Supplier Verification in Australia: How to Verify Before You Pay
Every payment your business makes starts with trust. Supplier verification replaces that trust with proof, confirming the business, the person, and the bank account before money moves.
Why supplier verification matters
Australian businesses lose hundreds of millions of dollars each year to payment fraud. The latest fraud statistics show payment redirection scams alone cost $152.6 million in 2024, up 66% from the previous year. The common thread in almost every case: the business paid someone without properly verifying who they were paying.
Supplier verification is the practice of confirming three things before you pay: the business is real, the person requesting payment is authorised, and the bank account belongs to the supplier. It sounds basic. Most businesses assume they already do it. But the reality is that most verification processes have critical gaps that fraudsters exploit daily.
Beyond fraud prevention, supplier verification is increasingly a compliance and governance expectation. Auditors want to see evidence that you checked before you paid. Insurers want to know you have controls in place. And the Australian Government's Scams Prevention Framework is raising the bar on what businesses are expected to do to prevent fraud.
Put simply: if you make payments to suppliers, subcontractors, or vendors, supplier verification is not optional. It is a core financial control.
What to verify before you pay
Effective supplier verification covers three layers. Missing any one of them leaves a gap that scammers can exploit.
1. The business (ABN/ASIC)
Validate the supplier's ABN against the Australian Business Register. Confirm it is active, matches the entity name, and is registered for GST if they are charging it. For companies, check ASIC records to confirm registration status, directors, and registered address.
2. The person (identity)
Confirm the identity of the individual requesting payment or providing bank details. A valid ABN does not mean the person emailing you is authorised to act for that business. Identity verification closes this gap.
3. The bank account (ownership)
Verify that the BSB and account number actually belong to the supplier. This is the step most businesses skip, and it is exactly the gap that payment redirection fraud exploits. Confirmation of Payee checks this in real time.
Common gaps in supplier onboarding
Most businesses have some form of supplier onboarding. Few have a process that actually prevents fraud. Here are the gaps we see most often.
ABN check with no identity check
You validate the ABN, but you never confirm that the person sending you bank details is authorised to act for that business. A scammer can look up any ABN on the public register.
Onboarding verification only
You verify the supplier when they first sign up, then never check again. Payment redirection fraud targets established relationships, not new ones. If a supplier changes bank details six months later, the onboarding check is irrelevant.
No bank account ownership check
You confirm the ABN is valid and the person seems legitimate, but you never verify that the bank account actually belongs to them. This is the most exploited gap in Australian payment processes.
Manual "call back" verification
You call the supplier to confirm bank details, but you use the phone number from the email (which the scammer controls) instead of a number from an independent source. This gives false confidence.
Email-based confirmations
You confirm bank details by email, but the email account has been compromised via business email compromise. The scammer replies from the real account, confirming their own fraudulent details.
No audit trail
Even when verification happens, there is no record of what was checked, when, and by whom. When something goes wrong, you cannot prove you did your due diligence.
What happens when you don't verify
The consequences of skipping supplier verification are well documented. According to ASIC, 96% of scam losses are borne by the victim. Banks recover almost nothing. Insurance rarely covers it. And the reputational damage from paying a scammer instead of your actual supplier can be worse than the financial loss.
Payment redirection fraud is the most common attack vector. A scammer impersonates one of your existing suppliers, sends "updated bank details," and your accounts payable team makes the change without verifying. The next payment goes to the scammer's account. By the time the real supplier asks where their money is, it is too late.
Fake invoice scams are the close cousin. A scammer sends an invoice that looks identical to a real supplier's invoice, complete with correct ABN and formatting. The only difference is the bank details. Without an ownership check, the payment goes through.
These are not sophisticated attacks. They work because the verification step is missing. The scammer does not need to hack your systems. They just need you to skip the check.
And the risk compounds with volume. If your business processes hundreds or thousands of supplier payments each month, the question is not whether you will be targeted. It is whether your process will catch it when you are.
How ezyshield automates supplier verification
Manual verification does not scale. Phone calls take time. Spreadsheets get out of date. Email confirmations can be compromised. ezyshield replaces manual processes with automated, real-time verification that runs before every payment.
ABN and ASIC validation
Automatically checks the supplier's ABN against the Australian Business Register and validates company registration with ASIC. Confirms the business is active, the entity name matches, and GST registration is current.
Biometric identity verification
Verifies the real person behind the supplier request. Not just a name on an email, but a biometric confirmation that the individual is who they claim to be and is authorised to act for the business.
Bank account ownership via Confirmation of Payee
Queries the receiving bank in real time to confirm the account belongs to the supplier. Not a database lookup. A live check that reflects the current state of the account. Learn more about CoP.
Continuous re-verification
Verification is not a one-time event. ezyshield re-checks every supplier before every pay run. If any detail has changed, payment is blocked until the supplier is re-verified. No changes slip through.
Supplier verification checklist
Whether you use ezyshield or a manual process, every supplier payment should pass these checks.
Validate the ABN
Look up the supplier's ABN on the Australian Business Register (abr.business.gov.au). Confirm it is active, matches the entity name on the invoice, and check GST registration if they are charging GST.
Check ASIC registration (for companies)
For Pty Ltd companies, search the ASIC register to confirm the company is registered, check the listed directors, and note the registered address. A cancelled or deregistered company is a red flag.
Verify the contact person
Confirm the identity of the person providing bank details or requesting payment. Do not rely on email alone. Use an independent channel (a phone number you sourced yourself, not one from the email) or biometric identity verification.
Confirm bank account ownership
Verify that the BSB and account number belong to the supplier entity, not just that they are valid numbers. Use Confirmation of Payee to check this against the receiving bank in real time.
Re-verify before paying
Do not assume that details verified at onboarding are still correct. Re-check before every pay run. Any change to bank details, contact information, or business structure should trigger a full re-verification.
Record everything
Keep a record of what was verified, when, and by whom. If something goes wrong, this audit trail is the difference between proving you did your due diligence and having no evidence at all.
Who needs supplier verification?
If your business pays suppliers, subcontractors, or vendors by direct debit or bank transfer, you need supplier verification. Some industries carry higher risk than others.
Construction and trades
High volumes of subcontractor payments, often with sole traders who change bank details frequently. Prime target for payment redirection.
Professional services
Accounting, legal, and consulting firms manage large payment volumes for clients. One compromised supplier payment creates liability for the firm and the client.
Healthcare and government
Strict compliance requirements and high public trust. Payment fraud in these sectors creates regulatory risk on top of financial loss.
Frequently asked questions
What does supplier verification mean in Australia?
Is supplier verification a legal requirement in Australia?
How often should I re-verify a supplier?
What is the difference between supplier verification and Confirmation of Payee?
Can ezyshield verify suppliers automatically?
Stop verifying suppliers manually
ezyshield automates ABN validation, identity verification, and bank account ownership checks. Every supplier, every payment, every time.