News

Why businesses love Direct Debits - and why scammers might too

Recent cases are raising broader questions about onboarding, identity verification, and payment authorisation controls in New Zealand.

Jo Barriball
Why businesses love Direct Debits - and why scammers might too

Why direct debits are widely used

In the New Zealand business landscape, the Direct Debit is a staple. It’s the set and forget hero of gym memberships, insurances, power bills, and subscription services. But while businesses love the consistency and customers love the convenience; scammers are finding cracks in the system.

At GetVerified, we’ve been talking to businesses who have been blindsided by Direct Debit fraud. Here’s what you need to know about how this scam works and why your business might be at risk.

For a legitimate business, Direct Debits are great for operational efficiency, they mean:

  • Lower fees: Account-to-account transfers are generally cheaper than credit card processing.
  • Cash flow: It reduces "days outstanding" and the need to chase bad debts.
  • Seamless reconciliation: Payments arrive with uniform reference details every time.

Those same benefits attract scammers

They target the system because funds can be pulled automatically, and if a consumer doesn’t check their statements regularly, the theft can go unnoticed for weeks or even months.

The core of the issue lies in the onboarding process. Scammers are signing up for services using stolen identities and bank account numbers that don’t belong to them.

What recent cases are highlighting

Recent public reporting has highlighted cases where individuals say direct debits were established against their bank accounts but that they never authorised them.

While the specific circumstances differ case by case, the broader concern emerging across industries is that fraudsters are exploiting weaknesses in onboarding and identity verification processes.

In some scenarios, scammers may:

  • Impersonate legitimate businesses or individuals,
  • Provide genuine bank account details belonging to another party, often providing what appears to be legitimate bank documentation to prove account ownership, or
  • Exploit situations where authority over an account is not adequately verified.

The energy company example

Take the recent story published in Stuff involving an energy company. A customer was shocked to find over $7,000 charged to their account via a fuel card they never applied for.

When the victim contacted their bank, they were told they had "authorised" the payment.

Because the energy company was a "preferred initiator," the bank’s system allowed the transaction through.

While this investigation continues, we’ve heard similar stories from clients where the scammer had scraped the victim's details off the internet, set up the Direct Debit, and walked away with thousands of dollars in services - leaving the business - and the innocent account holder, to pick up the pieces.

The "invisible" victim

Usually, when we think of scams, we think of a person being tricked into sending money. In this scenario, the victim is both the person who’s account, the money is extracted from, as well as the business offering the Direct Debit.

In the case of a Direct Debit fraud the bank looks to the business to provide a valid, signed (or verified) authority. If you can’t prove the person who signed up was the actual account holder, the business usually loses the money to refund the victim.

How can businesses protect themselves?

Account verification is an absolute game changer for businesses signing up customers for Direct Debits. Our clients are already strengthening their Direct Debit onboarding proceses by implementing these three layers of defence:

  1. Ensuring a Match on every account: Before a new customer is signed up, they use GetVerified's account verification tools to verify if account details provided are a Match with their bank (or otheraccount issuers) records.
  2. Or, in the exception where there is a Partial Match result: Seek verifiable evidence to ensure that the account is owned by the person signing up for a Direct Debit.
  3. Building verifiable links: Especially in B2B scenarios, evidence the individual signing the form actually has the legal authority to move funds out of that business account.

Find out more about account verification with GetVerified. We’re trusted by New Zealand’s banks, businesses and government agencies and our Confirmation of Payee solution gives you greater confidence you know who you're paying, before you pay.

Share this article with a friend.

HomePaying someoneGetting paidFAQYour bankNews and resourcesAbout usStart a conversation
© 2026 GetVerified
Website Terms and Conditions