TradesFieldTradesField
Open appGet started

RESOURCE

What is Confirmation of Payee (CoP)?

What is Confirmation of Payee (CoP)?
Liam Gibson5 min read
Back to Blog

In an increasingly digital economy, the speed and convenience of online payments are undeniable. However, this convenience comes with significant risks. Fraudsters keep finding smart ways to steal money, with businesses and people in Australia losing millions of dollars every year. As these threats evolve, so too must our defences. To fight rising payment fraud, Australia’s banks are introducing an important security step: Confirmation of Payee (CoP). This article will explore what Australia's Confirmation of Payee solution is, how it functions, and why it represents a crucial step forward in protecting businesses and consumers from devastating invoice and payment fraud.

The Threat of Invoice Fraud in Australia

Invoice fraud, a pervasive type of payment redirection scam, has become a multi-million dollar threat to Australian businesses of all sizes. It involves criminals using deception to trick a company’s accounts payable department into paying fraudulent invoices or legitimate invoices that have had their banking details covertly altered. The methods are often sophisticated and deceptive, exploiting human error and targeting vulnerabilities within a business's standard payment approval processes. The core of the scam is to divert a payment intended for a legitimate supplier into an account controlled by the fraudster.

The rise of Invoice Fraud

Scammers execute these schemes with alarming sophistication. A primary tactic is Business Email Compromise (BEC), where fraudsters gain access to a business’s or its supplier's email account. Once inside, they can monitor email threads and correspondence to understand billing cycles and relationships. When the time is right, they intercept a legitimate invoice, alter the BSB and Account Number to one they control, and forward the modified invoice. To the paying business, the email address and content appear to come from a trusted supplier, making the scam incredibly difficult to detect before it's too late.

The financial repercussions are staggering. Payment redirection scams caused big money losses, with Australian businesses losing $227 million in 2021 alone, a 77% increase from the previous year. These losses highlight a critical weakness in traditional payment systems that lack real-time verification of recipient account details.

Why manual checks are not enough

Many businesses believe their manual verification processes are sufficient to prevent invoice fraud. A common procedure involves requesting a bank account certificate or a redacted bank statement from a new supplier to confirm their banking details. However, this method is no longer a reliable safeguard against determined criminals. With the rise of advanced AI and sophisticated editing software, fraudsters can easily forge these documents with convincing accuracy, creating a dangerous false sense of security.

Furthermore, even a real document only shows that the bank account exists. It does not prove that the Account Name belongs to the owner of that Account Number. A scammer can easily provide a legitimate bank statement for an account they control under a different name, completely bypassing this flawed manual check. This gap is precisely what fraudsters exploit to execute their attacks.

Introducing Confirmation of Payee (CoP)

Developed by Australian Payments Plus (AP+) and supported by the Australian Banking Association and major Australian banks, Confirmation of Payee is a powerful verification service designed to combat payment fraud and reduce accidentally misdirected payments. As a key initiative under the government's Scam-Safe Accord, it provides a critical layer of security before a payment is finalised, giving payers greater assurance that their money is going to the intended recipient. This system is a unique Australian solution and should not be confused with similarly named services in other countries, like the UK.

What is Confirmation of Payee?

At its core, Confirmation of Payee is an account name-checking service. When a customer adds a new payee or pays a new account, the service checks the Account Name. It sees if the name matches the one registered to the BSB and Account Number at the recipient’s bank. This simple yet powerful check occurs in near real-time, directly addressing the vulnerabilities exploited in invoice fraud and other fraudulent activities. By verifying the payee’s bank details at the point of payment, CoP acts as a crucial failsafe, flagging potential discrepancies before funds are irrevocably transferred as part of an Authorised Push Payment.

Possible Match Outcomes From Payment Checks

When a CoP check is performed, the service returns one of several clear outcomes. Each result is designed to empower the payer, giving them the information needed to make an informed decision about whether to proceed with, review, or cancel the payment. The potential match outcomes are:

  • Match: This indicates that the Account Name and account details entered by the payer perfectly match the records held by the payee’s bank. The customer can proceed with a high degree of confidence.
  • Close Match: This result occurs when the details are very similar but not identical (e.g., due to a minor typo or the use of an initial instead of a full first name). In this case, the service will display the actual Account Name registered with the bank, allowing the payer to confirm it is the correct recipient before approving the payment.
  • No Match: This is a critical red flag. It means the name entered does not match the name registered to the account details provided. The system will advise the payer to stop and check the details with the person or business they are trying to pay, as this could be an indication of a scam or a simple error.

How does CoP work for Business Accounts?

Confirmation of Payee is equally effective for verifying business accounts, a critical function for securing B2B transactions. A common concern among businesses is dealing with subcontractors or sole traders who may supply a business name on their invoice but use a personal bank account for payment.

However, this is precisely a situation where CoP demonstrates its value. If a supplier’s invoice shows their business name, like "ABC Plumbing," but the bank account is a personal one under a different name, like "John Smith," CoP will say "No Match." This is not a failure of the system; it is the system working correctly. It has identified a critical discrepancy between the invoiced Account Name and the name on the bank account, prompting the accounts payable team to halt the payment and verify the details directly with the supplier through a trusted communication channel.

How Confirmation of Payee Prevents Payment Fraud

By integrating real-time name verification directly into the payment process, Confirmation of Payee systematically dismantles the core mechanics of many common payment scams. Confirmation of Payee checks names in real time during payments. This breaks down how many common payment scams work. Its effectiveness lies in creating a crucial checkpoint that exposes fraudulent activity before any financial loss occurs. This proactive intervention is a game-changer for preventing fraud at its source.

Preventing Vendor Impersonation Scams

In a vendor impersonation scam, fraudsters pose as a legitimate supplier to trick a business into making a payment to a fraudulent account. They might create a nearly identical email address or even call the accounts payable team pretending to be a representative of the supplier. With CoP, when the AP team enters the fraudulent bank details provided on fake invoices, the system will immediately return a "No Match" result. This undeniable discrepancy between the legitimate vendor’s name and the scammer's account name serves as a powerful red flag, stopping the fraudulent payment in its tracks.

Safeguarding Against Business Email Compromise (BEC)

Business Email Compromise is one of the most damaging forms of cybercrime, relying on the interception and manipulation of legitimate communications. A fraudster might compromise a supplier’s email account and send doctored or fraudulent invoices with their own banking details. Without CoP, an unsuspecting AP clerk might process the payment, believing the request is genuine. Confirmation of Payee disrupts this chain. The moment the altered account details are entered for payment, the name check will fail, alerting the user that the intended payee name ("Legitimate Supplier Pty Ltd") does not match the name on the fraudulent account. This provides a critical, automated defence against BEC.

Identifying Fake Vendors and Fraudulent Supplier Setups

Criminals sometimes attempt to set up completely fake companies to defraud businesses, creating professional-looking websites and fraudulent invoices to appear legitimate. When onboarding a new "supplier" like this, a business would traditionally rely on the documents provided. With CoP, the verification happens at the first payment. If the fraudster provides account details that are in a personal name or a different company name, CoP will flag the mismatch. This forces a halt to the onboarding and payment process, preventing the business from ever engaging financially with the fraudulent entity.

Mitigating Payment Redirection Fraud and Other Invoice Scams

At its heart, nearly all invoice fraud relies on Payment Redirection. The scammer's goal is to divert a legitimate payment into their own account. CoP directly targets this single point of failure. Whether the redirection is achieved through phishing, a compromised email account, or social engineering, the outcome is the same: the Account Name and Account Number will not align. The "No Match" alert from CoP acts as a strong, automatic stop. It stops wrong payments and protects businesses from big money losses caused by these scams. These scams are a serious and growing problem.

Impact of Confirmation of Payee on Payment Security

The introduction of Confirmation of Payee in Australia marks a significant milestone in the fight against payment fraud. This is not just a small update. It changes how payment security works. It moves verification from a weak, manual process to an automatic, built-in protection. For businesses, CoP provides a powerful and essential tool to protect against devastating losses from invoice fraud and Business Email Compromise. For individual customers, it offers peace of mind that their money is going to the right person.

While CoP is a critical layer of defence, it is most effective as part of a comprehensive security strategy. Businesses must keep building a culture of security awareness. They should train staff to spot phishing attempts. They must also keep strong controls to check changes to supplier details. Combining this powerful new tool with robust internal processes and ongoing employee education creates the strongest possible defence against the ever-evolving landscape of payment fraud.

Frequently Asked Questions

What is Confirmation of Payee (CoP) in Australia?
Confirmation of Payee is a free, real-time account name-checking service rolled out by Australian banks and developed by Australian Payments Plus (AP+). When you make a payment to a new payee or a new account, CoP checks that the account name you entered actually matches the name registered to that BSB and account number at the receiving bank. It is designed to stop invoice fraud, payment redirection scams, and accidental misdirected payments before the money leaves your account.
When will Confirmation of Payee be available in Australia?
Confirmation of Payee is now active and widely available as of December 2025. Major banks including CommBank, NAB, ANZ, Westpac, HSBC, and Macquarie rolled it out progressively from July 2025, achieving near-universal coverage (over 95% of personal accounts). Full industry coverage is on track for completion in 2026 under the government's Scam-Safe Accord.
Is Australia's Confirmation of Payee the same as the UK version?
No. While the name is similar, Australia's CoP is a locally built solution with different rules, match logic, and outcomes. The Australian version is generally considered more payer-friendly because it shows you the actual registered account name in "Close Match" situations (the UK usually does not).
What are the possible results when I make a payment?
You will usually see one of three outcomes: Match (everything lines up perfectly, you can pay with confidence), Close Match (the names are very similar, e.g. 'Jon Smith' vs 'John A Smith', and the bank shows you the exact name on the account so you can decide), or No Match (the name you typed does not match the account at all. This is a major red flag and you should stop and verify directly with the payee).
My supplier is a sole trader and banks in their personal name, but the invoice shows their business name. Will CoP block the payment?
Yes, it will almost certainly show "No Match", and that is intentional and correct. The supplier has given you the wrong account name on their invoice. They listed their business/trading name (e.g., "ABC Plumbing"), but the bank account is actually registered in their personal name (e.g., "John Smith"). CoP is doing its job by flagging the discrepancy. For the first payment you will need to confirm it is legitimate (ideally by calling the supplier on a known number). Once you are satisfied, you can proceed and future payments to the same account will usually go through smoothly.
Will CoP stop every single scam?
No single tool can stop 100% of scams, but CoP closes the biggest hole that most invoice fraud and BEC scams rely on, which is the ability to redirect a payment to a different account name. If the scammer cannot make the account name match the supplier's name, the payment gets flagged.
I run a small business. Do I have to do anything to prepare for CoP?
Yes, three quick actions: (1) Check that the account name your customers see on invoices exactly or very closely matches the name registered on the bank account. (2) If you are a sole trader or use a personal account, consider adding your trading name as a reference or nickname with your bank (many now allow this). (3) Train your accounts payable team. A 'No Match' or 'Close Match' is not automatically bad, it is information. Teach them to call the supplier on a known number to verify before overriding.
Does Confirmation of Payee work with batch payment files (ABA, CSV uploads, payroll files, etc.)?
Unfortunately not yet at most banks. As of December 2025, CoP checks are performed only on payments entered individually or in small groups through internet banking, mobile apps, or accounting software integrations. Large batch files (e.g., payroll or supplier payment runs) are generally not checked in real time. A few banks and some accounting packages are starting to add pre-upload validation, but full batch support across the industry is still in development.
Can customers see my full account number or sensitive details?
No. The service only exchanges the account name and never reveals the recipient's full account number or balance.
What happens if I ignore a "No Match" warning and pay anyway?
Most banks will still let you proceed (it is an Authorised Push Payment), but they will make you actively confirm or override the warning. If it later turns out to be fraud, the bank is far less likely to reimburse you because you overrode a clear warning.
Is Confirmation of Payee mandatory?
Using the check itself is not mandatory for customers, but banks are required to offer it under the Scam-Safe Accord. In practice, once it is live in your banking app or platform, you will see the warnings automatically.

Ready to get started?

Share this article

Help more teams discover practical vendor compliance insights.

LinkedInX (Twitter)Facebook