Eftsure extends payment verification to insurers and super funds as CPS 230 reshapes third-party risk expectations
SYDNEY – Eftsure, the global leader in payment fraud prevention, has expanded its multi-layered verification platform to Australian insurers and superannuation funds. The platform now protects claim payouts, broker and intermediary payments, vendor and panel-vendor transactions, and member-facing superannuation payouts.
The expansion comes as APRA’s Prudential Standard CPS 230 changes operational risk expectations across the sector. The standard places greater emphasis on third-party verification, operational resilience, and audit-trail evidence.
Insurers and super funds manage complex payment environments. Every payment workflow creates a potential attack surface, while every verification process presents an opportunity for fraudsters to exploit weaknesses.
CPS 230 raises expectations for payment controls
APRA’s CPS 230 Operational Risk Management standard took effect on 1 July 2025. The regulation applies to insurers and superannuation funds and requires organisations to manage third-party risk, maintain operational resilience, and prove that controls work effectively.
The same expectations extend to payment verification processes. Organisations must demonstrate that payment controls operate as intended when funds leave the business. Eftsure provides verification records at the payee-payment layer to support those requirements.
“In the past year, we have seen payments that customers believed were verified turn out to be fraud,” said Michelle Cram, Vice President of Customer Operations at Eftsure. “A single layer of verification is not enough for finance and AP teams processing large volumes of payments to policyholders, brokers, and panel vendors. AI tools and large language models are helping fraudsters identify control gaps in minutes rather than weeks, and they are using AI to sharpen their technical and psychological tactics at the same time.”
Payment fraud continues to grow across Australia
Australia lost $166.8 million to payment redirection scams during 2025, according to the ACCC‘s Targeting Scams report.
At the same time, business email compromise and funds transfer fraud account for approximately 60 percent of cyber insurance claims worldwide.
The threat became highly visible in April 2025 when cybercriminals targeted five major Australian super funds, including AustralianSuper, Australian Retirement Trust, Hostplus, Rest, and Insignia Financial.
Attackers used credential stuffing techniques to access member portals. AustralianSuper confirmed that attackers accessed 600 member accounts, while combined losses reached $750,000.
As a result, AFSA introduced mandatory fraud controls that took effect in August 2025. These measures include multi-factor authentication, electronic identity verification, and ongoing member validation.
Why single-layer verification is no longer enough
Cram said many organisations still depend on controls that only validate information once.
“A major vulnerability is over-reliance on surface-level validation,” Cram added. “Bank statements, phone confirmations, and one-off name-and-account matches can all be fabricated or manipulated. Point-in-time controls validate information once, rather than continuously across the payment lifecycle. They cannot tell you whether you are dealing with a fraudster impersonating a customer, a broker, or a vendor.”
Traditional controls often fail to detect account changes or new risk indicators that emerge after the initial verification process.
Continuous monitoring strengthens payment verification
Eftsure’s expanded verification engine validates each payee by confirming identity, bank account ownership, and changes to banking details before payments proceed.
The platform also extends continuous monitoring capabilities beyond traditional B2B vendor verification. It now covers individual payees, including policyholders, brokers, and smaller panel vendors.
This approach helps organisations identify suspicious activity before releasing funds.
“We’ve seen instances where cybercriminals attempted to impersonate legitimate customers and redirect payments to fraudulent bank accounts,” said a spokesperson for Mercer. “The sophistication of these attacks continues to evolve, and it reinforces the importance of independently verifying payment details and strengthening controls around where funds are ultimately being transferred.”
Industry collaboration aims to reduce fraud
The Insurance Council of Australia is developing a national AI-powered fraud detection platform alongside EXL and Shift Technology through the Insurance Crime Intelligence Network of Australia.
The initiative reflects growing recognition that organisations need greater visibility across the industry to identify organised fraud schemes.
Eftsure contributes to that approach through cross-network visibility at the vendor-payment layer. The platform helps insurers and super funds detect suspicious payment patterns and prevent fraudsters from reusing compromised accounts.
Eftsure expands protection across financial sectors
Eftsure already works with Australian insurers and recently signed an agreement with one of the largest insurance companies in the United States.
The company also provides services to NDIS providers, recruitment firms, credit unions, mortgage brokers, and digital marketplace operators.
Its payment guarantee remains available subject to standard terms and conditions.
About Eftsure
Eftsure is the global market leader in payment fraud prevention. Specifically designed for businesses, Eftsure’s end-to-end solution safeguards hundreds of billions of dollars in B2B payments every year, made to vendors located in over 40 jurisdictions. Powered by global cross-checking and dedicated verification teams, Eftsure gives organisations greater control over vendor onboarding and payment processes, helping ensure that businesses do not pay the wrong people.
Stay Informed With Cyber News Live
Cyber threats are constantly evolving, and staying informed is critical to protecting your organisation.