New Zealand’s banking sector is moving to address the country’s rising scam crisis. In April 2025, the New Zealand Banking Association (NZBA) announced changes to the Code of Banking Practice, introducing stronger scam prevention measures and a new reimbursement model for affected customers.
It’s a welcome step, particularly as scams become the country’s fastest-growing crime. But while these measures offer important consumer protections, they fall short of addressing the risks businesses face—especially those managing large volumes of supplier payments.
Scams are now costing New Zealanders an estimated $2 billion annually, including losses from phishing, investment fraud, and increasingly sophisticated business email compromise (BEC) and invoice redirection scams.
By contrast, the most recent Q4 2024 report from CERT NZ recorded just $6.8 million in reported scam losses—up 24% from Q3, but representing only a fraction of the broader picture. Just 72 of those reports came from businesses, despite New Zealand having over 600,000 registered enterprises as of 2024.
This underreporting suggests many scams are either going undetected or are being quietly absorbed as operational losses—leaving finance teams unaware of the true extent of the threat.
Under the revised Code, banks are now obligated to reimburse customers up to $500,000 in cases where they fail to issue adequate scam warnings, identify clear red flags, or prevent high-risk transactions.
These protections are being implemented across all NZBA member banks over the next seven months. However, they are designed for individual customers—not business accounts. For organisations, the risks remain.
Consumer protections are an important first step. But they don’t reflect the fraud risks faced by medium to large enterprises—particularly those operating in sectors with large and frequently changing supplier networks.
Businesses remain exposed to:
These scams are often highly convincing, using genuine-looking invoices, authentic email domains, and forged documentation to deceive finance teams. Reimbursement policies typically don’t apply in these contexts. A recent alert from New Zealand’s National Cyber Security Centre warned of phishing attacks exploiting Microsoft OneDrive and SharePoint links—underscoring the growing threat to business systems.
The UK was one of the first markets to introduce systemic scam protections. In 2020, it rolled out Confirmation of Payee (CoP), which verifies account names before a payment is processed. Today, it protects more than two million payments each day.
New Zealand’s reimbursement reforms mirror this shift in responsibility. But the UK experience shows that while these tools help, they aren’t enough. APP scams still rose by 22% the same year CoP was introduced, with nearly 150,000 cases reported.
The lesson is clear: even with system-wide protections in place, scams evolve. Technology alone can’t solve the problem—particularly when it comes to business payments.
Relying on reimbursement or basic verification tools is not sufficient. CFOs and financial controllers must adopt proactive, layered strategies to safeguard payment processes.
Key actions include:
New Zealand’s new scam reimbursement scheme is a step forward—but it’s not a safety net for businesses.
Finance teams in complex environments need more than after-the-fact remedies. They need visibility, control, and proactive tools to prevent fraud before funds leave the account. Like audit and compliance, fraud protection must be part of the finance function’s core capability—because the cost of inaction is growing, fast.
Eftsure has spent over a decade helping business leaders safeguard payments from onboarding through to payment execution. Now, that protection expands with Eftsure Guarantee—offering up to $1 million in coverage for verified payments lost to social engineering scams.
Eftsure Guarantee includes:
Up to $1 million protection on verified payments
Proactive fraud prevention that validates vendor payment details before payment
Seamless integration with Eftsure’s existing verification processes—no extra steps, just extra protection
The FBI’s 2024 Internet Crime Report reveals a sharp rise in cyber-enabled fraud, with reported losses reaching $16.6 billion, up 33 percent …
Discover key 2025–26 Budget updates on cyber, compliance & digital ID—what finance leaders need to know to protect payments and stay audit-ready.
Payment redirection scams surged 66.6% in 2024. What CFOs and finance teams need to know now to stop losses before they happen — insights from ACCC data.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
