Create a free account, or log in

New $100 million system to protect small businesses from dodgy bank transfers

Small businesses and everyday bank customers will soon be shielded from costly scams by a $100 million “confirmation of payee” system, designed to bind a bank account number with the name of its owner.
David Adams
David Adams
banks price gouging bank branch closure
(Clockwise from top left) The logos of NAB, ANZ, Westpac, and Commonwealth Bank. Source: AAP Image/ Joel Carrett.

Small businesses and everyday bank customers will soon be shielded from costly scams by a $100 million “confirmation of payee” system, designed to bind a bank account number with the name of its owner.

The Australian Banking Association (ABA) on Friday revealed its Scam-Safe Accord, a new, collaborative initiative from major banks and credit unions across Australia.

It includes major technical upgrades allowing banks and their customers to detect, prevent, and report fraudulent transactions.

At the core of the system is the “confirmation of payee” initiative, which will effectively lock a bank account number with the personal details of its owner.

This information will help those transferring funds to confirm they are paying who they want to pay — and not one of the criminals contributing to billions in total scam losses each year.

The system is billed as a powerful new tool to interrupt payment misdirection scams, which occur when a scammer infiltrates a business’ genuine email address and sends invoices with fake payment details.

Each bank will implement the new name-checking technology, which will be built and implemented between 2024 and 2025.

It is projected to be a significant technical step up from existing name-check systems implemented by the likes of Commonwealth Bank.

The “confirmation of payee” system will also run independently of the eInvoicing initiative, which enables safe transfers between one small business’ accounting software to another.

Additionally, the Scam-Safe Accord will require the banks to use at least one piece of biometric data for new customers when they open a new account online.

Biometric data includes a customer’s face, voice, or fingerprint, and is intended to stymie scammers using fake forms of identification when establishing a fresh account.

Banking customers can also expect to face more questions and delays when filing suspicious, risky, or out-of-character transfers.

Transfers will be possible once the payer affirms the account details are correct.

These warnings will roll out from December 2024.

The ABA says customers can expect these limits to affect payments to cryptocurrency platforms, which remain a major conduit for stolen funds.

“Once stolen funds are in a getaway vehicle to a high-risk cryptocurrency platform it is virtually impossible to recover them,” the ABA said.

Those systems will be strengthened by heightened coordination and information-sharing between financial institutions.

All ABA members, and members of the Community Owned Banking Association, will join the Australian Financial Crimes Exchange from mid-2024.

They will sign on to the Fraud Reporting Exchange before the end of 2025.

Australian Small Business and Family Enterprise Ombudsman Bruce Billson said the new commitment will help a small business sector that lost $13.7 million to scams last year.

“Today’s pledge by the banking industry to roll out a new confirmation of payee system will go a long way to stopping scammers being able to divert invoice payments by simply and silently changing a bank account number,” Billson said in a statement.

Assistant Treasurer and Minister for Financial Services also welcomed the initiative, saying it partners with the federal government’s own efforts to combat online scams.

“We delivered on our election commitment to establish a National Anti‑Scam Centre and we are glad to see the banking industry taking their own proactive steps,” he said.

The federal government this week confirmed $18.2 million in new initiatives helping small businesses self-assess their digital risk profiles, and respond to cyberattacks when they occur.