The quiet giant: Confirmation of Payee hits 100M uses
Vericode · 12 March 2026
A hundred million name checks across eighty-two institutions. Eighteen months ago this was a quiet project. In July it was two major banks switching something on. Today it looks like infrastructure.
That is the first part of the story.
The second part lands on the same day. AFCA’s receiving-bank jurisdiction takes effect, bringing the bank that receives scam funds into the complaint frame. The old pattern was too easy to summarise: the sending bank dealt with the customer and the receiving bank could feel like scenery. That shape is changing. The bank whose account took the money now has a clearer answerability problem.
Put those two things together and the frame shifts.
Confirmation of Payee reduces one class of mismatch before payment. It asks whether the account name belongs with the BSB and number in front of the customer. AFCA’s receiving-bank change increases pressure after the fact. It asks what responsibility sits with the institution that hosted the destination account.
One control sits before the transfer. One accountability change sits after it. Both point at the same principle: payment trust is no longer just the sender’s burden.
That is a large change for a system that used to treat account numbers as enough. The payment rail was built to move money to the details supplied. Fraud exploited the gap between correct details and honest context. Confirmation of Payee narrows that gap. Receiving-bank accountability makes the gap more expensive to ignore.
The voluntary part should not be missed. Australia did not begin this with a single hard mandate across every institution. The larger banks moved. Industry coordination did its work. Coverage expanded. The result is not perfect, but one hundred million checks across eighty-two institutions is a serious proof point for the Australian habit of building trust controls through coordinated rollout.
That does not mean voluntary always works. It means this one has moved far enough and fast enough to deserve credit.
There is still a limit. Confirmation of Payee checks who the customer is paying. It does not check why they are paying. It does not know whether a caller persuaded them to move the money. It does not know whether a supplier email was compromised, whether a family member was impersonated, or whether the person on the phone used true leaked facts to make a false story feel safe.
That distinction matters because the back half of the scam chain is now getting crowded with controls. Payee checks. Bank warnings. Transaction monitoring. Mule-account disruption. AFCA jurisdiction. The Scams Prevention Framework heading toward 1 July. These are all ways of making the movement of money harder to abuse.
The front half is still messier.
The front half is the ad, message, call, compromised email, account recovery flow, support desk interaction and social pretext. It is where the victim is convinced before the system sees a payment. It is where information leakage becomes confidence. It is where the person on the other end of the line sounds legitimate because they arrived with enough truth.
Confirmation of Payee does not solve that. It was not built to. Its value is that it shows what happens when a trust question is moved from the customer’s judgement into the infrastructure around the action.
That is the model worth carrying forward. The posture more than the mechanism. Ask the trust question where the risk becomes real, make the answer visible before the damage is done, give institutions clear responsibility when the system lets obvious abuse through.
A hundred million name checks later, that idea is no longer theoretical. Now we figure out who answers for the call that started it.