• Emailenquiry@australialawwriters.com

Finance Law


Critically analyse the security of ePayment system in Australia, make suggestions for a better ePayment security system in Australia if possible based on relevant legislations and codes.



The rapid growth of technology has led to a gargantuan increase in electronic transactions, resulting in the rise of electronic Payments (Hassan, Md. 2020:2). These payment methods offer convenience and efficiency, but they are also vulnerable to security risks such as fraud, hacking, and disputes (Zhang, 2019:3). To address these concerns, the Australian Parliament enacted the "ePayments Code, 2011" to establish regulations and protect parties involved in unauthorized and mistaken ePayments. This paper critically analyses the security measures implemented by the Code and assesses their effectiveness. Additionally, it provides recommendations for enhancing the ePayment security system in Australia.


Adequacy Of The Epayments Code In Regulating Electronic Payments

The voluntary (The Treasury, 2021) ePayments Code, 2011 aims to regulate and enhance the security of various electronic transactions, including internet/mobile banking, online payments, and card-based transactions (ePayments Code, 2022). Most financial institutions in Australia have adopted this Code to provide an additional layer of security to consumers (ASIC, 2011). Despite existing financial services regulations like the ASIC Act and NCCP Act, the Code offers key protections such as passcode security, unauthorized transactions, mistaken payments, transparent disclosure of terms and fees, and a complaint resolution process. Some of these provisions are further analyzed below.


  • Enhancing the passcode security requirements:

The ePayments Code, 2011 imposes requirements on financial institutions to ensure that customers use secure passcodes for accessing electronic payment services. As per Clause 12.5 of the Code, some passcodes, such as those based on birthdates or easily identifiable with the user's name, may be prohibited. Clause 12.2 however, specifies three scenarios that would constitute a violation: voluntary disclosure of the code to others, storing the codes together with a device making the entire access method susceptible to simultaneous loss or theft, or recording all the codes on a single item or multiple items vulnerable to simultaneous loss or theft. Regarding the latter two cases, under Clause 12.3, users are allowed to record the codes, provided they take reasonable measures to safeguard the security of the record, either through code obfuscation or preventing unauthorized access. Further, extreme carelessness in passcode protection, such as storing them without adequate security measures, is prohibited (ePayments Code, 2022, cl. 12.4).


  • Measures regarding unauthorized transactions:

The ePayments Code has been further amended in 2022 based on the recommendations received by the banking institutions (ABA, 2021) so as to redefine “unauthorized transactions” and the rules regarding their determination. The ASIC has clarified such transactions to only be limited to those which are performed fraudulently by a third party and without the prior knowledge/ consent of the authorized user (ePayments Code, 2022, cl. 9.3). Clause 10 sheds further light on the liability obligations of the parties and absolves account holders from any liability for losses under certain circumstances. However, as per Clause 11, liability can be imposed upon the user if he was found to be involved fraudulently or through mishandling of passcodes in the transaction, if the user had shown extreme carelessness in leaving the card in an ATM, or if there was an unreasonable delay in the reporting of such losses.

There is an inevitable nexus between the provisions of clauses 11 and 12 and the 2022 code seeks to clarify it by providing for an express prohibition on disclosure of passcodes, which if breached, would inadvertently contribute to an unauthorized transaction. However, there must also be an objective demonstration of the balance of probability of how such disclosure of the passcode contributed to the loss on the part of the consumer (ePayments Code, 2022, cl. 12.6). 


  • Mistaken Payments:

The Code has laid out an exhaustive framework to deal with such transactions where funds are mistakenly transferred to another unintended user due to an error in the entry of bank account information or payment details (ASIC, 2021). While the 2022 Code does not apply to scam-related mistaken payments (ASIC, 2022), in order to ensure enhanced security for consumers, a new requirement has been included, mandating the prompt submission of a request, within a two-day period, to the Authorized Deposit-Taking Institution (ADI) (ePayments Code, 2022, cl.29). 


Furthermore, the scope of the Code has been expanded to include situations where only a portion of the funds is accessible in the unintended recipient's account. The amendments provide the ADI with the authority to determine the suitable course of action based on the circumstances, whether it involves returning the complete funds, a partial amount, or no funds at all.


Upcoming Challenges And The Way Forward

The ePayments Code has undergone updates to adapt to changes in the payments industry and tackle emerging challenges and technologies. The updated Code addresses a range of issues, there are still unresolved matters that need attention.

  1. Voluntary Nature of the Code: As the Code is voluntary, not all electronic payment providers are required to comply with its provisions, thereby making the success of the Code dependent upon industry collaboration (Tyree, 2017:380).
  2. Dispute Resolution Procedure: ASIC has also proposed a standardized complaints-handling framework mandating internal dispute-resolution procedures for all subscribers, associated with the AFCA. While this would streamline the process, it would nonetheless, restrict subscribers from implementing their own systems, potentially impacting global service providers aligning with existing or international protocols. (Mulligan et. al., 2021).
  3. Exclusion of Small Business: It is important to note that the ePayments Code remains optional and does not apply to smaller companies. This discrepancy is significant because the Code of Banking Practice protects consumers from liability for unauthorized transactions, but small businesses lack similar protection (Tyree, 2017:380).
  4. Inclusion of Biometrics: Specific regulations are necessary for biometrics, as consumers do not treat them as a secret like a password. The Code may also need to address concerns related to "extreme carelessness" by prohibiting users from granting third-party biometric access to personal electronic devices with digital payment methods or mobile banking access (Choi, 2022).



While the amendments could have brought out more strategic and practical changes to the way E-Payments are handled in the country, the 2022 changes nonetheless, represent long-discussed adaptations as Australian payment providers shift their focus towards embracing innovative services driven by mobile and other emerging payment systems. Such advancements are quintessential for enhancing Australia's payment ecosystem, particularly as it has been ranked 12th out of 14 regional countries in terms of mobile payment platform maturity, lagging behind its Asia-Pacific neighbors.



Would it be possible to make effective changes in relation to disclosure of Australia superannuation funds? Critically analyse the issues relating to disclosure requirements imposed on Australia superannuation fund, discuss its advantages and disadvantages of making these changes based on the relevant legislations.





Superannuation involves compulsory prescribed levels of monetary contributions made by employers to pension funds, providing post-retirement benefits to employees (ATO, 2022). These funds operate as trusts (Cowan v. Scargill), with trustees acting under APRA RES licenses. The trustees are responsible for the effective management of superfunds and their effective allocation of investment strategies (ASFA, 2022). Following the Cooper Report's recommendations, superannuation funds are now subjected to strict disclosure requirements to protect beneficiaries' interests (ASIC RG 181, 2004), which are outlined in legislations such as the Corporations Act 2001, SIS Act 1994, and APRA guidelines. This article aims to analyze the legal issues surrounding disclosure requirements and propose enhancements to its regulatory framework.


Mandatory Disclosures In The Interests Of Trust Fund Members

The regulatory framework for superannuation relies heavily on disclosure rules outlined in the Corporations Act 2001, which apply to various financial service providers. These rules aim to ensure transparency and informed decision-making. Here are some key aspects:


  1. Product Disclosure Guide and Advice:

Under Part 7.7 and Division 2 of Part 7.7A of the Corporations Act, financial advisors offering advice to retail clients must adhere to specific obligations. This includes providing a general advice warning, preparing a Financial Services Guide (FSG) for both general and personal advice, and developing a Statement of Advice (SOA) for personal advice (ASIC RG 175.3, 2021). The FSG informs clients about the financial services offered, associated fees, and complaint-handling procedures (ASIC RG 175.110-126, 2021) The SOA, on the other hand, provides detailed advice, reasoning, and discloses any conflicts of interest (ASIC RG 90, 2017). Trustees of superannuation funds under RG 175.20 have a duty to provide appropriate advice, disclose complete and accurate information, and prioritize clients' interests in case of conflicts. These requirements ensure that beneficiaries receive clear information about the funds, hence, enabling them to compare options and make informed decisions and receive advice aligned with their financial goals and needs.


  1. Product Disclosure Statement (PDS):

Part 7.9 of the Corporations Act 2001 outlines the regulations for the disclosure of financial products. It mandates the provision of a Product Disclosure Statement (PDS) that effectively communicates essential information to consumers. The PDS aims to facilitate understanding, enable product comparisons, and assist investors in making informed decisions. The regulatory guide emphasizes compliance with "good disclosure principles" (ASIC RG 168.5, 2021) to enhance consumer choices. Superannuation trustees are obligated to provide a PDS as per RG 168.9, which typically follows a concise format and covers specific information categories such as product details, how superannuation works, investment benefits, risks, fees and costs, taxation, and insurance options.


Mandatory Disclosures: A Necessary Evil?

  1. Arguments in favour (Advantages of Disclosure):

Mandatory disclosure requirements in the superannuation industry offer several benefits. They promote transparency and accountability by ensuring that trustees' actions are effectively scrutinized and their reporting is checked. These requirements also encourage member engagement and informed decision-making, while subjecting underperforming funds to competitive pressures (Hanrahan, 2018:39).


For instance, Section 29QB of the SIS Act mandates disclosure of specific information by RSE licensees, such as remuneration and governance details, on a designated website. This promotes accountability by allowing market intermediaries, gatekeepers, and fund members to access and utilize the disclosed information as they see fit (ASIC RG 252.3-5, 2014). It also facilitates the provision of information to potential and existing members throughout their membership and when they exit the scheme and ensures compliance with regulatory standards (The Treasury, 1997).


Similarly, to address concerns about transparency and align with global practices, the 2021 Portfolio Disclosure Holdings requirements mandate superannuation funds to disclose detailed information about their investments. This includes the identity, value, and weightings of investments across various asset classes and derivatives. By having access to this information, members can easily compare different products and select the most suitable fund for their needs.


  1. Arguments against disclosure (Disadvantages of Disclosure):

Despite the extensive disclosure requirements imposed on trustees by legislation such as the Corporations Act and the SIS Act, the current mandatory disclosure framework may not effectively achieve its intended policy goals. Much of the information that trustees are obligated to disclose to members or potential members lack meaningfulness and makes it nearly impossible to compare funds or make informed choices. 


The report by (McShane, 2018: 150-57) acknowledges that the discussions do not extensively cover broader framework questions related to the effectiveness of disclosure, specifically PDS-based disclosure, in influencing consumer decision-making. The report raises the question of whether there are alternative approaches that surpass the current system of segregated fee disclosure primarily based on point-of-sale documentation. Recognizing the challenges faced by consumers when considering cost impacts, the complexity of available information, and the limitations of supporting tools, it becomes difficult to have full confidence that the current regime is the optimal approach.


While some caution against imposing more rigorous disclosure requirements due to potential unnecessary costs, there are concerns about the integrity, utility, and value of excessive disclosure. The Australian Industry Group questions the trade-off between risks, costs, and value-added by extensive disclosure (Burn, 2007:67). RSE licensees also face challenges in determining the appropriate level of information to provide to beneficiaries. Balancing the costs of disclosure, commercial confidentiality, and the risk of political activism becomes complex (Vrisakis & Donald, 2022). 


Requisite Changes And The Way Ahead

The compulsory disclosure requirements in the superannuation system serve the purpose of ensuring its overall well-being. However, it is important to carefully consider the potential costs and burdens imposed on RSEs to avoid unnecessary strain. It is crucial to evaluate whether the disclosure requirements truly benefit superfund members in making informed decisions about their financial products.


For example, the disclosure requirements for 2021 portfolio holdings have been weakened instead of strengthened, which undermines the proper allocation and informational security of the funds. The limited disclosure of unlisted simple equities, providing only the name of the fund without additional information about the asset's quality, creates ambiguity and questions its credibility (Bourlioufas, 2022). On the other hand, implementing the proposed 2022 legislation that mandates itemizing each expenditure, including political donations, marketing, third-party advertisements, fees, and costs, may impose administrative burdens on trustees without significantly enhancing consumer decision-making or returns (Boyd, 2022). A balanced approach would be to disclose only an aggregated value of expenses to address both unwarranted costs and consumer accountability.


All in all, transparency and accountability have become expected norms, and effective superannuation fund management requires reasonable and objective disclosure of actions taken and intended by the RSE on behalf of its members. It is important to strike a balance between disclosure obligations and the interests of all stakeholders involved.



  1. ePayments Code 2022 (Cth). Available at: https://download.asic.gov.au/media/lloeicwb/epayments-code-published-02-june-2022.pdf [Accessed 8 May 2023].
  2. Corporations Act 2001 (Cth). Available at: https://ca2013.com/wp-content/uploads/2015/09/Corporations-Act-2001-Australia.pdf [Accessed 8 May 2023].
  3. Superannuation Industry (Supervision) Act 1993 (Cth). Available at: https://www.legislation.gov.au/Details/C2017C00052 [Accessed 8 May 2023].
  4. Australian Prudential Regulation Authority Act 1998 (Cth). Available at: https://www.legislation.gov.au/Series/C2004A00310 [Accessed 8 May 2023].


  1. Australian Securities & Investments Commission (ASIC) (2022) ePayments Code, ASIC, Australian Government. Available at: https://download.asic.gov.au/media/lloeicwb/epayments-code-published-02-june-2022.pdf. [Accessed 8 May 2023].
  2. Australian Securities & Investments Commission (ASIC) (2011) REGULATION IMPACT STATEMENT: ePayments Code, ASIC, Australian Government. Available at: https://oia.pmc.gov.au/sites/default/files/posts/2011/09/03-ePayments-Code-RIS.pdf [Accessed 8 May 2023].
  3. Australian Banking Association (ABA) (2021), Review of the ePayments Code: Further consultation, ABA, Australian Government. Available at: https://www.ausbanking.org.au/wp-content/uploads/2021/07/20210702-ABA-response-to-CP-341-ePayments-Code-review.pdf  [Accessed 8 May 2023].
  4. Australian Securities & Investments Commission (ASIC), (2021) CONSULTATION PAPER 34: Review of the ePayments Code: Further consultation, ASIC, Australian Government. Available at: https://asic.gov.au/media/eh2fceff/cp341-published-21-may-2021.pdf [Accessed 8 May 2023].
  5. Australian Securities & Investments Commission (ASIC), (2022) REPORT 718: Response to submissions on CP -341 Review of the ePayments Code: Further consultation, ASIC, Australian Government. Available at: https://download.asic.gov.au/media/f0tjuyqt/rep718-published-7-march-2022.pdf [Accessed 8 May 2023].
  6. Australian Securities & Investments Commission (ASIC) (2004) REGULATORY GUIDE 181 Licensing: Managing conflicts of interest, ASIC, Australian Government. Available at: https://download.asic.gov.au/media/1241003/rg181.pdf [Accessed 8 May 2023].
  7. Australian Securities & Investments Commission (ASIC) (2004) REGULATORY GUIDE 175 Licensing: Financial product advisers—Conduct and Disclosure, ASIC, Australian Government. Available at: https://download.asic.gov.au/media/lwymamxz/rg175-published-15-june-2021-22020915.pdf [Accessed 8 May 2023].
  8. Australian Securities & Investments Commission (ASIC) (2017) REGULATORY GUIDE 90 Example Statement of Advice: Scaled advice for a new client, ASIC, Australian Government. Available at: https://download.asic.gov.au/media/4567144/rg90-published-7-december-2017.pdf [Accessed 8 May 2023].
  9. Australian Securities & Investments Commission (ASIC) (2022) REGULATORY GUIDE 168 Disclosure: Product Disclosure Statements (and other disclosure obligations), ASIC, Australian Government. Available at: https://download.asic.gov.au/media/b1gpxbuq/rg168-published-06-july-2022.pdf Accessed 8 May 2023].
  10. Australian Securities & Investments Commission (ASIC) (2014) REGULATORY GUIDE 252 Keeping superannuation websites up to date, ASIC, Australian Government. Available at: https://download.asic.gov.au/media/1247177/rg252.pdf [Accessed 8 May 2023].
  11. The Association of Superannuation Funds of Australia Limited (ASFA) (2022) The Australian Superannuation Industry, ASFA. Available at https://www.superannuation.asn.au/ArticleDocuments/359/220912_Super%20industry%20Paper_V5.pdf.aspx?Embed=Y [Accessed 8 May 2023].
  12. Treasury.gov.au. (1997). Proposals for Reform: Paper No. 2 | Treasury.gov.au. [online] Available at: https://treasury.gov.au/publication/clerp-paper-no-2-proposals-for-reform-fundraising/proposals-for-reform-paper-no-2 [Accessed 11 May 2023].
  13. The Treasury (2021) Payments system review: From system to ecosystem, Australian Government, Available at: https://treasury.gov.au/sites/default/files/2021-08/p2021-198587.pdf [Accessed 8 May 2023].


  • BOOKS:
  1. Tyree, A.L. (2017). Banking law in Australia. Chatswood, N.S.W. LexisNexis Butterworths.
  1. Cowan v. Scargill [1985] Ch 270
  1. Hanrahan, Pamela (2018). ‘Legal framework governing aspects of the Australian Superannuation System: Background Paper 25’. Analysis & Policy Observatory, Available at: https://apo.org.au/sites/default/files/resource-files/2018-07/apo-nid184256.pdf [Accessed 8 May 2023].
  2. Hassan, Md. Arif (2020). ‘A Review on Electronic Payments Security’. Symmetry, 12, Availableat:https://www.researchgate.net/deref/http%3A%2F%2Fdx.doi.org%2F10.3390%2Fsym12081344 [Accessed 8 May 2023].
  3. McShane, Darren (2018). ‘Review of ASIC Regulatory Guide 97: Disclosing fees and costs in PDSs and periodic statements - Report to the Australian Securities and Investments Commission’. ASIC Report 581, Australian Government. Available at https://asic.gov.au/regulatory-resources/find-a-document/reports/rep-581-review-of-asic-regulatory-guide-97-disclosing-fees-and-costs-in-pdss-and-periodic-statements/ [Accessed 8 May 2023].
  4. Zhang, J., Luximon, Y. and Song, Y. (2019). ‘The Role of Consumers’ Perceived Security, Perceived Control, Interface Design Features, and Conscientiousness in Continuous Use of Mobile Payment Services. Sustainability, 11(23), p.6843. Available at: https://www.mdpi.com/2071-1050/11/23/6843 [Accessed 8 May 2023].
  1. Ato.gov.au. (2022). Your superannuation basics. [online] Available at: https://www.ato.gov.au/general/other-languages/in-detail/information-in-other-languages/your-superannuation-basics/#:~:text=More%20information-,What%20is%20superannuation%3F,will%20have%20for%20your%20retirement. [Accessed 11 May 2023].
  2. Bourlioufas, N. (2022). Holes revealed in new fund disclosure regulations | The Inside Adviser. [online] The Inside Adviser. Available at: https://insideadviser.com.au/holes-revealed-in-new-fund-disclosure-regulations/ [Accessed 11 May 2023].
  3. Boyd, T. (2022). Superannuation fund transparency going backwards. [online] Australian Financial Review. Available at: https://www.afr.com/chanticleer/super-fund-transparency-going-backwards-20220722-p5b3qg [Accessed 11 May 2023].
  4. Choi, T. (2022). Australian bank regulator urges more work on biometrics in ePayments Code. [online] Biometric Update |. Available at: https://www.biometricupdate.com/202203/australian-bank-regulator-urges-more-work-on-biometrics-in-epayments-code [Accessed 8 May 2023].
  5. Dr. Burn, Peter, Associate Director, Public Policy, Australian Industry Group (2007). Committee Hansard, Sydney.
  6. FSR Australia notes. (2022). Evolving patterns of ESG disclosure by super fund trustees. [online] Available at: https://hsfnotes.com/fsraustralia/2022/04/19/evolving-patterns-of-esg-disclosure-by-super-fund-trustees/ [Accessed 11 May 2023].
  7. Nortonrosefulbright.com. (2021). ASIC seeks feedback for important updates to the ePayments Code and mandate its effect. [online] Available at: https://www.nortonrosefulbright.com/en-au/knowledge/publications/1f7baa2b/asic-seeks-feedback-for-important-updates-to-the-epayments-code-and-mandate-its-effect [Accessed 11 May 2023].

Whatsapp Icon