ato logo
Search Suggestion:

How we use data matching

Find out how we receive data from a range of sources and match it against our own data to identify people and businesses who may not be reporting all their income.

Last updated 14 May 2023

Find out how we receive data from different sources and match it against our own.

About data matching

We receive data from a range of sources, including:

  • banks
  • financial institutions
  • other government agencies.

We validate this data and match it against our own information to identify where people and businesses may not be reporting all their information correctly.

Legislated data collection

Some organisations (such as banks, employers and other government agencies) have a legal obligation to report information to us. Through our data-matching activities, this legislated data collection helps taxpayers to prepare and complete accurate tax returns.

For example, our pre-filling service provides data for taxpayers to review and include in their tax returns. Helping people get it right the first time reduces the need for follow-up activity.

Where a person has made an error due to poor record keeping or a misunderstanding of the law, we work with them to correct their tax return and to improve their understanding of their obligations.

Using data to check tax returns

When we identify a discrepancy (for example, interest income not declared in a tax return), we also check if the amount has been placed at another label by mistake.

We may identify discrepancies:

  • when you lodge your tax return, if it differs from the pre-filled information
  • after your tax assessment has been finalised.

If you change pre-filled data when you lodge your tax return, we may adjust it back if we have a high level of confidence in the information we've received.

In some instances, we may contact you about a discrepancy. We'll provide you with the details of the data that's been matched. You'll then have an opportunity to check your records to confirm the correct amount.

We look for:

  • interest and investment income
  • employment income
  • government payments
  • capital gains tax from the disposal of shares and property
  • employment-related foreign source income
  • taxable government grants and payments
  • payments made to contactors in the building and construction industry
  • private health fund information
  • distributions from partnerships, trusts and managed funds.

Sources of third-party information

We collect information from a wide range of third-party sources, both public and private, with more than 600 million transactions reported to us annually.

Examples of third-party sources and the information they provide include the following.

  • Banks, financial institutions and investment bodies: investment income
  • Employers: payments to employees and contractors
  • State and territory motor vehicle registering bodies: motor vehicles sold, transferred or newly registered
  • State and territory title offices and revenue agencies: sales and other transfers of real property
  • Government bodies: pensions, benefits, rebates, taxable grants and other payments
  • Australian Transaction Reports and Analysis Centre (AUSTRAC) and our international treaty partners: foreign source income
  • Online selling platforms: quantity and value of online sales
  • Sharing economy facilitators: payments to participants
  • Financial institutions providing merchant facilities and administrators of specialised payment systems: electronic payments processed for business including total credit and debit card payments received
  • Stock exchanges and share registries: share transactions
  • Businesses in the building and construction industry: payments made for building and construction services
  • Cryptocurrency designated service providers: purchase and sale information

Some organisations (such as banks, employers, and other government agencies) have a legal obligation to report your information to us so that it can be used for tax purposes. This is known as legislated data collection.

We also have powers to collect information for data-matching projects designed to address specific industries, issues or risks (such as our data-matching programs for private health insurance and Medicare levy, credit and debit cards, motor vehicles, online selling and share market transactions). This is known as 'special purpose acquisition data'.

In addition, we exchange information with our international treaty partners to ensure correct reporting of income earned overseas by Australian residents and income earned in Australia by foreign residents. We also exchange data with other Australian Government agencies.

In all our data-matching activities we work closely with data suppliers to ensure that only relevant information is provided to us. The Taxpayers' Charter details the fair use of our access and information gathering powers.

Validating the data we receive

Legislated data collected from third-party providers is sent to us in reports through a secure electronic channel. Each report contains information such as tax file number (TFN), name and date of birth, to allow us to match it to the correct person.

Integrity checks are conducted to confirm the quality of the data, including:

  • checking the data provider’s identity to prevent possible fraudulent reports
  • checking for duplicate reports, so we don’t end up with two sets of data – if a second data set is received, we generally reject the earlier one
  • matching reported data to valid TFN records in our systems
  • ensuring overall integrity by identifying recurring quality issues in the data collecting and matching process.

Once a report has passed our integrity checks, we use algorithms and other analytical methods to refine the data. This validated data is then matched to information reported in tax returns.

The data we collect for specific data-matching projects is often sourced from providers' systems and may not be available in a format that can be readily processed by our systems. In these instances, we apply extra levels of scrutiny and analytics to verify the quality of the data before matching data to taxpayers' returns.

Your privacy

Your privacy is protected by the Privacy Act 1988 and the strict secrecy provisions of the Income Tax Assessment Act 1936, the Taxation Administration Act 1953 and other tax laws. We also have an ATO privacy policy.

These laws prohibit our staff from accessing, recording or disclosing any persons' tax information except in the performance of their duties. Breaches of these laws can attract fines of up to $11,000 and jail sentences of up to 2 years.

We also adhere to the Privacy Commissioner's Guidelines on Data Matching in Australian Government AdministrationExternal Link. We do this by preparing and publishing a data-matching protocol for each of our programs that obtain information on about 5,000 individuals or more.

In broad terms, each protocol explains:

  • the purpose of the program
  • what data is collected
  • which agencies or organisations will be providing the data
  • how the data will be used.

Data-matching programs

Our data-matching programs are designed to increase community confidence in the integrity of the tax system.

We use the data to:

  • help individuals and businesses understand their tax obligations, including registration, lodgment, reporting and payment
  • protect honest businesses from unfair competition
  • make it easier for individual taxpayers by pre-filling their returns
  • assess the levels of voluntary compliance of individuals and businesses with their tax obligations.

If we check your information, it doesn’t automatically mean we think you're dishonest in your tax affairs. If the data doesn’t match, we may contact you to find out why.

Note: If you haven't reported all your income, or if you've made a mistake with your tax records, you should correct the mistake or amend a return.

Report a concern

You can use our Tip-off form to tell us anonymously if you suspect a person or business isn't doing the right thing.

This can include things like:

  • skimming some, or all, of their cash takings
  • running part of their business 'off the books'
  • not reporting all their income.

We review all reports and take action where appropriate. We conduct specific data-matching programs in a number of areas.

Specific data-matching programs

We collect data from a range of sources to protect honest businesses. Specific data-matching programs allow us to conduct formal data matching without it being legislated. We do this by identifying businesses that:

  • may not be reporting all their income
  • operate outside of the system
  • are operating but are not lodging returns.

The data is used to understand trends and patterns in industries, including where we need to develop assistance products to help the community understand their tax obligations.

We are currently undertaking specific data-matching activities in the following areas:

See how we have used third-party data to protect honest businesses with the following examples.

Example: under-reporting merchant sales

A clothing retailer with multiple retail stores appeared to be under-reporting merchant sales. We found an $870,000 discrepancy between their business activity statement and tax return.

The owner made a voluntary disclosure on reporting errors for 36 activity statements across the financial years 2010 to 2013, resulting in unpaid goods and services tax (GST) of $248,851. Since they were cooperative, no penalties were charged.

End of example


Example: cash-only business caught avoiding GST

One of the owners of a cash-only takeaway chicken shop had been previously audited twice for another chicken shop, involving cash wages and inadequate record keeping.

The owners were claiming a large portion of GST-free sales from the sale of cold, uncooked chickens. When we tried purchasing an uncooked chicken, we were told that it was unavailable as the shop is a takeaway.

Our audit revealed they had understated their sales by around $330,000 and were paying cash wages. The owners had to pay back $103,371 in GST as well as $77,528 in penalties.

End of example


Example: using benchmarks to determine unreported income

A cleaning services company appeared to be operating on a cash-only basis and was reporting outside benchmarks.

We discovered that not only was the director receiving more payment than his reported wage, but there were also no records of contractor payments, and significant AUSTRAC cash withdrawals existed, which we suspected were to pay employees and contractors. We also identified an undisclosed bank account.

The owner’s lack of record keeping and failure to provide all requested documents was enough for us to apply the industry benchmark. This resulted in $156,179 in unpaid GST and $283,602 pay-as-you-go withholding, as well as total penalties of $156,096.

End of example


Example: data matching reveals dishonest business

A business selling horse-riding equipment on an online selling platform with sales of $1,280,003 was selected for review.

We discovered the owner had registered the account in another person’s name and was selling unbranded horse saddles made by his parents' company in China.

We also found another online selling account and a website where no income was reported from either source. A specialised payment system account linked to this account and the website were linked to the owner’s personal bank account and showed significant AUSTRAC activity to Chinese bank accounts.

Our audit determined the entity had been under-reporting income and over-reporting expenses for the life of the business. They had been doing this by:

  • never declaring income on export sales
  • including unsubstantiated expenses in their tax return
  • including non-business activity statement expenses in activity statement purchases.

The owner had to pay:

  • $103,263 in GST
  • $259,298 unpaid income tax
  • $181,280 in penalties.
End of example

Credit and debit cards

We obtain data from banks and financial institutions to identify the total credit and debit card payments received by Australian businesses. This is detailed in the Credit and debit cards data-matching protocols.

We don’t gather information about individual credit or debit card holders.

Since 1 July 2017, these institutions need to automatically report this information to us each year.

Specialised payment systems

We obtain data on electronic payments made through specialised payment systems to Australian businesses. This data is analysed in conjunction with data collected through our credit and debit card data-matching program.

Online selling

We obtain details of online sellers who sell goods and services to the value of $12,000 or more.

Data is obtained from online selling sites where the data owner or its subsidiary:

  • operates a business in Australia that is governed by Australian law
  • provides an online market place for businesses and individuals to buy and sell goods and services
  • tracks the activity of registered sellers
  • has clients whose annual trading activity amounts to $12,000 or more
  • has trading activity for the years in focus.

You can read our Online selling data-matching protocol.


We obtain data from all ride-sourcing facilitators operating in Australia and their financial institutions to identify ride-sourcing drivers.

This information allows us to help drivers understand their tax obligations, including registration, lodgment, reporting and payment obligations.

You can read our Ride-sourcing data-matching program protocol. You can also find out more about the sharing economy.

Motor vehicle registries

We obtain data from all the state and territory motor vehicle registering bodies to identify all motor vehicles sold, transferred or newly registered, where the transfer or market value is $10,000 or more.

You can read our Motor vehicle registries data-matching protocol.


We obtain data from Australian cryptocurrency designated service providers (DSPs) to ensure people trading in cryptocurrency are paying the right amount of tax.

You can read our Cryptocurrency data-matching protocol.

Exchanging data with other Australian Government agencies

Our data-matching program identifies cases at risk of either:

  • incorrect personal financial assistance payments
  • tax evasion.

We provide income information derived from tax returns to the Data-Matching Agency (DMA), a separate agency within Services Australia. We do this on a cyclical basis (up to 9 cycles per year) on selected agency clients. This is used to determine the eligibility criteria for benefits and to help detect fraud within the welfare system.

The data is provided by us under the provisions of the Data-Matching Program (Assistance and Tax) Act 1990.

Assistance agencies provide client data, including TFN and identity details, to the DMA who give us this data to match. The data is then passed via Centrelink and used for a series of matching exercises before the outcomes are returned to the DMA.

Where we have identified the client from data provided, the following data is returned to the DMA:

  • personal identity
  • declared income
  • date of most recent tax assessment
  • amount of the spouse tax offset
  • surname and any other name details of the spouse where a spouse offset has been claimed
  • surname and any other name details
  • an indicator, if the TFN is compromised.

We conduct matching exercises against our internal data to detect cases where:

  • individuals are receiving more than one payment simultaneously
  • a lesser entitlement or no entitlement exists
  • a greater entitlement exists
  • income details of assistance agency payments are understated in tax returns.

Other data exchanges

We exchange data with Services Australia programs such as Centrelink and the Child Support Program, as well as other government agencies under separate legislative provisions, as detailed here.

Services Australia

As part of the 2019–20 budget, the government announced the expansion of Single Touch Payroll (STP) to support the social welfare system by enabling the sharing of data in near real-time between us and other Commonwealth agencies.

An expanded STP data set will be provided to Services Australia, to assist in the administration of the welfare system.

Services Australia will use STP data to make it easier for their customers to verify and report employment income and information. This will help streamline claims processes, reduce reporting burden and improve the accuracy of welfare payments.

The STP expansion also aims to streamline a range of employer reporting obligations, such as providing separation certificates, confirming employment income and child support garnishee and deduction reporting.

Collecting this additional information through STP will aim to reduce the need for many of those obligations for employers with employees who are Services Australia customers.

We will only share information with Services Australia where the individual has been identified as a customer of Services Australia.

Refer to the Services Australia websiteExternal Link for more information about the data-matching protocols between the ATO and Services Australia.


Each week we provide taxpayer identity information, derived from the processing of TFN declarations (previously employment declarations), to Centrelink. Centrelink matches this data against clients receiving unemployment benefits to ensure benefits are not paid after employment has commenced.

We pass approximately 100,000 records to Centrelink each week. Around 12% of these are found to be Centrelink clients. ATO data is provided under table item 1 in table 1 in section 355-65 of Schedule 1 to the Taxation Administration Act 1953 (TAA).

We provide taxpayer income details for the purpose of administering family assistance entitlements. This involves the daily exchange of income, family tax benefit and Child Care Subsidy data between Centrelink and us, via a mutual client register, for family assistance administration and payment reconciliation.

This information is used in the assessment of entitlements, reconciliation of payments and immediate recovery of outstanding debts to the Commonwealth. ATO data is provided under table item 6 in table 1 in section 355-65 of Schedule 1 to the TAA.

To detect Centrelink clients failing to declare assets, we match all beneficiaries against trust data from the tax return database. This identifies welfare beneficiaries who are also recipients of trust distributions. We provide details of trust income to Centrelink, along with the Centrelink reference number as an identifier. Subsequent checks determine if the trust income was declared to Centrelink at the time the entitlement to the benefit was determined. We do not pass TFNs to Centrelink. This data is provided to Centrelink under the Trust beneficiary data-matching program.

Child Support Registrar

The Child Support Registrar has access to our taxpayer income details (employment and investment income) via electronic transfer and direct access, for the purpose of assessing the amount of individuals' child support payments and for garnishee action, where appropriate.

The Child Support Registrar's acquisition of taxpayer information from the Commissioner of Taxation is provided for by the Child Support (Registration and Collection) Act 1988 and the Child Support (Assessment) Act 1989.

We can also provide information to the Child Support registrar voluntarily, for the purposes of administering the two child support Acts referred to above, under table item 7 in table 1 in section 355-65 of Schedule 1 to the TAA.

Department of Home Affairs

Department of Home Affairs (Home Affairs) onshore compliance staff request address information for individuals who have been classified as 'illegal non-citizens', to assist in locating them. Home Affairs provides name and date of birth details to us and we use this to retrieve address details. We are authorised to communicate information to Home Affairs for the purpose of assisting in locating persons who are unlawfully in Australia, under Item 3 in Table 7 in subsection 355-65 of Schedule 1 to the TAA.

Some specific information about persons who are visa holders or sponsors can also be disclosed to Home Affairs for the specific purposes set out in table item 4 in the same table.

Department of Education, Skills and Employment

From October 2021, the Department of Education, Skills and Employment (DESE) will use employment data collected through Single Touch Payroll (STP) to efficiently administer a range of apprenticeship programs.

Elements of STP, such as wage data, will be used to verify eligibility and help with calculating entitlements available to employers and their apprentices.

STP data will also support DESE to verify continued employment of the apprentice throughout their apprenticeship, reducing overpayments of incentives where the employment relationship ceases.

Our data is provided under Item 4B in Table 1 in section 355-65(2) of Schedule 1 in the TAA.

We will only share information with DESE where the employer and their apprentice (or apprentices) have been identified as a customer of DESE.

Refer to the DESE websiteExternal Link for more information about the data-matching protocols between the ATO and DESE.