Home / Glossary
Payment fraud and verification glossary
This glossary defines the payment fraud, verification, and compliance terms Australian finance and accounts payable teams need, from confirmation of payee and payment redirection fraud to AML/CTF and PayTo.
A
- ABA File An ABA file is a plain-text file, in the format defined by the Australian Bankers' Association, that lists batched payment instructions such as BSB, account number, and amount for a bank to process a bulk pay run.
- ABN Verification ABN verification confirms that an Australian Business Number is valid, active, and registered to the business you are dealing with, using the Australian Business Register.
- Account Name Check An account name check verifies that the name on a bank account matches the intended payee before funds are sent, a core defence against payment redirection fraud.
- Account Number An account number is the digit sequence that identifies a specific bank account, paired with a BSB to route an Australian payment to the correct destination.
- Account Takeover Account takeover is when a criminal gains unauthorised access to a legitimate user's account, such as an email or banking login, and uses it to commit fraud or redirect payments.
- Accounts Payable (AP) Accounts payable (AP) is the business function and ledger responsible for paying suppliers, covering invoice approval, vendor details, and outgoing payments.
- ACN Verification ACN verification confirms that an Australian Company Number is valid and matches a company registered with ASIC, so you can be sure the entity legally exists.
- AML/CTF Program An AML/CTF program is the documented framework a reporting entity must maintain to identify, mitigate, and manage money laundering and terrorism financing risks across its designated services.
- Anti-Money Laundering (AML) Anti-money laundering (AML) is the set of laws, controls, and processes businesses use to detect and prevent criminals from disguising illegally obtained money as legitimate funds.
- Append-Only Audit Trail An append-only audit trail is a record where new entries are added but existing entries are never edited or deleted, so every verification and change is logged in sequence as evidence.
- ASIC Check An ASIC check looks up a company's registration details in the Australian Securities and Investments Commission register to confirm it exists, is current, and matches who you are paying.
- AUSTRAC AUSTRAC is Australia's financial intelligence agency and AML/CTF regulator, which supervises reporting entities and collects transaction and suspicious matter reports to combat financial crime.
- Authorised Push Payment Fraud (APP Fraud) Authorised push payment fraud (APP fraud) is when a victim is deceived into authorising a payment from their own account to a fraudster, so the transfer is genuine but the instruction was obtained by deception.
B
- Bank Account Ownership Verification Bank account ownership verification confirms that a person or business actually owns the bank account they have nominated, before you pay it, so funds are not sent to an account controlled by a fraudster.
- Bank Detail Change Fraud Bank detail change fraud is a scam where a criminal poses as a supplier or employee to request a change of bank account details, so future payments are diverted to the fraudster.
- BECS BECS (the Bulk Electronic Clearing System) is the framework governing Australia's bulk direct entry payments, such as payroll and supplier runs, that are batched and settled on a scheduled basis.
- Beneficiary A beneficiary is the person or business that receives funds in a payment, whose bank account details determine where the money lands.
- Biometric Verification Biometric verification confirms a person's identity by matching a physical trait, such as their face, against a trusted reference like a photo identity document.
- BSB A BSB (Bank State Branch) is the six-digit code that identifies the bank and branch holding an Australian account, used together with the account number to direct a payment.
- Business Email Compromise (BEC) Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
- Business Verification Business verification confirms that a business is real, legally registered, and controlled by the people it claims, using sources such as the Australian Business Register and ASIC records.
C
- CEO Fraud CEO fraud is a scam where an attacker impersonates a senior executive, such as the CEO or CFO, to pressure staff into making an urgent payment or changing payment details.
- Chargeback A chargeback is a forced reversal of a card payment initiated by the cardholder's bank to return funds, typically after a disputed or fraudulent transaction.
- Confirmation of Payee (CoP) Confirmation of Payee (CoP) is a check that matches the account name a payer enters against the name registered on the destination bank account, warning them before payment if the details do not match.
- Consumer Data Right (Open Banking) The Consumer Data Right (CDR) is an Australian law, overseen by the ACCC and OAIC, that lets consumers authorise sharing of their banking data with accredited third parties; its banking application is known as open banking.
- Counter-Terrorism Financing (CTF) Counter-terrorism financing (CTF) is the set of controls that detect and stop funds being raised, moved, or used to support terrorism, usually paired with anti-money laundering obligations.
- Customer Due Diligence (CDD) Customer due diligence (CDD) is the process of identifying and verifying who a customer is, and assessing their risk, before providing a designated service to them.
D
- Data Sovereignty Data sovereignty is the principle that data is subject to the laws of the country where it is stored, so keeping Australian data onshore ensures it stays under Australian legal protections.
- Deepfake Fraud Deepfake fraud is the use of AI-generated fake video, images, or audio to impersonate a real person and deceive victims into approving payments or verifying transactions.
- Designated Service A designated service is any activity listed in Australia's AML/CTF Act, such as certain financial, remittance, or gambling services, that triggers anti-money laundering obligations for the provider.
- DFAT Consolidated List The DFAT Consolidated List is the register kept by Australia's Department of Foreign Affairs and Trade of all individuals and entities subject to Australian sanctions, used as the reference for sanctions screening.
- Digital Identity A digital identity is a verified electronic representation of a person or business that can be reused to prove who they are online without repeating manual document checks.
- Direct Debit Direct debit is an arrangement that lets a business pull funds from a customer's bank account on agreed dates, using the account's BSB and number under a signed authority.
- Direct Entry (DE) Direct entry (DE) is Australia's bulk electronic payment method for batched, non-urgent transactions like payroll and supplier payments, settled in scheduled runs rather than in real time.
- Document Verification Document verification checks that an identity document, such as a passport or driver licence, is genuine and valid, often against authoritative government data sources.
- Duplicate Payment Fraud Duplicate payment fraud is when the same invoice is paid more than once, either through error or deliberate manipulation, with a fraudster capturing or keeping the extra payment.
E
- Electronic Funds Transfer (EFT) Electronic funds transfer (EFT) is the movement of money from one bank account to another over electronic networks, covering direct entry, direct debit, and real-time payments in Australia.
- Electronic Identity Verification (eIDV) Electronic identity verification (eIDV) confirms a person's identity electronically by matching their details against trusted data sources rather than manually inspecting physical documents.
- Email Spoofing Email spoofing is the forging of an email's sender details so a message appears to come from a trusted person or company, and is commonly used to make payment fraud look legitimate.
- Enhanced Due Diligence (EDD) Enhanced due diligence (EDD) is the additional scrutiny applied to higher-risk customers, such as politically exposed persons, involving deeper identity checks and closer monitoring than standard due diligence.
- ePayments Code The ePayments Code is an ASIC-administered code of practice that sets consumer protections for electronic payments in Australia, including rules for unauthorised transactions and mistaken internet payments.
F
- Fake Invoice Scam A fake invoice scam is a fraud where an attacker sends an invoice for goods or services that were never supplied, or from a supplier that does not exist, to trick a business into paying.
- First-Party Fraud First-party fraud is when a person uses their own or a manipulated identity to obtain goods, credit, or services with no intention of paying or meeting their obligations.
G
- Ghost Employee Fraud Ghost employee fraud is a payroll scheme where a non-existent or terminated employee is kept on the payroll so their wages are paid into an account controlled by the fraudster.
- Ghost Vendor Fraud Ghost vendor fraud is a scheme where a fake or shell supplier is added to a company's vendor master file so payments can be made for goods or services that are never delivered.
I
- Identity Verification (IDV) Identity verification (IDV) is the process of confirming that a person is who they claim to be, using identity documents, biometrics, or trusted data sources.
- Insider Fraud Insider fraud is fraud committed by an employee, contractor, or other trusted insider who abuses their access to systems or payment processes for personal gain.
- Invoice Fraud Invoice fraud is a scam where criminals send fake or altered invoices, often with changed bank details, to trick a business into paying money into an account they control.
K
- Know Your Business (KYB) Know Your Business (KYB) is the process of verifying a business customer or supplier, including its ABN, ACN, ASIC registration, and beneficial owners, before you transact with it.
- Know Your Customer (KYC) Know Your Customer (KYC) is the process of identifying and verifying a customer's identity, required of reporting entities under Australia's AML/CTF regime overseen by AUSTRAC.
M
- Man-in-the-Middle Attack A man-in-the-middle attack is when an attacker secretly intercepts or alters communications between two parties, such as emails between a business and its supplier, to redirect payments.
- Mandate Fraud Mandate fraud is a scam where a criminal poses as a supplier and requests a change to the bank or direct debit details on a payment mandate, so future payments are diverted to the fraudster.
- Money Mule A money mule is a person who receives and transfers stolen or fraudulent funds through their own bank account on behalf of criminals, helping to launder the proceeds of fraud.
- Multi-Factor Authentication (MFA) Multi-factor authentication (MFA) requires two or more independent proofs of identity, such as a password plus a one-time code or biometric, before granting access, reducing account takeover risk.
N
- Name Matching Name matching compares the name a payer supplies against the name registered on a bank account or business record, allowing for minor variations, to flag mismatches before payment.
- New Payments Platform (NPP) The New Payments Platform (NPP) is Australia's real-time payments infrastructure that clears and settles account-to-account transactions between banks within seconds, around the clock.
O
- Ongoing Customer Due Diligence (OCDD) Ongoing customer due diligence (OCDD) is the continuous monitoring of customers and their transactions over time to keep identity records current and detect activity inconsistent with their known risk profile.
- Osko Osko is a BPAY-run service on the New Payments Platform that delivers near-instant account-to-account transfers between participating Australian banks, usually settling within a minute.
P
- Pay Run A pay run is a scheduled batch of outgoing payments a business processes together, such as paying a group of supplier invoices or staff wages in a single direct entry file.
- Payee Verification Payee verification confirms that the party you are about to pay is who they claim to be and owns the account receiving the funds, before a payment is authorised.
- Payer A payer is the person or business that sends funds in a payment, authorising money to move from their account to the beneficiary's.
- Payer Verification Payer verification confirms the identity and account ownership of the party sending or authorising a payment, so only a genuine, verified payer can set up or approve a debit.
- PayID PayID is an Australian addressing service that links a bank account to a memorable identifier like a mobile number, email, or ABN, so payments can be sent without sharing a BSB and account number.
- Payment Identity Verification (PIV) Payment Identity Verification (PIV) is the practice of verifying the identity and account ownership of the people and businesses involved in a payment before the money moves.
- Payment Redirection Fraud Payment redirection fraud is a scam where criminals trick a business into sending money to a bank account they control, usually by posing as a supplier and changing the payment details on an invoice.
- Payment Verification Payment verification is the process of confirming that a payee's identity and bank account details are genuine before a payment is sent, so money reaches the intended recipient and not a fraudster.
- Payroll Fraud Payroll fraud is the theft of money through a company's payroll system, such as creating fake employees, inflating hours, or diverting salary payments to a fraudster's account.
- PayTo PayTo is an Australian digital service that lets a business set up and manage real-time, pre-authorised payments from a customer's bank account through the New Payments Platform.
- PayTo Agreement A PayTo agreement is the digital mandate a customer approves in their banking app that authorises a business to initiate PayTo payments from their account on defined terms.
- Phishing Phishing is a scam where fraudulent emails, texts, or websites pose as a trusted organisation to trick people into revealing passwords, financial details, or approving payments.
- Politically Exposed Person (PEP) A politically exposed person (PEP) is someone who holds or has held a prominent public position, and is treated as higher risk for bribery or corruption, requiring enhanced due diligence.
- Privacy Act and the Australian Privacy Principles The Privacy Act 1988 and its Australian Privacy Principles are the laws governing how Australian organisations collect, use, store, and disclose personal information, overseen by the OAIC.
- Procurement Fraud Procurement fraud is the manipulation of a purchasing process for illegitimate gain, including kickbacks, bid rigging, fake suppliers, and inflated or fictitious invoices.
R
- Re-Verification Re-verification is repeating an identity or account check when key details change, such as a new bank account, so a previously trusted payee cannot be silently swapped for a fraudster.
- Real-Time Gross Settlement (RTGS) Real-time gross settlement (RTGS) is a method of settling high-value payments individually and immediately, transaction by transaction rather than in batches; in Australia this runs through the Reserve Bank's RITS system.
- Reconciliation Reconciliation is the process of matching a business's payment records against its bank statement to confirm every transaction is accounted for and correct.
- Record Keeping (Seven-Year Rule) The seven-year rule is the AML/CTF requirement that reporting entities keep customer identification and transaction records for at least seven years after the relevant service or transaction ends.
- Regtech Regtech is technology that helps businesses meet regulatory obligations more efficiently, automating tasks like identity verification, AML/CTF screening, and compliance reporting.
- Remittance Advice A remittance advice is a notice a payer sends to a supplier confirming which invoices a payment covers, helping the supplier match the funds received to their records.
- Remittance Fraud Remittance fraud is a scam that manipulates remittance advice or payment instructions, such as altered bank details, to divert supplier payments to an account controlled by the fraudster.
- Reporting Entity A reporting entity is a business that provides one or more designated services under Australia's AML/CTF regime, and is therefore required to enrol with AUSTRAC and meet its reporting and compliance duties.
S
- Sanctions Screening Sanctions screening is the process of checking a person or business against government sanctions lists to confirm you are not dealing with an individual or entity you are legally prohibited from transacting with.
- Scams Prevention Framework The Scams Prevention Framework is Australian legislation that imposes mandatory obligations on banks, telcos, and digital platforms to prevent, detect, report, and respond to scams, backed by ACCC enforcement.
- Social Engineering Social engineering is the manipulation of people into revealing information or taking action, such as approving a payment, by exploiting trust, urgency, or authority rather than hacking systems.
- Spear Phishing Spear phishing is a targeted form of phishing that uses personalised details about a specific individual or organisation to make the fraudulent message more convincing.
- Supplier Impersonation Supplier impersonation is a scam where a fraudster pretends to be a legitimate supplier, using lookalike emails, letterhead, or phone calls, to redirect payments or submit fake invoices.
- Supply Chain Fraud Supply chain fraud is fraud that exploits the relationship between a business and its suppliers, such as impersonating a vendor or compromising a supplier's systems to redirect payments.
- Suspicious Matter Report (SMR) A suspicious matter report (SMR) is a report a reporting entity must submit to AUSTRAC when it forms a reasonable suspicion that a customer or transaction is linked to money laundering, terrorism financing, or another crime.
- Synthetic Identity Fraud Synthetic identity fraud is the creation of a fake identity by combining real and fabricated details, such as a genuine ABN with false personal information, to open accounts or obtain credit.
T
- Telegraphic Transfer (SWIFT) A telegraphic transfer is an international electronic bank-to-bank payment, commonly routed over the SWIFT network, used to send funds across borders.
- Threshold Transaction Report (TTR) A threshold transaction report (TTR) is a report a reporting entity must lodge with AUSTRAC for any cash transaction of AUD 10,000 or more.
- Tipping Off Tipping off is the criminal offence of disclosing to a customer or third party that a suspicious matter report has been, or will be, submitted to AUSTRAC, or that related information has been shared.
V
- Vendor Email Compromise (VEC) Vendor email compromise (VEC) is a scam where an attacker takes over or spoofs a supplier's email account to send fraudulent invoices or bank detail changes to that supplier's customers.
- Vendor Master File A vendor master file is the central record of a business's suppliers and their payment details, including bank accounts, that accounts payable relies on to pay the right party.
- Verification Fingerprinting Verification fingerprinting captures a unique record of the exact identity and account details that were verified, so any later change to those details can be detected and re-verified.
- Voice Cloning Fraud Voice cloning fraud is a scam that uses AI-generated audio to mimic a real person's voice, often an executive, to authorise payments or pressure staff over the phone.
No terms match your search.
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.