PayTo Fraud Risks in Australia: What Banks Need to Know in 2025

PayTo is revolutionising payments in Australia, but it is also creating new fraud risks that demand smarter detection strategies.

Australia’s payments landscape is evolving rapidly. The introduction of PayTo, a digital payment service built on the New Payments Platform (NPP), promises faster, smarter, and more secure payments for consumers and businesses. With PayTo, customers can authorise third parties to initiate payments directly from their bank accounts, improving convenience and efficiency.

But with innovation comes risk. Fraudsters are already targeting PayTo’s new infrastructure with sophisticated scams and laundering schemes. For banks, fintechs, and payment providers, understanding PayTo fraud risks in Australia is essential to protecting customers and meeting AUSTRAC’s compliance requirements.

What is PayTo?

PayTo is an NPP service that allows businesses and authorised third parties to initiate real-time payments directly from customer bank accounts.

Key features include:

• Real-Time Payments: Funds move instantly.
• Customer Authorisation: Customers approve payment agreements through their banking app.
• Enhanced Transparency: Customers can view and manage payment agreements in real time.

PayTo is designed to replace direct debit systems with a faster and more customer-friendly solution.

Why PayTo is a Fraud Target

1. Instant Transfers

Like NPP, PayTo enables real-time settlement, giving banks little time to reverse fraudulent transfers.

2. Authorised Push Payment (APP) Scams

Fraudsters trick victims into approving fraudulent payment agreements, bypassing controls.

3. Synthetic Identities

Criminals use fake or stolen identities to set up fraudulent PayTo agreements.

4. Business Email Compromise (BEC)

Scammers impersonate vendors, convincing businesses to authorise fraudulent PayTo arrangements.

5. Mule Accounts

PayTo can be exploited to quickly move funds through mule networks before detection.

Key PayTo Fraud Risks in Australia

1. Compromised Authorisations
   Fraudsters manipulate customers into approving payment agreements.
2. Fake Merchants
   Shell companies create fraudulent PayTo agreements to receive illicit funds.
3. Account Takeover Fraud
   Criminals hijack legitimate accounts and set up PayTo arrangements.
4. Overcharging Schemes
   Fraudulent businesses use PayTo to debit higher amounts than agreed.
5. Cross-Border Laundering
   Funds moved via PayTo can be layered through remittance channels or offshore accounts.

Red Flags for PayTo Fraud

• Customers creating multiple PayTo agreements in a short period.
• Agreements linked to newly opened or high-risk accounts.
• Payment amounts inconsistent with stated business purpose.
• Transfers to accounts with no history of business activity.
• Customers disputing authorisations shortly after approval.
• Rapid pass-through transactions with no balance retention.

AUSTRAC Compliance and PayTo

AUSTRAC requires reporting entities to:

• Monitor PayTo transactions in real time.
• File Suspicious Matter Reports (SMRs) for unusual agreements or payments.
• Maintain records of authorisations and transactions.
• Integrate PayTo into AML/CTF programs and risk assessments.

Failure to adapt compliance frameworks to PayTo could expose banks to regulatory penalties.

Best Practices for Managing PayTo Fraud Risks

1. Strengthen Onboarding Controls
   Verify merchants and businesses rigorously before allowing PayTo arrangements.
2. Adopt Real-Time Monitoring
   Monitor PayTo agreements and transactions continuously, not in batches.
3. Leverage AI and Machine Learning
   Use adaptive models to detect anomalies in PayTo usage.
4. Educate Customers
   Raise awareness of PayTo scams, particularly APP and BEC fraud.
5. Collaborate Across Industry
   Share typologies and intelligence through networks like the AFC Ecosystem.
6. Audit Regularly
   Conduct reviews to ensure PayTo controls are effective and compliant.

Case Example: Community-Owned Banks Adapting Early

Community-owned banks are taking proactive steps to incorporate PayTo into their compliance frameworks. By adopting advanced platforms, they ensure their customers benefit from PayTo’s convenience while remaining protected from fraud risks.

Spotlight: Tookitaki’s FinCense for PayTo

FinCense, Tookitaki’s compliance platform, is designed to handle real-time payment innovations like PayTo.

• Real-Time Detection: Monitors PayTo agreements and transactions instantly.
• Agentic AI: Learns from evolving PayTo fraud typologies.
• Federated Intelligence: Accesses global scenarios contributed by compliance experts in the AFC Ecosystem.
• Regulator-Ready Reporting: Automates SMRs, TTRs, and IFTIs for AUSTRAC.
• Integrated Case Management: Tracks PayTo-related investigations with full audit trails.
• Cross-Channel Coverage: Links PayTo monitoring with NPP, cards, wallets, and remittances.

By using FinCense, Australian banks can turn PayTo into a secure advantage rather than a compliance challenge.

Future of PayTo Fraud Detection in Australia

1. Deeper AI Integration: AI will play a critical role in spotting fraud in milliseconds.
2. Cross-Border Collaboration: Fraud rings often operate internationally, requiring intelligence-sharing networks.
3. Stronger Customer Controls: Banks will offer more tools for customers to monitor and cancel agreements.
4. Expansion to New Sectors: As PayTo adoption grows, new fraud typologies will emerge.
5. Regulator-Driven Innovation: AUSTRAC will continue pushing for advanced fraud detection tools.

Conclusion

PayTo is a major step forward for Australia’s payments system, offering transparency and convenience for consumers and businesses. But fraudsters are quick to exploit new technologies, making PayTo a high-risk channel for scams and laundering.

Banks must act now to integrate PayTo into their compliance frameworks. Community-owned banks show that strong fraud prevention is achievable at any scale. Platforms like Tookitaki’s FinCense combine AI, federated intelligence, and regulator-ready reporting to keep PayTo safe.

Pro tip: Every innovation brings risk. With the right compliance tools, PayTo can strengthen customer trust instead of exposing banks to fraud.