How do I verify supplier bank details in Australia?

Verify supplier bank details by checking the ABN, validating the BSB, calling the supplier on a trusted number, requiring a second approval, and saving evidence before payment.

Is a BSB lookup enough to verify supplier bank details?

No. A BSB lookup confirms the bank or branch, but it does not prove the account belongs to your supplier or that a change request is legitimate.

What should I do if a supplier changes bank details?

Pause payment, do not rely on the email, call a known contact using a trusted number, document the verification, and require manager approval before updating records.

Can Xero verify supplier bank account ownership?

Xero can store supplier contact and payment details, but finance teams still need independent controls to verify account ownership and approve risky changes.

How to Verify Supplier Bank Details in Australia

The National Anti-Scam Centre reported $2.18 billion in combined scam losses in 2025, with payment redirection scams among the top five scam types by loss. For finance teams, that risk often appears as one simple request: “Please update our supplier bank details before the next payment.”

That is why every Australian SMB using Xero needs a repeatable process to verify supplier bank details before money leaves the account. A BSB check, a familiar email thread, or a neat PDF invoice is not enough on its own.

In this article:

Why verify supplier bank details before payment
Can you verify supplier bank details with a BSB lookup
Step-by-step process to verify supplier bank details
How to handle changed supplier bank details in Xero
Supplier bank details verification checklist
Related reading
Conclusion

Why verify supplier bank details before payment

Payment redirection fraud works because it attacks normal finance routines. A criminal impersonates a supplier, compromises a supplier mailbox, or alters invoice payment details so your next payment goes to the wrong account.

The invoice may look real. The supplier name may be familiar. The request may even sit inside an existing email thread.

That is what makes supplier bank account verification an accounts payable control, not just a cyber security task. The risk sits at the point where supplier master data, invoice approval, and payment release meet.

The National Anti-Scam Centre Targeting Scams Report 2025 reported $166.8 million in payment redirection losses in 2025. The same report recorded 481,523 scam reports across combined reporting sources.

For a small finance team, one misdirected supplier payment can mean a cash flow shock, a supplier dispute, an insurance claim, and an awkward board conversation. The practical goal is simple: slow the payment down long enough to prove the bank details are safe.

Verification matters most when:

A new supplier is added.
A supplier asks to change BSB or account details.
An invoice contains different bank details from the supplier record.
A payment is urgent, large, or unusual.
The request arrives by email only.
A staff member is asked to bypass the normal approval process.

If your team already uses Xero, the control should happen before bank details are changed in the supplier contact record and before bills are included in a payment batch.

Can you verify supplier bank details with a BSB lookup

A BSB lookup is useful, but it does not fully verify supplier bank details.

The AusPayNet BSB lookup can help confirm whether a BSB belongs to a particular financial institution or branch. That can catch obvious errors, fake-looking numbers, or details that do not match what the supplier claims.

But a BSB lookup does not confirm account ownership. It does not tell you whether the account name matches the supplier. It does not prove that the email requesting the change came from the supplier.

That distinction is important. Many finance teams say they have “verified” an account when they have only checked that the BSB exists.

Treat verification as four separate questions:

Is the supplier real? Check the ABN, business name, GST registration where relevant, website, known contacts, and supplier history.

Are the bank details plausible? Check the BSB, account number format, bank name, and whether the details match previous supplier documentation.

Did the supplier genuinely request the change? Confirm through an independent channel, not by replying to the same email or calling the number in the message.

Has the business approved the risk? Require a second person to review the evidence before bank details are changed or a payment is released.

The strongest process combines data checks, human confirmation, and approval controls. No single check is enough.

Step-by-step process to verify supplier bank details

Use this process for new suppliers, first payments, and any supplier bank account change. It is designed for lean Australian finance teams that need something practical, not a procurement policy that nobody follows.

1. Start with the supplier identity

Confirm the supplier’s legal entity before reviewing payment details. Search the ABN, business name, trading name, GST status, and address.

This step helps catch fake suppliers, lookalike entities, and invoices that use a legitimate brand name but different payment instructions.

If the supplier is already in Xero, compare the invoice against the existing contact record. Look for changes to business name, email domain, postal address, phone number, and bank details.

2. Compare the invoice to existing records

Check whether the invoice bank details match the supplier record in Xero and the details used for previous payments.

If the details are different, do not assume it is a harmless update. Treat it as a bank detail change request, even if the email does not describe it that way.

This is also where internal links between payment controls matter. If your team is reviewing supplier setup more broadly, our guide to accounts payable internal controls for small business is a useful companion.

3. Validate the BSB, then document its limits

Use a trusted BSB lookup to confirm the bank and branch details. Save a note showing the date checked, the BSB, and the result.

Do not record this as “account verified”. Record it as “BSB checked”. That wording matters because it prevents staff from treating a format check as proof of ownership.

4. Call the supplier using a trusted number

Call the supplier using a number from a known source, such as an existing contract, the supplier’s official website, prior onboarding records, or a previously verified contact list.

Do not use the phone number in the email requesting the change. Do not rely on a reply within the same email thread. If the mailbox has been compromised, the attacker may respond convincingly.

During the call, confirm:

The supplier contact’s name and role.
The reason for the new or changed bank details.
The BSB and account number.
The account name.
The invoice number or payment reference affected.
Whether future invoices will use the same details.

Keep the call short and procedural. You are not accusing the supplier of anything. You are protecting both businesses from a payment mistake.

5. Require a second approval

No one person should be able to receive a bank detail change request, update Xero, and release the payment without review.

For small teams, the second approver can be the business owner, finance manager, controller, or an external bookkeeper. The approver should review the invoice, supplier record, BSB check, call note, and any supporting evidence.

This control is closely related to segregation of duties. If your team has only two or three finance users, see our AP segregation of duties matrix for small finance teams for practical ways to split responsibilities without slowing every payment.

6. Save evidence in one place

Your verification evidence should be easy to find later. Store it against the supplier record, bill, approval note, or internal ticket.

A useful record includes:

Who requested the change.
How the request arrived.
Who performed the BSB check.
Who called the supplier.
Which trusted number was used.
Who approved the update.
When Xero was updated.
Which payment run included the first payment.

This turns supplier verification from a memory-based habit into an auditable control.

How to handle changed supplier bank details in Xero

Changed supplier bank details are higher risk than new supplier setup because the business relationship already feels trusted. Staff are more likely to act quickly, especially when the supplier is known and payment is due.

Xero’s own support documentation explains how to edit a contact, but the fraud control happens before that edit is made. The key question is not “can we update the field?” It is “should we trust the request?”

A safe Xero workflow looks like this:

Pause the bill or payment batch if bank details differ from the supplier record.
Check who requested the change and how the request arrived.
Compare the request against previous supplier records and payment history.
Validate the BSB.
Call the supplier using a trusted number.
Save the verification note.
Get second approval.
Update the Xero contact only after approval.
Review the first payment after the change clears.

You should also review Xero permissions. Staff who can create contacts, edit supplier details, approve bills, and prepare payments have a powerful combination of access rights.

If that access is necessary, add compensating controls. For example, require a second person to approve all supplier bank detail changes, or run a weekly review of contact changes and payment runs.

The Scamwatch business email compromise guidance is often searched by businesses after an incident, but finance teams should build controls before an incident occurs. The best time to create the workflow is before the urgent invoice arrives.

Supplier bank details verification checklist

Use this checklist whenever you need to verify supplier bank details before payment. It can be copied into your accounts payable procedure or used as an approval note.

Supplier identity

ABN checked.
Business name matches the invoice and supplier record.
Supplier contact is known or independently confirmed.
Email domain looks consistent with previous correspondence.
Any unusual urgency or wording has been noted.

Bank detail check

BSB checked using a trusted Australian source.
Bank name appears plausible for the supplier.
Account number format reviewed.
Account name recorded.
Difference from previous bank details clearly noted.

Independent confirmation

Supplier called using a trusted number.
Number did not come from the suspicious email or invoice.
Contact name and role recorded.
BSB and account number confirmed verbally.
Confirmation saved against the supplier, bill, or internal approval record.

Approval and Xero update

Second approver reviewed the evidence.
Xero contact updated only after approval.
First payment after the change flagged for review.
Payment batch checked before release.
Verification record retained for audit.

This checklist should feel routine. If it only appears after a suspected fraud event, it will be too late.

Conclusion

To verify supplier bank details in Australia, do more than check whether a BSB exists. Confirm the supplier identity, validate the bank details, call a trusted contact, require second approval, and keep evidence before changing Xero or releasing payment.

The process does not need to be heavy. It needs to be consistent, especially when a supplier changes bank details by email or an invoice arrives with unexpected payment instructions.

OutflowGuard helps Xero-based finance teams monitor supplier bank detail changes, add dual approval, and keep an audit trail when payment risk appears. If your current process relies on memory, spreadsheets, or one person noticing a change, it is worth tightening before the next payment run.