From 1 July 2026, any organisation that sends branded text messages in Australia has to register its sender ID with the Australian Communications and Media Authority (ACMA). A branded sender ID is the business name that appears at the top of a text instead of a phone number. From that date, messages sent from an unregistered branded sender ID will display the word "Unverified" rather than your business name, and they will be grouped with other unverified senders in a single thread that signals possible scam activity.
For finance and AP teams, the value of the register is in understanding what it protects, and what it leaves exposed. It closes one impersonation channel at the edge of the business. It does nothing to stop the type of payment fraud that actually drains accounts payable.
Why the register is being introduced now
SMS impersonation is one of the most common ways a scam reaches a victim. Criminals send texts that appear to come from a bank, a government agency or a well-known brand, then rely on the recipient trusting the name at the top of the message. The register removes that tactic by tying every branded sender ID to a verified, traceable organisation.
It sits inside the Australian Government's broader Fighting Scams work and complements the existing Reducing Scam Calls and Scam SMS Industry Code, which already requires telcos to trace and block scam messages. Eftsure's 2026 AU payment security survey found that 48% of Australians encountered a phishing email or text message in the past 12 months. When that many people are being targeted through the same channel, an "Unverified" label gives recipients a fast, visible signal about which messages to distrust.
What is actually changing
The change is the registration requirement itself. ACMA's SMS Sender ID Register means branded sender IDs must be registered to keep displaying as the organisation's name.
From 1 July 2026, texts from registered sender IDs continue to appear with the brand name shown. Texts from unregistered branded sender IDs are labelled "Unverified" on the recipient's device, and ACMA has confirmed these messages will be grouped together in one thread alongside other unregistered senders, including likely scams. The practical effect is that an unregistered message looks less trustworthy at exactly the moment you want a customer or supplier to act on it.
Who is affected and by when
The requirement applies to any business or organisation that sends texts to Australian numbers using a branded sender ID. The path to register depends on the entity:
- Organisations with an ABN register through their telco or messaging provider, and the sender ID has to align with a registered business name, company name, trade mark or domain name.
- Organisations without an ABN, such as community groups or schools, register through certified telcos under a separate process.
- International organisations sending to Australia, and any entity without an ABN, can only register sender IDs through certified telcos.
Registration is handled by the messaging or telco provider rather than directly with ACMA. Providers including Optus have been working with organisations ahead of the deadline.
What this means for your finance team in practice
For finance leaders, the register is worth understanding but easy to keep in proportion. It is a genuine improvement to the consumer-facing scam ecosystem, and it makes SMS impersonation harder. What it doesn't do is verify whether a payment your team is about to make is going to the right bank account.
That distinction matters because the fraud that hits finance teams hardest doesn't arrive by branded SMS. It arrives as a routine-looking request to change a supplier's bank details, often from a genuine supplier email account that has been compromised.
The gap the register doesn't close
This is the part finance teams need to sit with. The register, like the other recent improvements across banks and regulators, strengthens the controls around your business. None of them reach the controls inside it.
A sender verification framework can stop a criminal texting your customers under your brand. It does nothing to stop a genuine supplier's email account being compromised and used to request a bank account change. As we set out inAustralia is closing the scam gap, but the payment gap remains, each new control addresses a different point in the fraud lifecycle, and fraud succeeds in the spaces between them.
Risk professionals call this the Swiss cheese model. Every control has holes. Protection comes from layering controls so the holes rarely line up. Australia's banks, telcos and regulators have added important layers over the past year. The layer still missing for many organisations sits inside the accounts payable function: the check that confirms a supplier's bank account genuinely belongs to that supplier before money moves. Eftsure's 2026 AU research found that 25% of Australians had encountered a fake invoice or payment request, the fraud type that targets this exact gap.
How Eftsure closes the payment gap
This is where Eftsure fits into the broader fraud prevention ecosystem. While banks, telcos and regulators reduce risk around the edges, Eftsure gives finance teams end-to-end verification of who they are paying before funds leave the business.
Eftsure independently verifies supplier bank account ownership against multiple authoritative sources, flags high-risk changes such as bank detail amendments before a payment is processed, and applies these checks at scale so they don't slow the AP team down. Verified payments are backed by a guarantee of up to A$1 million per customer, subject to Eftsure's standard terms and conditions. The point isn't to replace the controls the register adds. It's to cover the part of the payment lifecycle the register was never designed to touch.
You can see how it works in a demo.
The control that sits closest to your payments
Treat the register as what it is, one more layer at the edge of the business. The fraud that costs AP teams the most still arrives as a routine request to change a supplier's bank details. That risk is solved inside the business: independently verifying account ownership before you pay, treating every bank detail change as a high-risk event, and making sure no single person or inbox can move money without scrutiny.
Australia's scam defences are getting stronger by the month. The question for finance leaders is whether the controls closest to your own payments are keeping pace.
Frequently asked questions
What is the SMS Sender ID Register?
It is a register run by ACMA that records the branded sender IDs organisations use to send text messages in Australia. From 1 July 2026, branded sender IDs must be registered for messages to keep displaying the organisation's name rather than an "Unverified" label.
Who needs to register a sender ID?
Any business or organisation that sends texts to Australian numbers using a branded sender ID. Organisations with an ABN register through their telco or messaging provider, and the sender ID must align with a registered business name, company name, trade mark or domain name. Organisations without an ABN and international senders register through certified telcos.
What happens if a sender ID isn't registered?
From 1 July 2026, messages from unregistered branded sender IDs will be labelled "Unverified" and grouped with other unregistered senders, including likely scams. This makes legitimate messages look less trustworthy and easier to ignore.
When does the change take effect?
1 July 2026, when the "Unverified" labelling begins. Registration is handled through messaging or telco providers.
Does the SMS Sender ID Register protect my business from payment fraud?
No. The register reduces SMS impersonation aimed at consumers. It does not verify whether a supplier's bank account details are legitimate before you pay them, which is where most payment fraud against finance teams occurs. That gap is closed inside the AP process through independent verification of supplier bank account ownership.
Find out why continuous controls help close remaining business gaps for businesses, and how to test and implement your own.
