News

30 January 2025

Following the release of our inaugural product roadmap in 2024, we are pleased to publish our updated 2025 roadmap that combines our product and infrastructure priorities. The 2025 AP+ Roadmap outlines key industry and regulatory requirements alongside other major initiatives.​

Key updates include:​

• Click to Pay for eftpos​
• Consolidated developer portal and consolidated member portal​
• NPP multi-credit transfer solution design​
• NPP process and message usage uplift​

Along with the above changes we are confirming December 2026 as the delivery date to upgrade the ISO 20022 version that the NPP operates on. ​

Exploratory work also continues, and any successful developments will be included in future roadmap updates.​

We will continue to engage with the industry and our members as we progress, and updated versions of the AP+ roadmap will be published annually.​

The 2025 AP+ Roadmap outlines key industry and regulatory requirements alongside other major initiatives.

Move to NPP: to prepare for the decommissioning of BECS in 2030, we are focusing on ensuring the NPP has the capability, capacity, reach and resilience to easily manage the expected volume of direct entry payments. This work includes:

• NPP process & message usage uplift: developing an approach for the return of bulk payments processed through the NPP; introducing batch identifiers to support the grouping of transactions; introducing a standard payment instruction format that end users can provide to their financial institution; and uplifting PayTo message usage (Merchant Category Codes, Ultimate Creditor) to support improved fraud screening.
• NPP ISO version upgrade: upgrading the ISO20022 version that the NPP operates on to enable software integrations by international vendors and benefit from innovations adopted in other markets.
• NPP Multi Credit Transfer solution: AP+ will begin detailed design work with industry in 2025 to support high-volume bulk payments with multiple transactions contained within a single message.
• NPP cloud migration: this will allow directly connected participating organisations to integrate their back office with the NPP platform infrastructure via public cloud providers.
• NPP capacity upgrades: ensuring that processing capacity is uplifted across the platform and participating organisations.

Mobile Least Cost Routing (LCR) implementation: the industry is expected to support mobile LCR by the end of 2024.

QR acceptance: our goal is to enable initiation for in-store payments using any smart device, initially via QR. It aims to provide consumers with a greater variety of services at the point of sale and integrate other experiences such as loyalty programs or simplified integrated initiation.

eftpos – token cryptogram: introducing a token cryptogram for cardholder-initiated transactions to enhance the security and efficiency of the Australian payment ecosystem, while fostering customer trust, and compliance with evolving industry standards.

Confirmation of Payee (CoP):  a layer of protection for payments to a BSB and account number in Australia. By matching the account name, BSB and account number entered with the details held by the recipient’s bank, Confirmation of Payee gives more confidence that payments are going to the right account.

eftpos – Click to Pay implementation: AP+ is standing up a Click to Pay service with the ambition to streamline e-commerce checkout and make it consistent, convenient and secure.

NPP PayTo porting: allow consumers to move PayTo agreements between financial institutions without having to contact each merchant and re-authorise their PayTo agreements. This will reduce the impact on merchants when their customers change banks.

Osko / SCT harmonisation: brings together the BPAY OSKO service with the native Single Credit Transfer (SCT) NPP product to simplify real-time payments into a single service, with a single brand and clear value proposition, streamlined rules and associated operational processes.

eftpos to update to 3DS 2.3: AP+ plans to support 3DS 2.3 to help reduce cart abandonment rates and provide enhanced risk management.

3DES migration to AES: Australian card payments will be migrated from 3DES to a new encryption standard (AES) by 2030.

Portal consolidation: AP+ is consolidating the developer experience across our products into a singe developer portal. We are also creating a single front door for members with a unified and streamlined member portal.

Cyber security capability uplift, fraud capability uplift and trust layer: AP+ is uplifting its maturity in the foundational cyber capabilities required to govern, identify, protect, detect, respond and recover from cyber incidents. AP+ is also expanding fraud capability across each AP+ scheme and supporting industry fraud and scam initiatives.

Source: 2025 AP+ Roadmap – Australian Payments Plus

The results of the Reserve Bank’s 2022 Consumer Payments Survey show that consumers continue to shift from using cash to electronic payment methods – a trend that was accelerated by the COVID-19 pandemic and consumers’ preference towards using debit and credit cards and making payments online. Consumers are also increasingly using more convenient payment methods, particularly contactless card payments, by tapping their card or phone. Cards are now used for most in-person payments, even for small transactions that used to be made mostly with
cash.

Download the Report

Source: www.rba.gov.au

As adoption of banking apps grows, so does pressure to increase the range of capabilities the apps support, which has security ramifications.

Mobile app-based banking continues to find favour with Australians: more than two-thirds now use a mobile banking app or smartphone to do their banking, and it offers the highest customer satisfaction rating of any banking channel, averaging an 89.4% rating by customers of the ‘Big Four’.

As digital and self-service have been embraced by consumers, particularly in the form of increased use of apps, there’s inevitably pressure to build on that foundation.

A review of the apps of the five major Australian banks mid last year found customers wanted to see more capabilities and functionality added to the apps, particularly around money movement and management to improve financial wellbeing.

Some of these capabilities are being added in via third-party developed plugins created by fintechs, while other banks and credit unions are seeking to code these capabilities and features directly into the apps themselves.

Whichever app expansion strategy is pursued, a key concern will be that the additional functionality brings with it additional security risks. The larger the range of functions that the app can perform, the greater the amount of data it is likely to be handling.

All of these functions combine to create a broad potential attack surface for threat actors, who may view an ever-expanding banking app as a target that continues to increase in value.

Good security provides the confidence to expand apps

In a recent Deloitte survey, building digital trust was rated as the most important business strategy for success by financial institutions in the Asia-Pacific.

One of the top five benefits that cybersecurity investments had in this area was providing “confidence to try new things”, the survey found.

This means that at least in some banks, there’s a direct link between security and app capability growth; if a bank or credit union lacks confidence in their setup, they are less likely to try new things that could increase their security risk or exposure.

Banks and credit unions alike are acutely aware of their critical infrastructure role in Australia, and of the impact that a breach could have on customer confidence and goodwill. The critical nature of banking apps is often on display if they suffer downtime or degraded performance. Customer sentiment can turn quickly if they suddenly cannot perform critical tasks such as contactless payments at a supermarket register. And to be clear: these incidents aren’t often security-related. A security-related impact could prove catastrophic, particularly from an erosion of digital trust perspective, let alone what exposures individual customers could have.

Fortunately, credit unions and banking institutions tend to take a very proactive, best-practice approach to cybersecurity, and this extends to the oversight of their apps.

Many, for example, have focused on upskilling the defensive capabilities of their development teams. Without this education and verification, a lack of expertise may lead to teams taking shortcuts and/or lapsing into human errors, which could trigger configuration issues and code-level vulnerabilities.

Importantly for banks, these vulnerabilities could raise risk thresholds to a point that’s incompatible with, or in breach of, their regulatory requirements. Stringent regulations – including the Payment Card Industry Data Security Standard (PCI-DSS), the EU’s General Data Protection Regulation (GDPR) and additional global and national initiatives exist to address issues such as insecure data storage, insufficient authentication/authorisation, poor code quality and code tampering.

These standards create and drive vigilance among risk teams. In their pursuit of app expansion and increased customer satisfaction scores, it is important that developers or customer experience teams do not do anything that would undermine this vigilance and risk position.

Growing role-based security upskilling and awareness

To lay the foundations to proceed with banking app expansion with confidence, a holistic, people-driven security program is beneficial for creating the right mindset and foundational skills base.

A program that takes a dynamic approach based upon real-life threat management scenarios – as opposed to a static learning approach – will gain the most traction quickly. This can include the leveraging of motivational tools, such as rewards for successful “wins” and skills acquired.

Security learning pathways should also be available to everyone with a stake in the bank’s customer success. Developers are just one part of the ecosystem. Other parts of the organisation such as application security (AppSec) professionals and senior management also have key stakes in securing digital experiences and building digital trust. Executives, in particular, need to understand that security is not a “set it and forget it” discipline. A combination of tools and training is the most effective way to maintain the currency of security knowledge and best practices.

A positive security program focused on role-based education and awareness can lead to increased security engagement across the entire organisation, establishing the bank as “security-first.” From that position, unconstrained innovation can safely follow.

Written by Pieter Danhieux, CEO and Co-founder, Secure Code Warrior. Source: australianfintech.com.au

Indue is excited to announce the official launch of its PayTo service offering, enabling financial institutions and payment service providers and platforms to drive payment innovation and improved customer experiences.

A development of Australian Payments Plus on it’s New Payments Platform (NPP), PayTo modernises the way bank accounts are used for payments, helping businesses and consumers thrive in the digital economy.

Indue CEO Derek Weatherley said the PayTo launch is a natural extension of Indue’s NPP capability, which has been helping Australia’s leading mutual and community banks take advantage of flexible, real-time payments with industry-leading financial crime support since 2018.

“At Indue, we are committed to investing in product technology advancements that support our client’s digital transformation, innovation, and competitiveness, exemplified now through PayTo,” Mr Weatherley said.

“We have a team of NPP experts that have already begun to connect partners to PayTo, delivering them a faster, simpler, and smarter real-time payment service.

“We are thrilled to be part of the PayTo revolution and, as always, are keen to help our current and future customers keep pace with the changing Australian payments landscape.

“PayTo will enable a superior payment experience by streamlining payments and improving efficiency and control for consumers and businesses.  This is achieved by PayTo while at the same time reducing risks and modernising the way money moves.

“Ultimately, PayTo further enhances Indue’s digital banking offering, providing a state-of-the-art payment services experience for our customers.”

Indue can connect financial institutions, payment service providers and platforms to PayTo .

To learn more and get PayTo ready, click here.

For 135 years, The Mutual Bank has met the financial needs of the Maitland, Newcastle, and Hunter communities in New South Wales, serving and supporting them in building a sustainable future.

Since March 2022, Indue has provided The Mutual Bank and its members with a significantly expanded payment services suite, including Direct Entry, BPAY, NPP, Financial Crimes, Anti-money laundering, Card Services, High Value Payments, and an expansion of its Digital Payments offering.

The Mutual Bank CEO Geoff Seccombe said the partnership continues to be driven by a strong alignment in company values, product offerings, and payment needs.

“Our relationship with Indue began when we needed assistance in becoming the first local mutual bank issuer of Apple Pay in the region. But it is founded upon much more than a vested interest in innovative payments technology,” Mr Seccombe said.

“Indue earned our trust, respect, and business by delivering on its payment services promise, and it has kept it by continuing to share our community-first focus and partnership culture.

“I commend Indue for its support of the local communities in which we operate, and its unwavering commitment to environmental, social, and cultural initiatives,” Mr Seccombe said.

Indue CEO Derek Weatherley said that alignment with our clients’ sustainability practices, community programs, and employee wellbeing are core to our values.

“The best partnerships are achieved when company culture and core values align, which is what we have experienced with The Mutual Bank,” Mr Weatherley said.

“We have an excellent understanding of The Mutual Bank’s priorities and their wider community goals in operating in a socially responsible manner, prioritising positive social impact and a genuine ‘one team’ support model with on-the-ground support.

“We look forward to continuing to work with The Mutual Bank and its community” Mr Weatherley said.

We are delighted to confirm that Qudos Bank has reappointed Indue as their exclusive full-service payments partner.

Qudos Bank is one of Australia’s largest customer-owned banks with branches in Sydney, Melbourne and Brisbane and more than $5 billion in assets, offering a full range of financial products and services, including home loans, personal loans, transaction, and savings accounts, super and investing, and insurance.

Over recent years Qudos Bank has been on a digital transformation journey and provides a host of exceptional digital banking platforms and payments services.  Qudos Bank CEO Michael Anastasi said the relationship renewal reaffirmed the strength and value of the long-term partnership with Indue to provide end-to-end payment services.

“We have a long term partnership with Indue and renewing the relationship supports continuing development in our innovation around digital banking offering and providing a state-of-the-art payment services experience for our customers, underpinned by market leading security in payments for our customers” Mr Anastasi said.

“Importantly, Indue’s customer-focussed culture is outstanding across the organisation and directly aligns to our central focus as a customer-owned bank on delivering banking services in the interests of our customers, providing synergies that will help Qudos remain at the forefront of excellent in customer service standards for our customers across Australia.”

Indue CEO Derek Weatherley said the renewal of the partnership will enable Qudos Bank to provide to their customers a comprehensive suite of end-to-end payment services coupled with market leading payment security.  Qudos has been remarkably successful through a laser focus on customer advocacy and being easy to do business with – the partnership with Indue ensures that excellence in customer outcomes remains at the forefront of their business operations.

“Indue remains heavily invested in advancements in our product technology capability, reinvesting our profits into research and development via our Innovation Hub and the various working groups it supports and continuing to support the digital transition of our clients,” Mr Weatherley said.

“We couldn’t be more pleased Qudos Bank has chosen to extend our long-term partnership and we are looking forward to working together to build out future innovation pathways for real time, data rich, frictionless payment choices for customers.  Qudos has been a great supporter of their community and we look forward to working closely with Qudos this year on supporting and driving community focused outcomes important to their organisation. 

“The payment products and services suite provided to Qudos Bank by Indue will include NPP, PayID & Pay To, mobile payments, Orion Financial Crimes, Cards, Direct Entry, and BPAY services.”

-ENDS- 

Blockchain and
crypto have made a surprising resurgence to the agenda at Money 20/20, likely
driven by the growth in central bank currency pilots and collaborations into potential
use cases for government issued digital currency. The Indue client tour
participants absorbed broad learnings on how the concept of a fully digital
decentralised network could benefit customers and clients in the payments and
banking sectors.

A wide spread of
blockchain use cases were presented, everything from connected cars through to
micro payments, with the major feature being the ability to move money in
real-time at lower cost, a presumption that we see either prove or disprove
itself in the years to come.

The focus on the
use of crypto in payments has been heavily on enabling cross-border
transactions, as well as the challenges posed by increasing regulation.

The bold headline
from proponents of the technology at Money 20/20 was that everything will be on
blockchain – it’s only a matter of time.

This optimism
comes with words of warning. These technologies continue to be developed
through a cycle of uncertainty and regulation remains a major challenge. With
improved regulation we will likely see a more stable and genuine value emerge
for crypto and the development of more businesses with underlying strength.

With these
expansive developments in the fintech space, Indue continues to stay tuned to
these innovations to provide our clients and their customers with strategic
guidance and forethought on the payments landscape of the future.

The Money20/20 conference has given us the opportunity to hear from a wide range of world-class speakers, including global entrepreneurs and even a Grand Slam tennis champion, who have all touched on the intrinsic link between organisational culture, diversity, and performance.

The companies that are best positioned to establish a competitive edge are the ones that embrace a culture of prioritising diversity of people and thought, and equally, this diversity is the best form of due diligence when developing new business models or entering new markets.

In a broad ranging discussion about fintech and start-ups featuring Serena Williams, we heard about new business models and solutions that are focused on solving problems for customers, leveraging the power of partnerships, and driving a competitive edge through organisational culture embracing diversity.

We were also fortunate to hear from several women who have founded new payment fintech companies in the past two years, including Kontempo – a Mexico-based bank focused on providing credit to small businesses, Lucy – which is providing funding for female entrepreneurs, and the competitive edge through embracing diversity was a recurring theme.

The theme of modernising core was prevalent, ensuring foundations are built on future proofed architecture. Another common theme in this vein was ‘build core, partner everything else’. This includes leveraging partnerships for insightful and innovative product design, and the theme of diversity featured again through partnerships that support organisational diversity, with a US Bank focussing a commitment to diversity though partnering with fintechs who are focused on minority/women only businesses.