Call-back Control Procedure Template

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Call-back controls are among the most important measures to mitigate your organisation’s exposure to the risk of fraud. In this call-back control procedure template, we explore a 5-step checklist designed to ensure you are implementing call-backs correctly.


In this template, we explore how to do call-backs the right way in this 5-step checklist:

  1. Independently source phone number
  2. Multiple verifications of phone number
  3. Initiate calls via outbound line
  4. Verify identity of authorised third-party
  5. Verify validity of bank account information


Call-backs are among the most important controls any organisation can implement to mitigate the risks of fraud. But implementing call-back procedures correctly is a challenge for many organisations.

Many AP teams aren’t trained in how to conduct call-backs or ensure complete security during the verification process. Furthermore, several AP teams may process an EFT payment that could be sent to the wrong recipient if an incorrect BSB & account number are entered.

This may result in flawed procedures that leave you exposed to scams.

That’s why a correct call-back system is an essential security control that helps accounts payable departments ensure they are paying invoices to the correct payee.

Follow this call-back control procedure template to ensure your AP team is following industry best-practice when conducting call-back verifications.

This Guide Includes:

  • Understanding and recognising the correct way of doing a call-back procedure
  • Best practices for each control activity according to each control process

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.