Tag: PayID

Westpac Confirms Abuse of New Payments Platform PayID

Westpac has confirmed that the bank “detected mis-use” of the New Payments Platform’s PayID feature and “took additional preventative actions which did not include a system shutdown.” Via Computerworld.

Fairfax Media yesterday revealed details of the incident, citing a confidential Westpac memo that said around 60,000 NPP PayID lookups were made from seven compromised Westpac Live accounts. Around 98,000 “successfully resolved to a short name and this was displayed to the fraudster,” the memo said, according to Fairfax.

“No customer bank account numbers were compromised as a result,” a spokesperson for the bank told Computerworld in a statement. “Westpac Group takes the protection of customer data and privacy extremely seriously.”

The NPP was launched in February 2018. The platform enables real-time transfers between banks as well as a number of other features including data-enriched transactions. As of February this year, more than 75 financial institutions supported system, with 52 million account holders able to make payments via the NPP, according to NPP Australia, which maintains the platform.

PayID is the platform’s addressing service. It allows payments to be directed using an alternative identifier, such as an email address, ABN or phone number, rather than using a BSB and account number.

“NPP Australia has firm regulations in place that require participating financial institutions to monitor, detect and shut down any attempts to harvest data from PayID,” an  NPP Australia spokesperson said. “NPP Australia is working closely with Westpac on this matter.”

“No financial details or credentials are available from the PayID database, and therefore none of these details have been compromised,” the spokesperson said. “The only details obtained have been the account name which was designed to be returned to a legitimate enquiry.”

A PayID can’t be used to withdraw funds and “on its own cannot be used to create a false identity,” the spokesperson said.

“While this incident was unacceptable, the information obtained would be readily available in other public places,” the spokesperson said. “All participating financial institutions are on notice and may apply additional security controls if deemed necessary.”

“PayID was designed to provide more reassurance during the payments process; it enables a payer to see the name associated with a PayID to reduce the risk of a mistaken payments or scam,” the spokesperson said.

Why your bank will ask you to pick a ‘PayID’

From The New Daily.

From October this year, bank customers will be able to replace their clunky BSB and account number with an email address or mobile phone number, according to experts.

This ‘PayID’ will be a crucial part of Australia’s new payments system, which will allow almost instant bank transfers, 24 hours a day, 365 days a year.

The Reserve Bank, which operates the ageing system that clears payments between accounts, has been busily working for years with big players in the industry on the billion-dollar ‘New Payment Platform’ or ‘NPP’.

There’s plenty of complicated stuff happening behind the scenes, but one of the main things Australians should know is that, from October, they’ll be able to pick a PayID for each bank account they want to receive super-fast payments into.

NPP Australia CEO Adrian Lovney told The New Daily that the PayID concept will make account numbers easier to remember, and remove the risk of accidentally sending money to the wrong person.

“It makes payments more intuitive and simpler because users will be able to provide payers details which are easy to remember such as an email address or phone number,” Mr Lovney said.

“This offers greater peace of mind as people no longer have to rely on providing financial account information, such as a BSB and account number, to payers so they can receive payments.

“And services that use PayID may display a PayID name before you send a payment as an additional level of confirmation that you are sending money to the right person.”

So, if a family member wants to send you money or you’re splitting the bill at a restaurant with friends, you can simply tell them to type your PayID into their online banking and, in about 15 seconds, the money will be in your account.

The new system will be so fast and simple, it has been speculated that credit cards and cash will lose popularity.

It was built by the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which also built Australia’s current payment system in 1998.

It will allow real-time processing for all ‘push’ payments (such as wages, welfare payments, bill payments or transfers to friends and family), but won’t speed up ‘pull’ payments made on debit and credit cards.

Payments expert Nathan Churchward, whose employer Cuscal is one of the 13 companies working on the new system, predicted that PayID could become as popular a brand name to Australians as Google and Uber.

He gave a real-world example: he recently bought $2500 worth of tickets for a group of friends and accidentally gave them all his wrong bank account number. Their payments bounced back and he was left wondering why no one was paying up.

“I work in banking. You’d think I’d be able to remember my account and BSB. But I can’t!” Mr Churchward told The New Daily.

“With PayID, if you get the mobile number wrong, it will ask you if you want to pay ‘Joe Bloggs’ and you’ll realise and won’t proceed.”

Businesses also won’t have to “splash” their bank details all over the internet, where fraudsters lurk, he said.

Cuscal’s hot tips on PayID

  • You can’t pick a random number. Banks will probably require a mobile phone number, email address, Australian Business Number (ABN) or Australian Company Number (ACN)
  • You can set multiple ‘PayIDs’ for the one bank account. For example, your mobile phone number and email could both be linked to the same transactions account
  • However, you can’t link the same PayID to multiple accounts
  • Every PayID will be changeable. So if you get a new phone number, you’ll be able to ask your bank to change your PayID to the new number
  • If you switch to a new bank, you’ll be to reuse an old PayID. But any direct debits you’ve set up won’t automatically transfer across
  • Some institutions may restrict PayIDs to specific account types. So you might be able to link to a debit card account, but not a mortgage offset or term deposit
  • Your institution may not offer PayID straight away in October