ato logo
Search Suggestion:

SuperTICK user guide

This guide explains how the SuperTICK service operates. It is for the use of super funds and their intermediaries.

Last updated 12 November 2024

This document provides superannuation (super) funds and their intermediaries with guidance on how to use the SuperTICK service when validating member tax file number (TFN) and identity details.

Funds interact with SuperTICK in different ways, depending on how it is integrated with their internal business systems. You should refer to your procedures and, or your support area for information regarding the interaction between SuperTICK and your internal systems.

Email SPREnablingServices@ato.gov.au for more information or questions.

This user guide will be updated as enhancements to the SuperTICK service are made.

Background

SuperTICK enables super funds (excluding self-managed super funds), their administrators and intermediaries to match member details to information held by us using TFNs and other personal identity information. This assists with SuperStream rollover and contribution requests once a member’s details are validated.

Super funds could previously notify us of new and closed member accounts using the SuperTICK service.  New and closed member account notifications are now reported to us through the Member Account Attribute Service (MAAS). 

Once a super fund has transitioned to the MAAS they:

  • must report all new and closed accounts through the MAAS
  • can only use SuperTICK for TFN validation purposes.

See also:

Mandatory use of SuperTICK

Where a fund receives a request to rollover to another Australian Prudential Regulation Authority (APRA) regulated fund, the fund must use SuperTICK to validate the member’s TFN details in accordance with regulation 6.33D of the Superannuation Industry (Supervision) Regulations 1994, unless:

  • the fund does not hold the member’s TFN
  • the rollover request was sent by us
  • the fund has already received a successful matched response from the service (or via the MAAS).

SuperTICK may also be used to validate the TFN and identify details of current members or new applicants with the ATO client register.

Minimum message requirements legislation

Section 299TD of the Superannuation Industry (Supervision) Act 1993 (SISA 1993) requires the trustee of the super fund to provide the Commissioner of Taxation with information it believes to be either:

  • the full name, TFN and date of birth of a person
  • the full name, TFN and date of birth and address of a person.

Although our systems may accept a message with a reduced data set, Section 299TD of SISA provides the legal requirements for a SuperTICK message to receive a valid 299TD notice from the Commissioner.

Arranging access

Access to SuperTICK is automatically provided for the following super entities:

  • APRA-regulated funds
  • Approved deposit funds
  • Retirement savings account (RSA) providers.

In order to connect to the service you may need to build or purchase SBR-certified SuperTICK software. Refer to your procedures and, or support area for further information.

Access where entity type is changed

Where a super entity has changed fund type (for example, an SMSF has converted to a small APRA fund), the access to SuperTICK may not be automatically provided.

A listed contact for the entity should email SPREnablingServices@ato.gov.au to request access.

Appointing an intermediary to act on behalf of your fund

Entities required to use SuperTICK can provide authority for an intermediary to act on their behalf using Access Manager.

Supporting information for Access Manager can be found in the Help topic when you are logged in to Access Manager.

See also:

Service overview

There are two channels available to submit validation requests:

  • single service channel (providing an instant response)
  • batch and bulk service channel (most responses will be in 24–48 hours).

Channel selection depends on the number of member requests that require processing and when the response is required.

Table 1: Validation request channels

Channel

How request is lodged

When to use the channel

Timeframe for service response

Single

SBR-enabled software

When an instant response is required

95% of responses within five seconds

Batch and bulk (BBRP)

SBR-enabled software

When up to 10,000 SuperTICK requests for different members are submitted in one file for processing

Usually within 24–48 hours (depends on processing load on ATO services at the time of request)

The transaction flow lists these three validation messages:

  • unmatched
  • matched
  • matched and Corrected TFN.

See Table 2 below for more information about the transaction flow.

Table 2: Transaction flow for the SuperTICK service

Response

Meaning of response

Unmatched

No match found

Matched

Match found validate TFN only

Matched and Corrected TFN

TFN reported is incorrect. Member details have been matched to a different TFN

See also:

Using SuperTICK

The Current SBR system statusExternal Link page shows the availability of SBR systems for both production and test environments.

The ATO Superannuation DashboardExternal Link (the Dashboard) provides the service transactions in the availability charts in near real-time.

The Dashboard also provides services updates, announcements, upcoming planned system maintenance information and useful references.

Find out about:

See also:

Terms and conditions of use

SuperTICK can only be used in accordance with the terms and conditions of use that apply at the time of the transaction. Your access and use signifies your acceptance of the terms and conditions of use.

We will monitor the use of service and may contact the trustee or their authorised representative for clarification of transactions processed through the service.

Next step:

Single service channel

The SuperTICK single service channel is a web-based service accessed through software that utilises the SBR infrastructure. .You will either need to build the software or purchase software from a digital service provider (DSP) who has done this for you.

To use the SuperTICK single request service you must:

  • be using a software package that is SuperTICK-enabled
  • create a machine credential – installed via Relationship Authorisation Manager (RAM) – if you're using desktop or locally hosted software. Your digital service provider installs the machine credential if you use cloud-based software.

Next steps:

See also:

Single and batch transactions for SuperTICK are submitted using SBR messaging on the SBR ebMS3 technical platform.

Information requirements – section 299TD of SISA 1993

Providing mandatory member information and other optional information increases the likelihood of our systems establishing a ‘matched’ or ‘matched and corrected TFN’ response.

The minimum message requirements for trustees are detailed in Section 299TD of SISA 1993.

Though a message may be submitted with a reduced data set, Section 299TD of SISA 1993 requires that the trustee provide the full name, TFN and date of birth details they hold for that member to receive a 299TD response.

Where mandatory member information is not provided or provided in an incorrect format, the request from the fund or sender will be rejected and an error response message returned.

Default or invalid TFNs

In many circumstances a super fund will be unaware that a member TFN may be a default or invalid TFN.

Sometimes a fund could reasonably be expected to conclude that the TFN quoted is invalid for that member. Examples include where:

  • the code is a TFN exemption code provided by the employer (such as 111 111 111 or 444 444 444)
  • we have notified the fund that the TFN it holds is not the member’s TFN (for example, a notice under section 299TB of SISA 1993 or an associated process).

Default or invalid TFNs must not be used through SuperTICK.

See also:

Service responses

SuperTICK compares the member details received in a request from a fund against member information held in our client register.

Complex data matching processes determine whether the member details provided can be matched against our records satisfactorily.

For successfully processed messages, SuperTICK will provide one of three possible validation messages to the fund or sender:

  • matched
  • matched and corrected TFN
  • unmatched.

Find out about:

Matched

If the member details supplied are matched to an ATO client, a ‘matched’ response will be returned through the system. This response confirms the TFN data held by the fund is correct and is a notice under 299TD of SISA 1993.

The rollover and contribution processes can be commenced once the member’s details are matched and validated.

Matched and corrected TFN

SuperTICK attempts to match the member details supplied with the information listed in our client register. If a match has sufficient member information but an incorrect TFN is provided, the service will return a correct TFN.

You should update your records to delete the incorrect TFN and record the correct number.

Where a TFN is provided in the message, a corrected TFN is a notice under 299TA of SISA 1993. Penalties may apply for continuing to use the incorrect TFN.

Where a TFN is not supplied in the message and a TFN is returned, it is a notice under 299TC of SISA 1993. This means the member has provided this TFN for super purposes previously.

Unmatched

A response of ‘unmatched’ means we were unable to match the member details provided to our records with an appropriate level of confidence.

An unmatched response is not a notice under section 299TB of SISA 1993.

We may have been unable to match the member details because:

  • your member has provided you with incorrect details
  • the records we hold are incorrect
  • the TFN is compromised or duplicated on our systems
  • our data matching system cannot establish a single match.

We encourage you to check the information with the member and revalidate at the next available opportunity, or within five business days.

Where a SuperTICK request is initiated for mandatory requirements such as rollovers or the first SuperStream contribution from an employer, the trustee must make reasonable further enquiries to obtain the information if a response from the member or employer is not received within five business days after making the request.

If the member confirms the details you hold are correct, they should phone us on 13 28 61 to confirm their details. They should have a copy of a personalised ATO document (such as a personal income tax assessment from the last three years) for identity purposes.

See also:

Further information provided as part of the bulk service response

For a successful lodgment we will return:

  • a message event item informing that the super fund member’s details were matched
  • one or more message event items containing a list of warnings (for data that may be incorrect)
  • a response business document (only where a corrected TFN is provided).

For an unsuccessful lodgment we will return a message event item (or items) containing a list of errors (for data that is incorrect or incomplete).

You will need to correct the data and re-submit the request.

Summary of service responses

Table 3 below summarises the service responses and expected activity for each type of SuperTICK interaction.

Table 3: Service response summary

Service interaction

Outcome

SuperTICK response
(CMN.ATO.xxxx.xxx)

Validate TFN

Matched

GEN.OK and STIC.VALID

Validate TFN

Matched and Corrected TFN

GEN.OK and STIC.VALIDCORRECTEDTFN

Validate TFN

Unmatched

GEN.OK and STIC.NOTVALID

How to manage responses

Validating member information associated with a rollover request

Where you use SuperTICK to validate member details received in a request for a rollover to another APRA fund, the Superannuation Industry (Supervision) Regulations 1994 require you to treat the responses as follows:

  • matched – proceed with rollover
  • matched and corrected TFN – update member details and proceed with rollover
  • unmatched – trustee may request further information as specified in the regulations to support rollover request.

Validating initial registration information associated with first employer contribution

Where SuperTICK provides an unmatched response and you are validating member registration details associated with a first employer contribution, the Superannuation Industry (Supervision) Regulations 1994 require the trustee to contact the employer within five business days to confirm the member’s details.

Where a fund receives a corrected TFN, privacy regulations do not permit the fund to provide the TFN to an employer. Corrected TFNs must not be used with other ATO services, such as SuperMatch, without being confirmed by the fund member as being accurate.

Service terms and conditions

Your access and use of the SuperTICK service is governed by its terms and conditions. Use of the service signifies acceptance of these terms and conditions.

The terms and conditions form part of the legal framework of appropriate use. Compliance action may be taken where breaches are detected. Controls are in place to identify suspected fraud and address unauthorised use or access.

See also:

Appendix

Find out about:

Attachment A: Message requirements for SuperTICK

Providing your member’s address and other optional information increases the likelihood of our systems establishing a matched response.

Excluding the address when using SuperTICK can vary the result.

If you choose to provide an address, the ‘Country code’ field is optional. All other fields are mandatory.

Though a message may be submitted with a reduced data set, Section 299TD of SISA 1993 requires the trustee to provide the full name, TFN and date of birth they hold.

The tables below list whether particular data elements are compulsory or optional for SuperTICK.

Table 4: SuperTICK compulsory and optional data elements

Data element

Version 3 (STIC.0003)

Intermediary details

Mandatory

Reporting party details

Mandatory

Table 5: Super fund member details

Data element

Version 3 (STIC.0003)

Validate TFN request code

Mandatory

Tax file number (TFN) (see note 1)

Optional (see note 1)

Birth day of month (see note 1)

Optional (see note 1 and note 2)

Birth month (see note 1)

Optional (see note 1 and note 2)

Birth year

Mandatory

Family name

Mandatory

Given name (see note 1)

Mandatory

Other given name (see note 1)

Optional (see note 1)

Address details – Line 1

Optional (see note 2)

Address details – Line 2

Optional

Address details – Locality name

Optional (see note 2)

Address details – Postcode

Optional (see note 2)

Address details – State or territory code

Optional (see note 2)

Address details – Country code

Optional (see note 2)

Note 1 – Section 299TD of SISA 1993 requires a trustee to provide a full name, TFN and date of birth (address is optional).

Note 2 – Where a TFN is not provided as part of the message, the full date of birth and address must be provided.

Attachment B: Links to further information

Attachment C: Glossary

Intermediary – an organisation appointed by a super fund authorised to act on the fund’s behalf. This may include, but is not limited to, administrators and clearing houses.

Machine credentials – allow you to interact with government online services through Standard Business Reporting (SBR)-enabled software. If you use desktop or locally hosted software, you will need to create a machine credential through RAM.

Matched – this means a match has been found for the TFN supplied. Also known as a ‘valid’ response.

Member – a member of a super fund, the depositor of an approved deposit fund, the holder of an RSA or a member of an SMSF.

myID – an app you download to your smart device that allows you to prove who you are when logging in to government online services.

Relationship Authorisation Manager – an authorisation service that allows you to act on behalf of a business online when linked with your myID. You use your myID to log into RAM.

Super fund – an APRA-regulated super fund, an approved deposit fund, or an RSA provider.

SuperStream data standards – data standards that are part of the Government's Super Reform package. These standards provide a consistent, reliable electronic method of transacting linked data and payments for super. The goal is to:

  • improve the efficiency of the super system
  • improve the timeliness of processing of rollovers and contributions
  • reduce the number of lost accounts and unclaimed monies.

The standards are a set of minimum conditions for data and payment transmission including a minimum set of prescribed data. Broadly, there are five aspects:

  • a standard set of business terms and definitions (the 'definitional taxonomy')
  • a standard set of data message formats (the 'reporting taxonomy' set out in relevant message guides)
  • a messaging services standard which sets out requirements for message packaging, transport, security and receipting of messages
  • a standard format for electronic payments
  • enabling services (also referred to as 'validation services').

Unmatched – this means a match has not been found for the TFN supplied. Also known as a ‘not valid’ response.

Attachment D: Security guidelines

SuperTICK is a secure service protected by the use of machine credentials as an online security credential.

We recommend you review the information in this guide regularly. It will be updated as we become aware of issues and other relevant information, to help you maintain the highest levels of security.

Security credentials

A security credential is an electronic file and, or software used for identification purposes when transacting over the internet.

A security credential is used to establish a secure environment for online transactions. This provides you with assurance that your online transactions with us are safe by letting us know we are interacting with the right person for each transaction.

Modern security credentials make fraud very difficult. For someone to gain access to our online services and pretend they are you, they would have to be using a computer on which the credential is installed and they would have to know your password.

Every person associated with your super entity who wants to deal with us online on behalf of your Australian business number (ABN) will need their own security credential.

Looking after your security credential

The security of the information you want to guard through the use of a credential is only as good as the care you take to keep this credential protected.

Never disclose your password to anyone, including our staff or the provider of your credential.

When deciding on a password, make sure it is sufficiently complex. Your password must:

  • be at least eight characters long
  • contain numeric as well as alphabetic characters
  • have a mix of upper and lower case alphabetic characters
  • have at least one special character (for example, !, @, #).

Your role in securing your information

Technology and computers cannot safeguard information automatically. You need to protect your own and your members' information related to using this service.

We strongly recommend that you:

  • never disclose your credential password to anyone, including us or the credential's issuer
  • do not download your credential to general use computers, you should access Online services for business only from computers to which you have exclusive use, or that you share under one of the following conditions          
    • the computer is configured for multiple users
    • each person has a unique account
    • other users are individuals you can trust.
     
  • keep your computer software up-to-date, especially with security upgrades and patches (these are usually available from the licenser of the software)
  • ensure that your anti-virus software is current and running on your computer at all times – scan new programs or files for viruses before opening, running, installing or using them
  • ensure that you have anti-intrusion software (commonly referred to as a ‘firewall’) to provide added security around your information and protection from misuse of your identify
  • avoid opening, running, installing or using programs or files you have obtained from a person or organisation unless you are certain that you can trust them
  • conduct secure disposal practices (such as cleansing the hard disk) when you dispose your computer.

What to do if someone obtains your password or your phone or computer is stolen

This situation should be treated with the same degree of urgency that you would give to the loss of a credit card.

See also:

QC35377