Payment Fraud Prevention Policy¶
| Code | PAY-005 |
| Domain | Payments & Settlement |
| Owner | Head of Payments |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD06 |
| Review date | 2027-03-25 |
Regulations: ePayments Code · ABA Banking Code · NZ Banking Code · Scam-Safe Accord¶
Purpose¶
Govern real-time fraud detection, velocity controls, scam-bank obligations under the AU Scam-Safe Accord, and step-up authentication requirements for high-risk payment instructions. Defines the controls the platform must apply to prevent, detect, and respond to payment fraud across all channels and jurisdictions.
Scope¶
All outbound payment instructions initiated by customers across NZ and AU, including domestic transfers, international transfers, card transactions, and direct debit authorisations.
Policy statements¶
Every outbound payment instruction SHALL be scored for fraud risk before execution. The fraud scoring engine SHALL return a score and decision within 200 milliseconds. No payment instruction SHALL proceed where the fraud engine is unavailable — the instruction SHALL be queued or rejected with a clear customer notification.
The platform SHALL apply velocity controls to all outbound payments. Velocity rules SHALL cover: transaction count per period, cumulative value per period, new payee limits, and channel-specific limits. Velocity thresholds SHALL be defined by risk appetite and reviewed at minimum annually.
Where a fraud score or velocity signal indicates elevated risk, the platform SHALL apply a step-up authentication challenge before the instruction is authorised. The step-up challenge SHALL be proportionate to the risk signal and SHALL be logged with the outcome. A failed step-up challenge SHALL block the instruction.
In accordance with the AU Scam-Safe Accord obligations, the platform SHALL:
- Apply confirmation of payee checking to NPP payments where the recipient is a new or unverified payee.
- Provide a mandated scam warning for payment instructions to new payees above the threshold defined in the Accord.
- Offer a 24-hour hold option for customer-identified suspicious payments.
- Maintain a real-time data sharing connection to the Australian Financial Crimes Exchange (AFCEX) or equivalent fraud intelligence network where operationally required by the Accord.
The platform SHALL maintain a mule account detection capability. Accounts exhibiting pass-through or structuring behaviour SHALL be flagged, restricted, and escalated to the AML team in accordance with AML-001.
All fraud-related payment blocks, score outcomes, step-up authentication events, and customer warnings SHALL be recorded in the immutable transaction log. Fraud case management SHALL be integrated with the operational incident response process.
Where a customer has been a confirmed scam victim, the platform SHALL initiate a reimbursement assessment in accordance with the applicable Accord or customer code obligations. Reimbursement decisions SHALL be documented with supporting evidence.
The fraud scoring model SHALL be reviewed for accuracy and bias at minimum every six months. Model drift that results in false positive rates exceeding defined thresholds SHALL trigger an urgent remediation review.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-007 | Account state machine | GATE |
Fraud-flagged account automatically restricted pending investigation |
| MOD-020 | Pre-payment validation suite | GATE |
Fraud score gate applied before every payment — high-risk payments blocked or challenged |
| MOD-021 | Payment limit & velocity controller | GATE |
Velocity limits prevent account takeover fraud patterns — enforced automatically |
| MOD-023 | Transaction fraud scorer | AUTO |
Fraud model runs on every transaction — not sampled. Score and decision logged. |
| MOD-024 | Device & session intelligence | ALERT |
Account takeover signals detected at device level before payment is attempted |
| MOD-078 | Card & account controls | GATE |
Card freeze executed immediately from the app removes a compromised card from the fraud attack surface without delay — no call centre required. |
| MOD-119 | BPAY payment integration | AUTO |
BPAY transactions are passed through the transaction fraud scorer before submission; high-risk transactions are held for review. |
| MOD-120 | PayID and Osko integration | AUTO |
All Osko payment initiations pass through the transaction fraud scorer with additional real-time rules for new-payee high-value transfers. |
| MOD-122 | NZ faster payments and A2A integration | AUTO |
NZ interbank payments pass through the transaction fraud scorer before submission; high-risk payments trigger a review hold. |
| MOD-123 | ATM network integration | AUTO |
ATM withdrawal requests are screened by the transaction fraud scorer using device and location signals; anomalous requests trigger a decline or step-up challenge. |
| MOD-144 | Confirmation of payee — account name verification | GATE |
Payee name is verified against the destination account before the customer can confirm any outbound payment — name mismatch or no-match result is shown and must be acknowledged before proceeding. |
| MOD-145 | Payment hold & friction engine | AUTO |
High-risk payments are automatically held pending customer reconfirmation or staff review — hold prevents immediate loss in the event of a scam or fraud attempt. |
| MOD-149 | Scam intelligence reporting & reimbursement | LOG |
Scam typology reports and mule account intelligence are submitted to the ABA Scam Intelligence Hub on a defined schedule — intelligence sharing obligation met automatically. |
Part of Payments & Settlement · Governance overview
Compiled 2026-05-22 from source/entities/policies/PAY-005.yaml