Need to know
- PayID is promoted as a way to avoid scams when making payments, but criminals are targeting its users to steal from people selling items online
- Experts say scammers are exploiting a lack of awareness of PayID and how it works
- PayID can be safe and easy to use and there are easy-to-spot signs to help you identify and avoid a PayID scam
It's been hailed as a way to keep us safe from scams, but PayID has now become a weapon in criminal attempts to fleece Australians of their hard-earned money.
Experts say scammers are exploiting a lack of awareness of this payment system in order to rip Australians off.
Here, we'll explain what PayID is, how and why it's being hijacked by scammers, and how you can use it safely.
PayID is a function offered by over 100 banks and financial institutions across Australia which allows you to send money to somebody just by using their phone number, email address or some other identifier.
PayID is a fast money transfer function available to most bank customers.
Most banks offer PayID as a transfer method on their app or website and the other person usually receives the money within a minute.
The system allows you to make sure your money is going to the right person or organisation, as the verification process when entering a new PayID shows you the name associated with that identifier.
You can also receive money by giving others a phone number, email address or other identifier that you've registered as your PayID with your bank.
"It's a way for you to get your money quickly, instantly, and more easily and safely," says Dr Angel Zhong, an associate professor and finance researcher at RMIT, who says she finds using PayID easier than sharing BSB and account number information.
PayID was launched in 2018 as a function of the New Payments Platform (NPP), a system designed by banks to allow for faster transactions in Australia. According to the Reserve Bank of Australia (RBA), by 2022, around 10 million PayIDs had been registered.
RBA research from the same year found around half of Australians had heard of the service and 30% had used it in the preceding 12 months.
CHOICE member Andrew Ward occasionally sells second-hand bikes and other equipment through online marketplaces and uses PayID, saying he finds it convenient.
PayID has been championed by the RBA for reducing the risk of fraud by showing you the name of the person you'll be paying
"It just happens instantly," he explains, describing his experience of using the service to receive money from buyers. He also finds it safer than using cash when trading expensive items.
As well as being more convenient than BSB and account number transfers (which require you to correctly enter 15 digits), PayID has also been championed by the RBA for reducing the risk of fraud by showing you the name of the person you'll be paying.
Australian Payments Plus (AP+), the organisation responsible for PayID and the NPP, says PayID's scam-stopping powers are evident in the fact that one in four people using it have either stopped or amended a payment because the process allowed them to see they had entered incorrect details.
PayID scams were responsible for over $260,000 in losses in 2022. So how is a service endorsed as a protection against scams being used to rip people off?
You're most likely to encounter a PayID scam when selling second-hand goods on online classified sites such as Gumtree and Facebook Marketplace. The criminals running the scam take to these forums to try to sow and exploit confusion about how PayID works. Here's how the scam typically goes, although there are a number of variations.
1. Scammer asks to buy your product (usually very quickly)
Scammers will contact you, saying they want to buy your item. They likely then won't go through the usual motions of online trading, such as haggling over price or trying to arrange to inspect the product before purchasing it.
CHOICE member Beth Keating encountered many of what she believes were PayID scammers when attempting to sell unwanted furniture.
"The first inkling of a problem was the speed at which these potential buyers responded, some in under 10 seconds," she recalls, picking up on a phenomenon experts say occurs due to scammers using specially built software to trawl classified sites for listings.
"They also usually didn't want to inspect the items or couldn't inspect them and requested that you put up a 'sold' sign immediately," she adds.
2. Scammer insists on paying with PayID
Beth also soon encountered another hallmark of the scam – the purported buyer wanting to pay for the item in advance and only using PayID.
"That also made me suspicious about some of those people, that they would not entertain any other form of money transfer except for PayID."
3. Scammer claims there's an issue with your PayID
Andrew Ward has also come across plenty of suspicious queries about PayID in the course of his selling and says the nature of the scam starts to emerge when you provide the scammer with your PayID.
PayID scammers may claim you need to 'upgrade' your account via a costly and convoluted process and will create fake emails from PayID to support this. Source: supplied.
"They might say they have a business or professional [PayID] account or it didn't come through and you need to check your email," he explains. "If you check, there's an email that looks very much like a bank email saying there's a problem with your PayID"
These emails or SMS messages are made to look like they're coming from a bank or PayID itself, but are actually from the scammer and are designed to lend weight to their claims that there is a problem with the seller's PayID.
Scammers will commonly say, as in Andrew's experience, that your PayID needs to be "upgraded" to a "business" account.
The fake emails and messages deployed as part of the scam will usually direct you to collaborate with the phoney buyer to resolve the issue – a process which will involve an extra payment.
4. Scammer claims they've resolved the issue and asks for reimbursement
Once you've received this phoney message, the scammer will then usually say they have paid for the necessary upgrade out of their own pocket and ask you to reimburse them, often for hundreds of dollars.
They may also claim to have a minimum transaction limit on their account that is more than the cost of the product being exchanged and ask you to reimburse the difference.
In reality, PayID is free and doesn't have these sorts of conditions or account tiers. It will also never contact users directly.
"Any email or SMS purporting to be from PayID is a scam," an AP+ spokesperson tells CHOICE.
"Consumers will never have to pay money to receive a payment via PayID."
Therefore, any money sent to a buyer in an effort to smooth out a PayID transaction is going to a scammer.
CHOICE has spoken to several finance and cyber security experts and their common conclusion is that a lack of awareness of PayID among consumers is leading to it being co-opted by criminals.
Experts say scammers are exploiting public confusion about how PayID works.
"We don't know enough about PayID to reassure ourselves that there is no such thing as upgrading, that no one will contact us from PayID and there's no charges involved in using it," says Professor Steve Worthington from Swinburne University's business school.
The RBA is also acknowledging a lack of awareness of PayID, recently noting consumers have been slower to adopt it than it had expected.
Zhong says people who don't know anything about PayID and haven't yet registered with the service are a prime target for scammers.
"They can offer it and use it to lure people into their scam by saying: 'OK, I'm using PayID, I will help you activate your PayID.'"
People who don't know anything about PayID and haven't yet registered with the service are a prime target for scammers
Experts say these vulnerabilities could be reduced if the organisations responsible for PayID marketed and educated people about it more effectively.
"I think PayID and the NPP could do a much better job of promoting it," argues Paul Haskell-Dowland, professor of cybersecurity practice at Edith Cowan University.
"I think they're actually quite well-placed to do a national-based campaign, perhaps in tandem with the banks to really push the benefits of the platform."
An AP+ spokesperson tells CHOICE uptake of PayID continues to grow, saying there were 18 million PayIDs in Australia as of November 2023. They also say scammers are targeting the service because it's trusted by the public.
Additionally, AP+ says it's carrying out "marketing campaigns" and working with banks and government to ensure "simple messages" about how PayID does and doesn't work reach "as many people as possible".
Trying to sell something online? Protect yourself from criminals by getting to know the signs of a PayID scam.
Beware of prospective buyers who:
- contact you very soon after you've posted your ad, wanting to buy the item without inspecting it or negotiating on price
- are keen to pay for the item straight away without seeing it and say someone else will come and pick it up later
- only want to pay for the item using PayID and won't consider other methods.
If you've given your PayID to a potential buyer, be on alert for the following:
- The buyer claiming you don't have the right PayID account for the transaction and saying it needs to be upgraded.
- The buyer claiming there is some other issue with your PayID account and telling you to look for an email or message from PayID or your bank.
- An email or message claiming to be from PayID or your bank saying there's an issue with your PayID account or that it needs to be upgraded and that this can be resolved for a cost.
- The buyer saying they will pay out of their own pocket to resolve an apparent issue with the PayID process and asking you to reimburse them.
- The buyer claiming you need to pay them to somehow facilitate the PayID process.
- The buyer offering to help you set up PayID if you don't have it already.
These are all signs of a potential PayID scam. PayID is a free service that doesn't allow you to pay for "upgrades" or require any payment to set up, register or otherwise operate. You will also never receive communication from PayID directly.
If you encounter anybody claiming otherwise, break off contact with them immediately, as they are likely trying to steal your money or personal information.
If you have lost money or information to a scam, there are steps you should take straight away. See more with our guide to the five steps to take if you've been scammed.
If you follow the advice above, PayID can be safe to use and you can't be scammed just by giving someone your PayID.
"If somebody has your PayID-registered email address or mobile phone number, the only thing they can do with that is pay money into your account," explains Paul Haskell-Dowland.
You can reduce your risk of being targeted by a PayID scam by only using it to pay (or receive payment) from someone who is with you in person.
You can reduce your risk of being targeted by a PayID scam by using it in person.
In the case of buying or selling items, this means meeting up with the other party and conducting the PayID transfer while the product is being exchanged.
PayID scammers will avoid doing this, often because, contrary to their claims, they aren't located in your local area and may even be overseas.
Rather, they will want to pay in advance and remotely, so they're better able to confuse you from afar with impersonation emails or text messages.
Experts do note, however, that it's important to remember that meeting in person comes with its own risks and so does sharing any personal information.
Because our PayIDs are often our phone numbers or email addresses, they can be used by people to distribute unwanted material, such as spam texts or emails.
Therefore, it's important to consider the risk of this when sharing your PayID with someone.
Stock images: Getty, unless otherwise stated.