About Us

The Supplier Verifier

Gumshoe is an Australian-built platform that automates supplier due diligence — so finance teams, procurement officers and accountants can trust the businesses they pay, without the manual legwork.

Try it free →

Why Gumshoe exists

Invoice fraud and supplier impersonation cost Australian businesses billions of dollars each year. A cancelled ABN, a freshly registered domain, a Gmail address pretending to be a legitimate business — these red flags are easy to spot once you know where to look. The problem is that looking takes time: ABR lookups, WHOIS queries, email verification, social media checks, and phone calls to confirm a human answers.

Gumshoe collapses that multi-hour manual process into seconds. We orchestrate every check in parallel, present the results as clear pass/fail tiles, and produce an auditable report your team can keep on file.

What a manual supplier check actually costs you

A thorough supplier onboarding check done manually means opening six browser tabs, working through multiple government portals, and copying results into a spreadsheet — before you even pick up the phone. Here's what that looks like in practice.

Check Manual process Time With Gumshoe
ABN & entity status Visit abr.business.gov.au, search by name, verify ABN matches invoice entity exactly 2–3 min Instant — cross-referenced against 9.2M ABR records
GST registration Same ABR portal, check GST section, note registration date 1–2 min Instant — flags unregistered businesses billing above $75k threshold
Company status (ASIC) Visit search.asic.gov.au, search by ACN or name, check for deregistration 3–4 min Instant — deregistration date surfaced automatically
Domain age & history Open whois.com or auda.org.au, look up domain, interpret registration date 4–6 min Instant — flags domains registered less than 6 months ago
Email legitimacy Look up MX records with a DNS tool, manually check SPF and DMARC — requires technical knowledge most AP staff don't have 8–15 min Instant — missing DMARC and generic email domains flagged automatically
Web presence Google the business name, visit the site, judge whether it looks established, check when it launched 5–10 min Instant — parked pages, thin sites and HTTPS issues detected
Spam & fraud list check Check Spamhaus manually (if you know it exists) — most teams skip this entirely 5 min — usually skipped Instant — Spamhaus DBL + SURBL checked on every run
Phone verification Call the number on the invoice, confirm it reaches a real person who can confirm business details 10–20 min AI-recorded call — A$3.50, transcript saved to case file
Document the outcome Copy-paste results into a spreadsheet, email thread or working paper — no consistent format 5–10 min Auto-saved — timestamped report ready for audit file
Total per supplier 40–70 minutes of focused staff time Under 60 seconds
40× faster than manual

If your team onboards ten new suppliers a month, that's roughly 10 hours of staff time spent on tab-switching and copy-pasting — time that compounds across every AP officer, bookkeeper and procurement manager in the business. Gumshoe turns that into six minutes, with a consistent, auditable result every time.

The fraud patterns we're built to catch

Invoice fraud and supplier impersonation follow predictable patterns. The signals are there — they just take expertise and time to spot manually. Gumshoe runs every check in seconds.

High risk

Payment redirect — business email compromise

What happens: A fraudster compromises or spoofs a real supplier's email and sends a message: "We've updated our bank account — please use the new details for your next payment." The email looks legitimate. The domain is one letter off from the real thing.

What Gumshoe catches: The lookalike domain was registered 11 days ago. It has no DMARC record and no SPF policy. The web address resolves to a parked page. Every one of those is a hard FAIL before you've read past the subject line.

WHOIS — domain age 11 days Email — no DMARC Web — parked page
Common

Shell company invoice

What happens: An ABN is registered weeks before a substantial invoice arrives for "consulting services." The business has no web presence, uses a Gmail address, and isn't registered for GST despite billing $15,000.

What Gumshoe catches: ABN registered 23 days ago — flagged as WARN. No GST registration for a business claiming $15k — flagged. No website found across five domain patterns — FAIL. Three FAIL tiles before a human has opened a second tab.

ABN — registered 23 days ago GST — not registered Web — no presence found
Common

Name collision — wrong entity, same ABN

What happens: A fraudulent invoice arrives using the name "Pacific Edge Solutions" with a real, active ABN. But the ABN actually belongs to "Pacific Edge Solutions (Qld) Pty Ltd" — a different legal entity in a different state, whose identity has been borrowed.

What Gumshoe catches: The ABN cross-reference shows the registered entity name doesn't match the name on the invoice. State and entity type mismatch surfaced in the address check. A quick check your AP team would never think to run — done automatically.

ABN — entity name mismatch Address — state mismatch
Sophisticated

Established identity, new bank details

What happens: The supplier is real, verified, and has traded with you for two years. But their email system was compromised six months ago and you didn't know. The "updated banking details" email came from their actual domain. The invoice looks perfect.

What Gumshoe catches: The free checks won't catch this one — this is exactly what phone verification is for. An AI-recorded call to the supplier's listed number, answered by an authorised person, confirms the bank change is genuine. A$3.50 against a potential $50,000 loss.

Phone — authorised person confirms
Common

Residential address billed as commercial premises

What happens: A sole trader or micro-business lists a suburban home address as their registered business premises. For a one-person consultancy this may be legitimate — but for a supplier claiming large-scale manufacturing or warehousing capacity, it's a red flag that slips through manual checks every time.

What Gumshoe catches: The Street View check sends an AI vision model to the registered address and classifies it as commercial, residential, or vacant. A house in a suburb billed as an industrial supplier gets flagged before the PO is raised.

Address — state/postcode cross-match Street View — commercial classification
High risk

Cancelled ABN reactivated for a single job

What happens: A fraudster locates a dormant or recently cancelled ABN — often belonging to a defunct business with a plausible name — and presents it on invoices to bypass basic ABN-format checks. The entity looks real until someone pulls the current ATO status. Most accounts teams never do.

What Gumshoe catches: The ABN check pulls live status from the Australian Business Register. Cancelled ABNs fail immediately; ABNs active for less than six months trigger a WARN. A GST-registered entity that's never filed surfaces in the GST check. Both tiles fail before the invoice reaches approval.

ABN — cancelled or suspended ABN — active < 6 months GST — registration status

How Gumshoe works

1

Search by name, ABN or ACN

Type a business name or ABN into the search bar. Gumshoe searches 3+ million Australian business records from the ABR and ASIC, updated weekly, and returns results as you type.

2

Select your verification checks

Choose which checks matter for your purpose. Free checks include ABN status, GST registration, web presence, WHOIS analysis, email validation, address cross-check, social media and trust rating. Premium checks add AI-verified phone contact and Street View commercial property confirmation.

3

Run — get your assurance score

Gumshoe runs all selected checks in parallel and returns an assurance score from 0–100%. Each tile shows pass, warn, or fail. Results are saved to your dashboard case history and can be exported as a PDF or plain-text report.

What we check — and why it matters

ABN Status

We query the Australian Business Register to confirm the ABN is active, not cancelled, and correctly matched to the business name. The foundational check — everything else builds on it.

GST Registration

A business registered for GST is operating above the $75,000 threshold — a meaningful legitimacy signal. We extract the registration date from the ABR and flag if GST is absent.

Web Presence

We check the supplier has a functioning website, verify HTTPS, and analyse content freshness including blog post cadence. A recently launched, thin-content site is a yellow flag.

WHOIS / Domain

Domain age, registrar history, DMARC and SPF configuration. A domain registered days before an invoice arrived with no DMARC record is a classic fraud pattern we surface immediately.

Email Validation

We validate the supplier email, check MX records, test SMTP reachability, and query spam/fraud blacklists. Generic Gmail for a business claiming $10M turnover? Flagged.

Address Verification

The registered ABR address is cross-checked against directory listings and property type data. We flag addresses that appear residential rather than commercial.

Social Media

A legitimate business trading for years typically has an established social presence. We evaluate account age, activity and consistency to add context to the overall rating.

Trust Rating

We collate reviews from multiple independent Australian rating services to surface consistent complaints, unresolved disputes, or patterns that suggest the business is not what it claims.

Premium

Phone Verification

We place a recorded call to the supplier's listed number. An authorised person answers, confirms business details, and the transcript is attached to the case. The highest-trust signal available. A$3.50 per call.

Premium

Street View

Using AI vision, we inspect the property at the registered address and confirm it is a credible commercial premises — not a vacant lot or residential property. A$0.30 per check.

What you get

📊

Assurance score

A weighted 0–100% score that reflects the breadth and result of each check. Useful for ranking suppliers and setting approval thresholds.

📄

PDF report

Print or save a formatted verification report with all check results, timestamps and your case reference — ready for audit files.

📋

Plain-text export

A clean text version easy to paste into accounting software or attach to an accounts payable workflow.

🗂

Case history

Every verification is saved to your dashboard. Search, revisit and compare suppliers over time as part of ongoing due diligence.

Who uses Gumshoe

🏢

Accounts payable teams

Verify new suppliers before creating vendor records. Catch fraudulent banking detail change requests before funds leave the business.

📦

Procurement officers

Perform rapid due diligence on tender respondents and preferred vendor lists without engaging a separate verification service.

📒

Bookkeepers & accountants

Quickly confirm a client's supplier is legitimate before processing an unusual invoice. The plain-text report attaches easily to working papers.

🔍

Compliance & risk teams

Build an auditable supplier approval trail. The timestamped assurance report demonstrates reasonable due diligence in the event of a fraud inquiry.

Data sources & accuracy

Gumshoe sources ABN and entity data directly from the Australian Business Register (ABR) and ASIC, refreshed weekly from the official bulk data extracts published under the CC BY 3.0 AU licence. Our local database of 3+ million business records means searches return in milliseconds without hitting rate limits or third-party latency.

Additional checks (WHOIS, email, address, phone, social, Street View) use a combination of commercial APIs and open data sources. Where third-party data may lag reality, Gumshoe surfaces the timestamp of the data point alongside the result so you can judge recency yourself.

Frequently asked questions

Is Gumshoe free?

The core verification checks — ABN, GST, web, WHOIS, email, address, social and trust — are completely free. Premium checks (phone call verification and Street View property inspection) are charged per use at A$3.50 and A$0.30 respectively.

Do I need an account?

You can search and run a free verification without an account. Creating a free account lets you save case history, export reports, and access your dashboard across sessions.

How current is the ABN data?

Our database is refreshed weekly from the ABR's official bulk extract. For time-sensitive situations we recommend cross-referencing directly with the ABR at abr.business.gov.au.

Can Gumshoe verify overseas suppliers?

Currently Gumshoe focuses on Australian businesses with an ABN. We plan to extend coverage to New Zealand (NZBN) and key international jurisdictions in a future release.

Is the phone call recorded?

Yes. The AI-assisted phone verification call is recorded and transcribed. The transcript is attached to the case in your dashboard as part of the auditable trail. The supplier is notified the call is being recorded in accordance with Australian telecommunications law.

What is an assurance score?

The assurance score is a weighted percentage (0–100%) that reflects how many checks passed and the relative weight of each check. ABN and phone verification are weighted more heavily than social media presence. It is a guide, not a guarantee — always apply professional judgement alongside the report.

How does Gumshoe help prevent invoice fraud?

Business email compromise (BEC) and invoice fraud typically involve impersonating a legitimate supplier with a lookalike domain, a different bank account, and urgent payment requests. Gumshoe's WHOIS check, email domain validation (DMARC/SPF), and phone verification together make this attack pattern very hard to sustain undetected.

Ready to trust your suppliers?

Search any Australian business name or ABN and run your first free verification in under 30 seconds.

Start verifying free →