What is Direct Debit fraud?
Direct Debit fraud occurs when a debit is taken from your account without the proper authority from you set out in a valid Direct Debit request.
Sometimes this has happened when BSB and account numbers published online or in a public document have been used via Direct Debit to debit accounts.
There are some steps you can follow to reduce the risk of this happening to your business.
Check your accounts regularly
We recommend you check your accounts regularly (preferably daily) for any suspicious or unauthorised transactions. Online banking is the quickest and easiest way to check your accounts, rather than waiting for account statements to arrive.
Block suspicious Direct Debits
If needed, you can ask us to block future Direct Debits from specific third parties. If you need to remove a block, please contact us.
Please note we can’t block all Direct Debits to your account. We can only block debits with the relevant Direct Debit User ID to identify the specific third party.
Avoid making account details public
One way to reduce the risk of fraud is to ensure you don’t make your account details publicly available. If your account details are publicly available (e.g. on websites or provided to third parties), we recommend you talk to your banker about setting up the following inward account structure.
Set up an inward account
Establish a separate business or corporate account to receive inward payments. This account can be made public, but here are some ‘rules’ around how you should use it:
- Don’t make outward payments from this account.
- Request all fees including any return items be posted to an operating account (refer below).
- Periodically transfer funds from this account to your operating account, using NAB Connect or Internet Banking.
You might also want to consider establishing an automatic balance transfer. You can ask your banker about a suitable product.
Set up an operating account
This account should be for normal business activity and is used as follows:
- Keep account details confidential.
- Make all outward payments from this account.
- Nominate this account as your fee account.
If you must make account details available in the public domain, only make the inward account details available.
This is a suggestion only and does not eliminate the risk of fraud. For further advice please speak to your banker.
Don’t recognise a Direct Debit on your account?
When checking your accounts if there is a Direct Debit you don’t recognise, notify us immediately.
This is how you can contact us:
- submit a transaction dispute online;
- contact us on 13 10 12; or
- contact your banker.
Dispute process for unrecognised Direct Debits
You can submit a transaction dispute using our online form.
Once you’ve lodged your dispute, we’ll work with the bank where the transaction was initiated to request evidence that they have the proper authority to debit your account.
They have five business days to provide us with an appropriate response, we’ll then advise you of the outcome.
Our transaction dispute page explains the process in more detail and provides information on what to do if you’re unhappy with the outcome of the dispute.
Rules and regulations governing Direct Debit
Direct debits are regulated by the Bulk Electronic Clearing System (BECS), opens in new window Procedures and Regulations. These rules place primary liability on the bank where the transaction was initiated (Initiating Bank) to demonstrate proper authority to debit your account.
Under the BECS guidelines direct debits made without proper authority from you are usually covered by the Initiating Bank. For further advice please speak to your banker.
Helpful resources
Australian Payments Network
The Australian Payments Network, opens in new window administers the Bulk Electronic Clearing System (BECS) for electronic debit and credit payment instructions. This includes information on the BECS regulations, procedures, and guidelines.
- Australian Government | Australian Cyber Security Centre (website link: ACSC | Cyber.gov.au, opens in new window)
The Australian Cyber Security Centre (ACSC), opens in new window brings cyber security capabilities from across the Australian Government together into a single location. It’s the hub for private and public sector collaboration and information sharing to combat cyber security threats.
- Australian Government | ReportCyber (website link: Report | Cyber.gov.au, opens in new window)
ReportCyber, opens in new window is a secure reporting and referral service for cybercrime and online incidents which may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.
- Australian Competition and Consumer Commission | Scamwatch (website link: Home | Scamwatch, opens in new window)
Scamwatch, opens in new window provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
- Australian Government | Office of the eSafety Commissioner (website link: Homepage | eSafety Commissioner, opens in new window)
The Office of the eSafety Commissioner, opens in new window provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.
Related articles
The basics of computer security
There are simple measures every business can put in place to avoid the risk of cyber-attacks.
Understanding the value of your business data
Protecting valuable business data from cyber crime is everyone’s business.
Managing online security as a business risk
Find out what security measures you can take to reduce risk to your business.
How to protect your business from online security threats
Online threats don’t have to turn into crimes with security controls in place.
Important information
Apologies but the Important Information section you are trying to view is not displaying properly at the moment. Please refresh the page or try again later.