Fraud and security continue to be problems for firms. Fraud information is typically incomplete and deliberately obfuscated. These qualities make fraud events harder to detect using conventional security controls. This study uses a knowledge management framework to explore how different types of controls are used to detect and investigate information fraud. The analysis is based on the customer fraud database of a large Asia-Pacific telecommunications provider. Semi-structured interviews were also conducted with the firm's fraud unit. The study finds that IS controls, with high task programmability and outcome measurement, are used to detect the majority of fraud cases. However, more complex fraud cases use clan controls for detection. The paper also provides insight into the way in which combinations of controls are used to investigate cases. The study raises implications for both theory and practice.