Australia's Scams Prevention Framework: What Businesses Must Know
The Australian Government passed the Scams Prevention Framework in February 2025. Banks, telcos, and digital platforms now face enforceable obligations and penalties of up to $50 million. Here is what it means for your payment processes.
What is the Scams Prevention Framework?
The Scams Prevention Framework is legislation introduced by the Australian Government to create a cross-sector approach to preventing scams. It was passed by Parliament in February 2025 as part of the Treasury Laws Amendment (Scams Prevention Framework) Bill. The framework establishes enforceable codes of practice for three regulated sectors: banking, telecommunications, and digital platforms.
The core principle is shared responsibility. Until now, the burden of scam losses fell almost entirely on victims. Australian consumers and businesses lost $2.74 billion to scams in 2023 alone, according to the ACCC's Scamwatch data. The framework shifts that burden by requiring regulated entities to take proactive steps to prevent, detect, disrupt, and respond to scams.
This is not voluntary guidance. The framework empowers the ACCC (for digital platforms), ASIC (for banks), and the ACMA (for telcos) to enforce sector-specific codes of practice. Entities that fail to meet their obligations face civil penalties of up to $50 million for serious or systemic breaches.
The framework also establishes a formal dispute resolution process through the Australian Financial Complaints Authority (AFCA), giving scam victims a path to seek compensation when a regulated entity fails its obligations.
Who does the framework affect?
The framework directly regulates three sectors. But its effects flow downstream to every business that uses banking services, telecommunications, or digital platforms.
Banks and financial services
Regulated by ASIC. Banks must implement measures to prevent scam payments, detect suspicious transactions, and respond to scam reports. Compliance deadline: June 2026. This will directly affect how businesses process payments through their banking providers.
Telecommunications providers
Regulated by the ACMA. Telcos must take steps to prevent scam calls and SMS messages from reaching consumers. This includes blocking known scam numbers, detecting spoofed caller IDs, and disrupting the communication channels that scammers rely on.
Digital platform providers
Regulated by the ACCC. Social media platforms, online marketplaces, and search engines must take action to prevent scam content, including fake advertisements, phishing links, and impersonation profiles that direct victims toward fraudulent payment requests.
Key obligations and deadlines
The framework introduces four core obligations for regulated entities. Each sector will have tailored codes of practice, but the principles are consistent.
Prevent
Regulated entities must take reasonable steps to prevent scams from reaching their customers. For banks, this means implementing payment verification checks and warning systems. For telcos, it means blocking scam calls and SMS. For digital platforms, it means removing scam content and advertisements.
Detect
Entities must have systems in place to detect scam activity. This includes monitoring transactions for suspicious patterns, identifying compromised accounts, and using intelligence sharing to stay ahead of emerging scam techniques.
Disrupt
When scam activity is identified, entities must act to disrupt it. This could mean freezing suspicious transactions, blocking scam communications, or removing fraudulent content. Speed matters. The faster scam activity is disrupted, the less money is lost.
Respond
Entities must respond effectively when a customer reports a scam. This includes clear reporting channels, timely investigation, and where appropriate, compensating victims. The AFCA dispute resolution process gives victims recourse when entities fail to respond adequately.
Key deadline: Banks must comply by June 2026
The banking sector code of practice is expected to be finalised first, with compliance required by June 2026. Telecommunications and digital platform codes will follow on separate timelines as determined by the ACMA and ACCC.
What this means for payment verification
The Scams Prevention Framework does not directly regulate most businesses. But it changes the environment in which every business operates. Banks will introduce new requirements for payment verification, and businesses that cannot meet those requirements will face friction, delays, or blocked payments.
Payment redirection fraud is one of the scam types the framework specifically targets. When a scammer intercepts an invoice and changes the bank details, the resulting payment goes to the wrong account. Under the framework, banks are expected to detect and prevent these payments. That means stronger Confirmation of Payee checks, transaction monitoring, and potentially requiring businesses to verify payee details before processing payments.
For finance teams, this means the days of processing payments without verifying who you are paying are numbered. If your bank implements stricter verification as part of its framework obligations, your payment processes will need to keep up. Businesses that already have strong verification practices will experience minimal disruption. Those that rely on manual processes, email confirmations, or trust will need to adapt.
The framework also creates a stronger incentive for businesses to verify proactively. Under the AFCA dispute resolution process, businesses may be able to seek compensation from their bank if the bank failed to prevent a scam payment. But that claim will be stronger if the business can demonstrate it took its own reasonable steps to verify the payment, rather than relying entirely on the bank.
The broader regulatory landscape
The Scams Prevention Framework sits alongside other regulatory developments that are raising the bar on payment verification and fraud prevention in Australia.
AML/CTF reforms
AUSTRAC's anti-money laundering regime is expanding to cover more industries. The same verification principles that underpin AML/CTF compliance, knowing who you are dealing with and keeping records, align directly with the Scams Prevention Framework's expectations.
Learn about AML/CTF complianceConfirmation of Payee
Australian banks are building Confirmation of Payee capabilities into the NPP (New Payments Platform). The Scams Prevention Framework accelerates this rollout by requiring banks to verify payee details before processing payments.
Learn about Confirmation of PayeeASIC enforcement
ASIC has increased its focus on payment fraud and scam prevention. The framework gives ASIC new enforcement powers over banking sector compliance, including the ability to impose civil penalties for systemic failures.
Consumer expectations
Public awareness of scams is rising. Consumers and businesses increasingly expect their financial institutions and payment partners to have robust scam prevention measures in place. The framework formalises these expectations into law.
How ezyshield helps you meet rising obligations
The Scams Prevention Framework signals a clear direction: businesses will be expected to verify before they pay. ezyshield automates the verification steps that sit at the heart of this expectation.
Verify the person and the business
Biometric identity verification confirms the real person behind a payment request. ABN/ASIC validation confirms the business is legitimate and active. Together, they close the identity gaps that scammers exploit.
Confirm bank account ownership
Live Confirmation of Payee checks the bank account belongs to the payee you intend to pay. This is the verification step that stops payment redirection fraud before money moves.
Re-verify before every payment
Verification is not a one-off event. ezyshield re-checks every payee before every pay run. If details have changed, payment is blocked until re-verification is complete. This aligns with the framework's expectation of ongoing vigilance.
Tamper-proof audit trail
Every verification is logged with a timestamp, result, and evidence chain. If a dispute arises under the AFCA process, you have proof that you took reasonable steps to verify before paying.
Frequently asked questions
What is the Scams Prevention Framework?
When does the Scams Prevention Framework take effect?
Does the Scams Prevention Framework apply to my business directly?
What are the penalties under the Scams Prevention Framework?
How does ezyshield help businesses prepare for the Scams Prevention Framework?
Related content
AML/CTF Compliance in Australia
How anti-money laundering regulations intersect with the Scams Prevention Framework.
LEARNPayment Fraud Prevention Guide
Practical steps to prevent payment fraud in your business.
THREATPayment Redirection Fraud
The scam type most targeted by the framework. Learn how it works and how to stop it.
PRODUCTHow ezyshield Works
See how ezyshield verifies payees before every payment.
Get ahead of the framework
ezyshield automates the payment verification that the Scams Prevention Framework demands. Start verifying before the deadlines hit.