VERICODE vericode.com.au

Confirmation of Payee quietly arrives in Australia

Vericode · 8 July 2025


Two of the four majors flipped a switch this week and most of the country did not blink. CommBank and Westpac will now tell you, before you press send, whether the name on the account matches the BSB and account number you typed in. The UK has been doing this for years. Europe is heading there by mandate. Australia got there on a Wednesday, with no press conference big enough to break through the usual noise.

That is exactly the kind of move worth paying attention to.

Confirmation of Payee is easy to undersell because the user experience is deliberately boring. You enter payment details. The bank checks the name against the account. If it looks right, the payment proceeds. If it looks wrong, the bank gives you a warning before the money moves.

Nothing about that feels like a grand redesign of Australian fraud control. It feels like plumbing. That is the point.

The most important scam controls often arrive as small interruptions in familiar flows. They do not ask a customer to understand a new category of risk. They do not depend on a staff member spotting a perfect pretext. They put a check at the moment where the mistake becomes expensive. That is what makes this one interesting.

For years, the weak point in payment scams has been the gap between account details and account reality. A victim believes they are paying a builder, a solicitor, a supplier, a family member, or their own new account. The BSB and number are valid. The payment rail does exactly what it was asked to do. The problem is that the name in the victim’s head and the account at the other end are not the same thing.

Confirmation of Payee makes that mismatch visible.

It does not stop every scam. It will not catch the authorised payment where the victim really does intend to pay the account in front of them. It will not solve social engineering upstream, where the caller has already done the work of convincing the person that the new details are legitimate. But it changes the default. A bank is no longer just moving money to a set of numbers. It is checking whether the story around those numbers has a basic claim to truth.

That is a quiet shift from fraud features to fraud infrastructure.

The Australian model is also worth watching because it is voluntary. AusPayNet has been chairing the project and the major banks are moving first, but this is not the same as a hard legal obligation. The test over the next year will be whether industry coordination can reach enough coverage quickly enough, and whether smaller institutions follow before the absence of the check becomes its own risk signal.

Europe gives the comparison its edge. The EU is moving towards mandatory Verification of Payee across SEPA. Australia has started with bank-led rollout and coordination. Neither model should be declared the winner in July. The useful thing is that we now have two live versions of the same basic idea.

For Australian fraud teams, the lesson is not that name checks are magic. It is that identity claims are becoming part of the transaction itself. The system is starting to ask whether the person, name, account and context belong together before the costly action happens.

That matters beyond payments. The same shape will show up elsewhere. Not because Confirmation of Payee is caller verification, or SMS sender verification, or identity proofing. It is none of those. It matters because it shows the direction of travel: trust signals are moving from advice to infrastructure.

Two majors on a Wednesday with no press conference. The boring announcements are usually the important ones.