OpenAI announced it is working with Australian Payments Plus (AP+) to explore ways AI can help protect Australians from scams and fraud across digital payments. Here’s why it matters and how businesses can act now.
Why this matters
Australia’s payment rails are fast, convenient, and increasingly targeted by impersonation and investment scams. A collaboration between an AI leader and the operator behind PayID, BPAY, eftpos, and the NPP signals a push to embed safety into everyday transactions.
For consumers, that could mean smarter warnings and fewer successful scams. For banks, fintechs, and merchants, it points to new tools for detection, response, and customer education.
What the collaboration could focus on
- Impersonation detection: Flag suspicious language, audio deepfakes, and social-engineering patterns across chat, email, and calls.
- Real-time transaction safeguards: Nudge users with context-aware prompts before risky transfers; step-up verification on anomalous behavior.
- Data-loss prevention: Block leakage of sensitive details (account numbers, one-time codes) in AI-powered support channels.
- Consumer education at the edge: Deliver timely, plain-English guidance inside banking apps when risk signals spike.
- Shared evaluation and safety benchmarks: Help the ecosystem measure and improve model behavior against scam tactics.
What businesses should do now
- Map scam journeys: Identify points where customers are pressured to move money fast; add interstitial “Are you being rushed?” checks.
- Instrument signals: Track device, session, and behavioral anomalies; route high-risk flows to step-up verification.
- Protect payee setup: Use allowlists and verify with PayID where possible; delay first-time high-value payments.
- Human-in-the-loop: Require agent review for flagged transfers or when AI is uncertain.
- Red-team your bots: Test prompts for jailbreaks and social engineering; log and retrain on failed cases.
- Minimize sensitive data: Tokenize PII in prompts; set strict data retention and access controls.
- Plan incident response: Pre-draft customer messaging, refund logic, and regulator notifications for rapid execution.
A minimal “scam guard” flow
- Detect: Model scores intent (pressure, urgency, unfamiliar payee) and device risk in real time.
- Interrupt: Show an inline warning with a 10–30 second delay and a clear “Why we flagged this” explanation.
- Verify: Step-up with passkeys or out-of-band confirmation for first-time or edited payees.
- Escalate: Route to a trained human agent if the user insists or risk remains high.
Risks and limitations
- False positives: Overzealous blocks frustrate customers; tune thresholds and allow overrides.
- Privacy: Keep prompts free of raw account data; use field-level redaction and audit trails.
- Model drift: Re-evaluate prompts and classifiers as scams evolve.
- Adversarial adaptation: Expect scammers to probe for weaknesses; continuously red-team.
- User fatigue: Rotate warning language and only interrupt on material risk.
- Compliance: Align with Australian regulatory expectations and scheme rules.
Sources
- OpenAI announcement: OpenAI x Australian Payments Plus
- Australian Payments Plus (AP+): Official site
- ACCC Scamwatch (Impersonation scams): Guidance and updates
Takeaway
The OpenAI–AP+ collaboration is a signal: AI safety will be built into Australia’s payment experiences. Don’t wait—start instrumenting risk signals and humane guardrails now.
Get more concise, practical AI insights in your inbox. Subscribe to The AI Nuggets newsletter.

