Fake Proof of Payment: Detecting Forged Transfer Confirmations
How fraudsters forge PayID and bank transfer confirmations to release goods before payment lands, and how Australian sellers can verify proof of payment before handover.

Summarize this article with
A seller hands over the car keys, the warehouse releases a pallet, or a landlord passes over a bond receipt on the strength of a screenshot. The buyer's banking app shows a completed transfer, with a PayID confirmation, a green tick, and a timestamp. The money never arrives, because the screenshot was never a real payment โ it was an image edited, generated, or pulled from a spoof banking app designed to look convincing for the thirty seconds it takes to close a deal.
This article is for informational purposes only and does not constitute legal, financial, or regulatory advice.
What Fake Proof-of-Payment Fraud Is
Fake proof-of-payment fraud is the presentation of a forged or manipulated document โ a banking app screenshot, a PDF payment receipt, or a fabricated SWIFT MT103 confirmation โ to convince a seller or service provider that a transfer has already been sent, so they release goods or access before checking whether the funds have cleared. It targets the moment of handover rather than the payment instruction itself: the money described in the document either never moved, was reversed minutes later, or went for a different amount to a different party.
This is distinct from mandate fraud, where criminals redirect a genuine payment by supplying fake bank account details to change where money is sent, and from forged bank statements submitted to fake income or solvency in a loan file. Here the document is not trying to change what happens to real money โ it is trying to convince someone that money has already moved when it has not.
Shopping scams โ where a buyer or seller is deceived about whether payment or goods have genuinely changed hands โ were the most-reported scam category by volume through 2025, and total reported scam losses reached $2.18 billion for the year, up 7.8% on 2024 (National Anti-Scam Centre, Targeting Scams report 2025). Reported volumes shifted between categories, but the underlying pattern โ a fabricated confirmation used to move goods before anyone checks a real balance โ stayed active regardless.
How Fraudsters Build a Convincing Fake Payment Confirmation
Three techniques recur across vehicle sales, equipment leasing, and marketplace deals, each aimed at a different moment in the transaction.
Screenshot editing and spoof banking apps
The simplest method edits a genuine screenshot โ changing the amount, date, or payee name โ or uses a spoof app that recreates a bank's interface, letting the fraudster type in any sender, amount, and PayID reference they choose. A genuine banking app never lets a user generate a "successful transfer" screen for a payment that was never submitted; a spoof app skips the bank entirely and draws the screen directly. A pattern documented repeatedly by Australian consumer bodies pairs the fake screenshot with a follow-up message claiming the seller's account needs to be "upgraded" before the "sent" funds release, asking for a smaller amount to unlock it (CHOICE) โ PayID has no such upgrade tier and charges no fee to receive a payment.
Fabricated SWIFT and MT103 confirmations
For larger transactions โ equipment leases, wholesale invoices, cross-border vehicle purchases โ fraudsters sometimes present a forged SWIFT MT103 confirmation or a so-called "conditional" MT103/23 as proof a wire is in transit. No such conditional instrument exists in the SWIFT standard: a payer cannot make an MT103 contingent on the recipient completing paperwork first, and any confirmation claiming otherwise is fabricated. The document reproduces genuine-looking field codes and letterhead, but is not traceable through the actual SWIFT network, because no real message was ever sent.
Fake PDF receipts and doctored remittance advice
Some fraudsters send a PDF "payment confirmation" cloned from a real bank template, complete with a transaction reference and a logo lifted from the bank's public branding. A material share of these documents can be distinguished from genuine bank-issued files by structural inconsistencies invisible on screen โ PDF metadata, font substitution, and layout artefacts that differ from how the named institution generates its confirmations, a pattern CheckFile's pipeline is built to surface through structural checks and metadata forensics, not visual review alone.
Where This Fraud Hits Hardest: Vehicle Sales, Leasing, and B2B Trade
Fake proof-of-payment fraud concentrates wherever a valuable asset changes hands quickly and the seller is under pressure to move fast.
| Transaction type | Typical trigger | What the fraudster wants released |
|---|---|---|
| Private vehicle sale | "My courier is already on the way" | Car keys, registration papers, spare key |
| Equipment leasing / plant hire | Deposit "sent" via PayID to secure a rental slot | Machinery, access codes, delivery |
| Wholesale B2B trade | Purchase order with "payment attached" | Stock, dispatch of goods |
| Marketplace private sale | Buyer "can't come in person, sending an agent" | Item handed to a courier or stranger |
| Rental bond | Screenshot of bond transfer before an inspection | Keys, access to the property |
Vehicle sales are a recurring target because the payment is large enough to reward the effort, and a car is portable and resellable within hours of collection. Facebook Marketplace, Gumtree, and Carsales listings consistently attract the "agent collection" variant, where a buyer claims to be interstate or overseas, sends a fake PayID screenshot, and arranges a courier to collect the car before the seller checks their own balance.
Ready to automate your checks?
Free pilot with your own documents. Results in 48h.
Request a free pilotReal Questions Sellers and Buyers Ask
Australian car-selling and marketplace forums return to the same handful of questions whenever this scam surfaces, synthesised below rather than quoted directly.
Is a bank transfer screenshot ever valid proof of payment
No. A screenshot is an image, not a live connection to a bank's ledger, and spoof-app generators reproduce official-looking transfer or PayID confirmations in minutes. The only reliable proof is money appearing, cleared, in the recipient's own account, checked in their own banking app rather than through anything the buyer supplies.
Why does the buyer always claim the payment is "pending" or sent via a third party
Marketplace forums repeatedly describe buyers who claim to be interstate or abroad and send a courier or "agent" to collect the item before the seller has confirmed funds. This detaches the collector from the person who supposedly paid, so if the payment never appears, the seller has no buyer to chase.
Can a seller be held liable if they release goods against a fake payment proof
Releasing goods against unverified proof of payment is a business risk the seller absorbs, not a liability that shifts to a bank or regulator. Because the seller authorised no payment themselves, scam-reimbursement protections built for customers deceived into sending money generally do not extend here.
Why Common-Sense Checks Still Fail
Manual review catches obvious fakes โ misspelt bank names, mismatched fonts โ but the underlying weakness is structural: staff and private sellers judge a document's appearance under time pressure created deliberately by the fraudster. Manual fraud detection across document types generally identifies around 37% of cases, with an average detection delay of 87 days, according to the ACFE 2024 Report to the Nations โ figures describing organisational fraud broadly, but illustrating the same problem: appearance-based review misses forgeries engineered to look right at a glance.
The same document-level techniques used in equipment leasing compliance checks โ validating that a file's structure and metadata match what the claimed issuer would produce โ apply just as directly to a payment confirmation as to a lease application file.
A Verification Sequence Before Releasing Goods or Access
A short, enforced sequence closes most of the exposure this fraud exploits, whether the transaction is a private car sale or a business-to-business dispatch.
Step 1 โ Treat any screenshot, PDF, or forwarded email as unverified by default. No image or document, however detailed, substitutes for funds appearing in your own account.
Step 2 โ Check your own banking app directly, never a link the buyer provides. Navigate to your bank's app independently and confirm the balance has moved and cleared, not merely shown as pending.
Step 3 โ Match the payer's registered PayID or account name to the person in front of you. NPP transfers display the account name held by the sending institution; a mismatch is a signal to pause, not proceed on a promise it will be corrected later.
Step 4 โ Refuse third-party collection until funds have cleared. Any request to release goods to a courier or "agent" before you have personally verified cleared funds is a standalone red flag โ and no legitimate PayID transaction ever requires the recipient to pay an "upgrade" fee first.
Refusing to release goods or access until payment shows as cleared funds in your own account, checked independently of anything the buyer supplies, is the control cited most consistently across Australian consumer-protection guidance on purchase scams (ASIC's Moneysmart). No document-level check replaces that final step; it reduces how often a forged confirmation gets that far in the first place.
Reporting and Recovery Options in Australia
If goods have already been released against a fake payment proof, recovery options are limited and time-sensitive. Report the incident through ReportCyber for a reference number for insurance claims and any dispute with a courier, and log the pattern with Scamwatch to feed the National Anti-Scam Centre's disruption efforts. This pattern does not involve the victim being deceived into sending a payment themselves, so the Scams Prevention Framework Act 2025 โ the regime overseen jointly by ASIC, ACMA, and the ACCC, whose banking-sector code targeted 1 July 2026 for effect โ is built to protect customers deceived into authorising a payment, not a seller who received no funds at all.
Businesses accepting payment confirmations during regulated onboarding or leasing carry additional obligations under the AML/CTF Act 2006: AUSTRAC's guidance on suspicious matter reporting expects reporting entities to treat fabricated supporting documents with the same scrutiny as any other unverified financial document at onboarding, consistent with the CheckFile banking KYC solution approach.
How CheckFile Complements Direct Bank Verification
Checking your own account balance directly remains the single most reliable control against this fraud, and no document analysis tool replaces it. Where a business handles proof-of-payment documents at scale โ a leasing company processing bond confirmations, a distributor accepting remittance advice before dispatch โ CheckFile applies cross-document validation across multiple fields per document to assess whether a submitted payment confirmation is structurally consistent with what the claimed issuing bank would actually produce. CheckFile offers AI-generated content detection as an optional forensic layer, available according to the sector's risk level, as a complement to existing structural document controls.
The CheckFile financing and leasing solution applies this pipeline to deposit and payment confirmations collected during equipment and vehicle finance onboarding, and the CheckFile security infrastructure provides the audit trail if a disputed transaction is escalated. Teams evaluating deployment can review the CheckFile pricing page or explore the CheckFile platform directly.
For a broader view of how verification obligations vary across sectors, see our industry verification guide, and our guide to fake bank details and mandate fraud for the related payment-redirection risk.
To place fake payment confirmation detection within a dedicated approach, see AI-generated and forged document detection. CheckFile analyses submitted documents and surfaces AI-generation signals as a complement to your existing controls โ it does not replace checking your own bank account before releasing goods.
Frequently Asked Questions
What is the difference between fake proof of payment and mandate fraud?
Fake proof of payment fraud forges a document claiming a transfer has already happened, used to convince a seller to release goods before checking their account. Mandate fraud instead forges bank account details to redirect a genuine, intended payment to an account the criminal controls. The two can overlap, but the document forged and the moment it is used differ.
Can a fake SWIFT MT103 confirmation be verified as genuine?
A payer's bank or an independent SWIFT tracing request can confirm whether a message was actually transmitted, but a recipient cannot verify a SWIFT confirmation from the document alone. There is no such thing as a "conditional" MT103 or MT103/23 that releases funds only once paperwork is completed; any confirmation claiming this feature is fabricated, regardless of how genuine the letterhead and field codes appear.
How quickly do Australian bank transfers actually clear?
NPP transfers between Australian banks, including PayID payments, typically settle within seconds under the Osko service, with funds available and generally irrevocable once received (Reserve Bank of Australia). A payment described as "pending" for hours on what should be an instant NPP transfer, or one requiring the seller to "upgrade" an account first, is inconsistent with how PayID operates and warrants direct verification with your own bank.
Should a seller ever accept a payment confirmation instead of checking their own account?
No single document should substitute for confirming that funds have cleared in the seller's own account, checked through their own banking app rather than a link supplied by the buyer. Payment confirmations can support a decision once funds are independently verified, but on their own they carry no guarantee money has actually moved.
Who should be notified if goods were released against a fake payment proof?
Report the incident through ReportCyber for a reference number for any insurance claim or dispute, and log the details with Scamwatch so the pattern feeds the National Anti-Scam Centre's data. If a courier collected the goods, notify that firm directly, since it may hold identifying details of the collector, and contact your bank in case the fraudster attempts a related scam through a linked account.
Stay informed
Get our compliance insights and practical guides delivered to your inbox.