Payment Fraud Index: Australia 2026

Total scam losses in Australia reached A$2.18 billion in 2025, up 7.8% from A$2.03 billion in 2024, according to the ACCC's National Anti-Scam Centre. That figure combines data from Scamwatch, ReportCyber, AFCX, IDCARE and ASIC. Payment redirection fraud. where attackers intercept or impersonate supplier communications to redirect payments. accounted for A$166.8 million of that total, up 9.3% on the prior year. These figures represent reported losses only and are likely an undercount given known under-reporting.

The ACCC recorded A$166.8 million in payment redirection (BEC) losses in Australia in 2025, up from A$152.6 million in 2024. For small businesses specifically, false billing and payment redirection were the most reported scam type, with A$2.0 million in reported losses from 2,228 Scamwatch reports. BEC attacks target the payment approval process directly, typically by impersonating a supplier or executive to request a bank account change or urgent payment.

481,523 combined scam reports were lodged across Australian reporting agencies in 2025, a slight decrease of 2.7% from 494,732 in 2024. Reports are captured across Scamwatch, ReportCyber, AFCX, IDCARE and ASIC. The fall in report volume alongside a rise in total losses suggests individual incidents are becoming higher value, consistent with more targeted and sophisticated fraud methods.

Yes, and Australian workers already feel it. Eftsure's 2026 Payment Security Survey found 90% of Australians believe AI-generated scams are harder to detect, and 82% are actively concerned about AI-assisted fraud. The ACCC's National Anti-Scam Centre has identified AI as a key driver of rising scam sophistication, noting it makes significant scams harder for consumers to recognise. For finance teams, AI removes the low-quality signals that previously flagged suspicious payment requests, making independent verification of supplier bank details more important than ever.

Payment redirection fraud occurs when an attacker intercepts a legitimate payment by impersonating a supplier or internal executive and requesting a change to bank account details. The request typically arrives by email and appears to come from a known contact. Once the payment is made to the fraudulent account, recovery is rare. In Australia, payment redirection fraud is also referred to as business email compromise (BEC) and false billing fraud. It was the most reported scam type by small businesses in 2025 and cost Australian organisations A$166.8 million across the year.