The NPP was designed and built with security front of mind. The central infrastructure is certified to the highest data security standards and monitored 24-hours-a-day, seven-days-a-week. Financial institutions can only offer services via the NPP if they comply with security requirements and have fraud controls in place.
NPP payments to either a BSB and account number or a PayID are made by logging into the internet and mobile banking application of a participating financial institution and authorising a payment. This means NPP payments are subject to the same fraud and security protections your bank uses for all of its internet and mobile banking transactions.
Verifying your PayID
When you create a PayID your financial institution will ask you to verify your identity to prove you are the rightful owner of the information you are basing your PayID on, as well as the account you are linking it to.
Payments to PayIDs have an additional confirmation step designed to reduce the likelihood of mistaken payments. This means that if a person is paying your PayID, they will see the name you have chosen to be shown with your PayID before the payment is confirmed. When you create a PayID you will also be asked to confirm what this name should be.
Financial institutions that offer PayID payments are required to have controls in place to monitor, detect and shut down any attempts to misuse the PayID service. This includes technical capabilities, such as automated locks outs, when usual activity is detected.
Remain alert to scams
Regardless of what payment method you use, you should always remain alert to scams that attempt to trick you into making a payment or handing over your online banking log in and password. Never give away your online banking details or passwords and always question unexpected emails or phone calls from people asking for money.
If you suspect you have been tricked into paying someone you should contact your financial institution immediately and report it to the police.
Regulating the NPP ecosystem
Financial institutions that don’t comply with NPP Australia’s fraud and security requirements can be stopped from accessing the NPP and the PayID addressing service. Failure to have controls on PayID misuse could result in significant fines under our mandatory compliance framework which you can read about in our regulations here.