An article written by an academic has appeared on multiple media platforms last week implying that NPP Australia does not have mechanisms in place to protect PayID from the risk of cyberattacks and data breaches.
To clarify, NPP Australia treats the risk of security breaches with utmost priority, which is why the Platform was designed and built with security and fraud front of mind. The central infrastructure is certified to the highest data security standards and monitored 24-hours-a-day, seven-days-a-week. At the same time, participating financial institutions have always been required to have data security controls in place at the Platform’s ‘entry points’ to monitor, detect and shut down any attempts to misuse the PayID service.
NPP Australia works closely with participating financial institutions to continually tighten and uplift these controls across the ecosystem, such as: recently making technical controls, like automated lockouts, prescriptive; uplifting our assurance processes to ensure ownership at a senior executive level; and verifying the effectiveness of controls through independent testing of end points (ie. financial institution mobile and/or internet banking applications that incorporate PayID).
Financial institutions that don’t comply with these requirements can be suspended from accessing the PayID addressing service, as well as being liable to recently introduced non-compliance charges.
If you have any concerns, we encourage you to speak to the financial institution that you have your PayID registered with.