Phone numbers, customer names, BSB and account numbers linked to PayID have been accessed by fraudsters targeting customers with dodgy texts and phone calls in order to access the New Payments Platform (NPP) database and scam millions of dollars, the Herald Sunreports.

Customers at all of the nation’s big four banks — the Commonwealth Bank, National Australia Bank, ANZ and Westpac — are among those impacted.

RELATED: Westpac’s PayID breach sees personal details exposed

RELATED: Australians must establish new PayID on NPP

RELATED: Westpac to refund $1.8 million to 30,000 customers

Westpac is one of the banks that has issued a warning via email urging its customers to be vigilant with monitoring their accounts, as the exposed data could be used to commit fraud.

It is understood the issue initially occurred at another bank and impacted customers from multiple financial institutions.

“We have heightened monitoring on your account and ask that you are on the lookout for any suspicious activity,’ Westpac said in an email to customers.

“We ask that you also be vigilant with any messages received via text or phone calls from an unidentified source.

“We are urging all customers to be wary of any SMS phishing attempts — for example, a personalised message which looks like a legitimate message from Westpac or another bank, in an attempt to acquire banking credentials and password,” it added.

The highly anticipated NPP was rolled out in 2018 promising to deliver 24-hour, seven-days-a-week instant transfers, moving cash in a matter of seconds without the need for BSBs or account numbers to be shared.

Information including email addresses, phone numbers or an Australian Business Number (ABN) could be linked to the accounts and be shared to move money quickly, the Herald Sun reports.

PayID can be used like an online lookup, where users can use a phone number or address to reveal the details of the account holder.

Banks have been pressured to roll out PayID by the reserve bank since it was introduced in 2018. Initially it was not offered by the big four.

In June, hackers also attacked Westpac’s online banking features, exposing the private details of almost 100,000 customers.

The bank is also expected to refund $1.8 million to 30,000 customers who were incorrectly charged annual fees on their credit cards.

Westpas says the refunds, which average about $60 per customer, come after a review process discovered customers who should have had their fees waived for hitting spending target but were mistakenly still charged.

“Westpac is committed to reviewing its products and services to ensure we are meeting the needs of our customers,” a spokeswoman said.

“As part of this review process, we are refunding around 30,000 customers who were incorrectly charged a fee on their Westpac 55 Day credit card.

“There is no need for our customers to do anything. We are contacting all impacted customers and will ensure no one is out of pocket as a result of this error. We apologise for the error and want to assure our customers this has been fixed.”

Originally published as PayID breach sees customers’ banking information hacked