LEARN

How to Verify Supplier Bank Account Details in Australia

A practical guide for finance teams. What to check, which verification methods actually work, and how to stop paying the wrong account.

BSB & account checks

Ownership verification

Step-by-step process

Why you need to verify supplier bank details

Every supplier payment your business makes relies on one assumption: the bank details on the invoice belong to the supplier. In most cases, nobody checks whether that assumption is true. And that is exactly the gap that payment redirection fraud exploits.

The scam is straightforward. A fraudster impersonates one of your existing suppliers, sends an email with "updated bank details," and your accounts payable team makes the change. The next payment goes to the scammer's account. The BSB is valid. The account number is real. Everything looks correct. But the account belongs to someone else entirely.

According to the latest Australian fraud statistics, payment redirection scams cost businesses $152.6 million in 2024. The common thread in nearly every case: no one verified that the bank account belonged to the supplier before paying.

Verifying bank details is not just about fraud prevention. Auditors expect it. Insurers ask about it. And the Australian Government's Scams Prevention Framework is raising the standard for what businesses are expected to do before making payments.

What to check when verifying bank details

Verifying supplier bank details involves three distinct checks. Most businesses only do the first one, which is the least useful.

1. BSB validity

Confirm the BSB is a valid, active bank-state-branch code. This tells you the bank and branch, but nothing about who owns the account. A scammer's BSB is just as valid as your supplier's.

2. Name matching

Check that the account holder name matches the supplier entity name on your records. Partial matches, abbreviations, and trading names make manual matching unreliable without a formal check.

3. Account ownership

Verify that the bank account actually belongs to the supplier. This is the critical check. Account ownership verification queries the receiving bank to confirm the account holder. This is the step most businesses skip.

Common verification methods and their flaws

Most finance teams use one of these methods to verify bank details. Each has significant weaknesses that fraudsters exploit.

Phone callback

You call the supplier to confirm their bank details. But if you use the phone number from the suspicious email (rather than an independently sourced number), you are calling the scammer who will happily confirm their own fraudulent details.

Email confirmation

You email the supplier to confirm their bank account. But if the email account has been compromised through business email compromise, the scammer responds from the real email address, confirming the fake details.

BSB lookup

You validate the BSB against a directory to confirm it is a real bank and branch. This tells you nothing about who owns the account. A valid BSB with a scammer's account number will pass every BSB check.

Supplier self-declaration form

You ask the supplier to fill in a bank details form and sign it. A scammer can fill in the same form with their own details. The form provides a false sense of security without any actual verification.

The common problem: all four methods rely on the supplier (or someone claiming to be the supplier) to confirm their own details. None of them independently verify that the bank account belongs to the claimed entity. That is what Confirmation of Payee solves.

Step-by-step bank account verification process

Follow this process every time a supplier provides new bank details or requests a change.

Do not use the contact details from the request

If a supplier emails you with new bank details, do not call or email them using the contact information in that email. Look up the supplier's phone number from an independent source: your original contract, their website, or a number you have used before.

Validate the BSB

Check the BSB against the Australian Payments Network BSB directory to confirm it is valid and identify the bank and branch. This is a necessary step but not sufficient on its own.

Verify the ABN matches the supplier

Look up the supplier's ABN on the Australian Business Register. Confirm the ABN is active, the entity name matches your records, and GST registration is current if they charge GST. Learn more about ABN verification.

Confirm bank account ownership

Use Confirmation of Payee to check with the receiving bank that the account holder name matches the supplier. This is the only method that independently verifies ownership without relying on the supplier to confirm their own details.

Verify the person making the request

Confirm the identity of the individual providing the bank details. Are they authorised to act on behalf of the supplier? Biometric identity verification removes the guesswork. A valid ABN does not mean the person emailing you is legitimate.

Record the verification

Document what was checked, when, by whom, and what the result was. This audit trail is essential for compliance, insurance claims, and internal governance. If something goes wrong, you need proof you followed your process.

EZYSHIELD

How ezyshield automates bank account verification

Manual verification does not scale. Every phone call takes time. Every email can be compromised. Every spreadsheet goes stale. ezyshield replaces manual checks with automated, real-time verification that runs before every payment.

Live Confirmation of Payee

Queries the receiving bank in real time to confirm the account holder matches the supplier. Not a database lookup. A live check through banking infrastructure that reflects the current state of the account.

ABN and ASIC validation

Automatically validates the supplier's business registration. Confirms the ABN is active, the entity name matches, and the company is registered with ASIC. All done before payment, not after.

Biometric identity verification

Confirms the real person behind the payment request. Not just a name on an email, but a biometric check that the individual is who they claim to be and is authorised to act for the supplier.

Re-verification before every pay run

Verification is not a one-time event. ezyshield re-checks every supplier before every pay run. If any detail has changed since the last verification, payment is blocked until re-verified.

See How It Works

Bank Details Verified

BSB Valid

Account Ownership Match

ABN / ASIC Active & Valid

Identity Confirmed

Frequently asked questions

How do I verify a supplier's bank account in Australia?

The most reliable method is Confirmation of Payee (CoP), which queries the receiving bank in real time to confirm the account holder name matches the supplier you intend to pay. You can also validate the BSB to confirm the bank and branch, but BSB validation alone does not confirm who owns the account.

Is BSB validation enough to prevent payment fraud?

No. BSB validation only confirms that a BSB number is valid and identifies the bank and branch. It does not tell you who owns the account. A scammer can provide a valid BSB with their own account number, and BSB validation will pass. You need account ownership verification to close this gap.

What is the difference between verifying a bank account and verifying account ownership?

Verifying a bank account typically means checking that the BSB and account number are valid and exist. Verifying account ownership goes further by confirming that the account belongs to the specific person or business you intend to pay. The ownership step is what prevents payment redirection fraud.

How often should I verify supplier bank details?

Best practice is to re-verify before every pay run, not just when a supplier is first onboarded. Payment redirection fraud often targets established supplier relationships by sending fake "updated bank details" emails. Continuous re-verification catches changes that one-time checks miss.

Can ezyshield verify supplier bank accounts automatically?

Yes. ezyshield uses live Confirmation of Payee to verify bank account ownership in real time, as part of a broader verification flow that includes ABN/ASIC validation and biometric identity checks. Verification runs automatically before every pay run, with no manual phone calls or emails required.

Stop verifying bank details manually

ezyshield replaces phone calls and emails with real-time bank account verification. Automated, scalable, and auditable.

Book a Demo How It Works