its administrative systems.