What Gumshoe Actually Checks: Inside the Data Behind the Verdict

Every supplier verification result you see in Gumshoe comes with a score and a set of tiles. Behind those tiles is something that took a long time to build: a data collection and cross-referencing pipeline that pulls from dozens of independent sources, reconciles them against each other, and surfaces the contradictions — not just the confirmations.

This post explains the logic of what we check, why we check it that way, and what it looks like when data from different directions points to the same thing.

The First Layer: Who Are They, Officially

The foundation is identity — ABN status, GST registration, entity type, and the ASIC records that sit behind registered companies. This part is well-understood and many tools do it. An active ABN tells you the entity exists and is current. A registered company with ASIC tells you there is a structure behind the name. GST registration tells you they are large enough or active enough to have crossed that threshold.

What matters is what comes next. A clean identity record is the floor, not the ceiling. Almost every supplier that will cause you problems has a clean ABN. The fraud is in the gap between the identity record and everything else.

The Second Layer: Independent Registers

SUPPLIER VERIFICATION RISKS

Risk Type	Risk Description	Risk Level
Incorrect Address	Physical signals mismatch	High
Domain Hijacking	Domain infrastructure issues	Medium
Outdated Records	Government registers not updated	Low
Online Presence	Discrepancies in online data	Medium
False Identity	Multiple identities detected	High

Beyond identity, there is a collection of government and statutory registers that cover specific risk categories. ASIC maintains registers for insolvency actions, banned directors, financial services licences, financial advisers, and business name registrations. The Tax Practitioners Board maintains the registered tax agent and BAS agent lists. APRA and the Australian Charities and Not-for-profits Commission each maintain their own entity registers. The ATO publishes super guarantee non-compliance and tax debt data.

These are not the same data. They come from different agencies with different mandates and different publication cadences. A company that looks clean in one register may appear in another. The value of pulling them all is that you can check all of them in a single pass — rather than the supplier's procurement contact having to manually check seven separate government websites, each with its own search interface.

The Third Layer: Domain and Digital Infrastructure

A company name and an ABN exist in government databases. A functioning business also leaves a footprint in domain infrastructure — a registered domain, DNS records, SSL certificate history, WHOIS registration details, email deliverability signals. These signals do not come from government registers; they come from the internet's own record-keeping infrastructure.

Gumshoe builds domain candidates from entity names algorithmically — generating plausible domain variations, probing which ones resolve, checking certificate histories to determine how long the domain has actually been active, and running domain reputation checks against independent blacklists. A company that registered its ABN three years ago but whose domain is six weeks old is worth a second look. A domain on multiple spam blacklists is a different signal entirely.

The cross-check here is between what the government record says (entity registered, trading name active) and what the internet infrastructure says (this domain does not exist, or exists but is flagged). A supplier can pass every ABR and ASIC check and still have a digital footprint that raises questions.

"The ABN lookup tells you who they say they are. The domain check tells you how long they've been saying it — and whether the internet has any other opinion on the matter."

The Fourth Layer: Physical and Address Signals

Registered addresses can be post office boxes, mail forwarding services, or shared registered office addresses used by dozens of entities. A supplier operating out of a residential address in a suburb inconsistent with their stated industry is a different proposition to one operating from a commercial warehouse. A business that lists a CBD address but whose ASIC-registered office is the same address as 200 other companies registered by the same agent is a different signal again.

For addresses that can be physically located, Gumshoe checks street-level imagery where available — not to build a surveillance picture, but to answer a single practical question: does this address look like what a business in this industry would actually occupy? A plumbing company's address resolving to a residential front yard, or to a vacant lot, or to a shipping container facility with no signage is a fact worth knowing before you issue a payment.

The Fifth Layer: Online Presence and Social Signals

A legitimate business operating in a competitive sector and seeking ongoing commercial relationships typically has a web presence. Not necessarily a sophisticated one, but a consistent one. The website has been online for some time. The domain is registered in their name or a related name. There are social media profiles that have been active and consistent with the business's stated operations.

Gumshoe scans homepage HTML for linked social profiles, then independently probes likely profile locations — LinkedIn, Facebook, Instagram — based on entity name slug generation. Where a public aggregator page exists that links across platforms, that too is checked and the links extracted. The goal is not to grade the quality of the supplier's social media; it is to check whether any consistent online presence exists at all, and whether it lines up with everything else in the record.

Cross-Checking: Where the Real Work Happens

The most important thing about all of these layers is that they are independent. Government registers do not talk to domain registrars. ASIC does not check LinkedIn. A supplier's homepage does not know what is in the insolvency gazette. Each source is maintained by a different party for a different purpose, with no coordination.

That independence is the value. When multiple independent sources all point to the same entity and paint a consistent picture — ABN active, ASIC clean, domain registered to matching entity, trading for several years, consistent social presence, commercial address, no blacklist appearances — the convergence of independent signals is meaningful. Not proof of legitimacy, but meaningful evidence pointing in the same direction.

When they diverge, the divergence is a thread worth pulling. A company with a pristine government record but a domain registered last month, no verifiable social presence, and a residential address in a suburb three hours from their stated operating area is not necessarily fraud. But the divergence between the official record and every other signal warrants a phone call before an invoice gets paid.

"It is not that any one signal proves anything. It is that when twelve independent signals all point at the same answer, that answer is probably right — and when they do not, that is the story."

What We Do Not Do

Gumshoe does not have access to private commercial databases, credit bureau files, or non-public government records. Everything here is sourced from public registers and publicly accessible infrastructure — the kind of data that any sufficiently determined person could check manually, if they had the time and knew where to look.

The product is the assembly of that public data into a single coherent picture, cross-checked in real time, returned in seconds rather than hours. The data itself is already out there. The gap we fill is in the collection, the reconciliation, and the surfacing of what matters — so that a bookkeeper running payments on Friday morning does not need to be a specialist in every government register that might be relevant.

Why It Is Always Incomplete

No data pipeline covering Australian public registers is ever current in the way a live transaction system is current. Registers are updated on different schedules. Some are updated daily, some weekly, some when the relevant agency processes an application. The data Gumshoe draws on reflects the state of those registers at the most recent refresh, not the state of the world at the exact moment of your check.

This is a known and unavoidable limitation. A company can enter administration on a Thursday and the insolvency gazette entry may not appear until Monday. A director can be banned and the ASIC register not yet reflect it. The checks are designed to catch the patterns that are already recorded — not to predict what will be recorded in the future.

What the checks do well is surface signals that are already there and already public, but that no one had the time to go looking for before the invoice was approved. That is the practical value: not omniscience, but thoroughness on the data that already exists.

The Practical Upshot

When you run a check in Gumshoe and see a score above 80, it reflects a picture where multiple independent data layers have returned consistent signals. When you see caution flags, they reflect specific divergences between what one source says and what another shows. When you see a low score, it means that across several independent sources, the picture does not add up.

The value of running the check is not that it replaces judgment. It is that it gives you a structured picture of what the public record actually says about this entity — from multiple directions, in a few seconds — so that your judgment is applied to a complete picture rather than a single record.

A sole trader running a small business with a two-year-old ABN, a matching domain registered to the same name, a LinkedIn company page that has been active since registration, a commercial address that checks out, and no appearances on any adverse register is almost certainly not the problem. A company with the same ABN age, no domain, no social presence, a residential address, and a director who appears on the ASIC banned list tells a different story entirely — even if the ABN lookup came back clean.

That difference is what Gumshoe is built to find.

New Data Sources Added — June 2026

We have significantly expanded our data layer since this article was first published. Here is what has been added:

Workforce & Employment

• WGEA Employer Register 2025 — 8,240 employers with mandatory gender equality reporting (100+ employees). Shows workforce gender split, women in management ratio, and industry sector. Source: Workplace Gender Equality Agency public dataset.
• ASIC Financial Advisers Register — 88,614 adviser records (was empty, now fully loaded). Checks whether a firm's principals hold or held a current AFS licence or have been banned from giving financial advice.

Corporate Transparency

• ATO R&D Tax Incentive 2022-23 — 13,133 companies claiming the R&D tax offset, totalling A$16.5B in registered R&D expenditure. Atlassian, Cochlear, CSL, Fortescue among the top claimants. A positive innovation signal for supplier assessment.
• ATO Corporate Tax Transparency — 4,119 large entities with total income above A$100M. Shows total income, taxable income, and effective tax rate.
• ACNC Annual Information Statement 2024 — Full financials for 53,604 registered charities: revenue, assets, staff FTE, volunteer count. Now surfaced in charity tile results.

ESG & Voluntary Compliance

• B Corp Certification — Live lookup against the B Lab directory for ~600 Australian Certified B Corporations. B Corp status requires an independent social/environmental audit (B Impact Assessment ≥ 80).
• Modern Slavery Register — Live scrape of the Australian Government Modern Slavery Register (17,225+ statements). Mandatory for entities with consolidated revenue ≥ A$100M. Non-lodgement by large entities is a compliance flag.
• ATO Business Industry Codes 2026 — 581 BIC codes mapped to ANZSIC sectors. Enables human-readable industry labels on any ABN lookup.

NDIS Sector Intelligence

• NDIS Support Payments 2026 — 120,000 rows of payment data: A$39B in Core Supports, A$9.2B Capacity Building, A$1.5B Capital Supports. Filterable by state, service district, and support class.
• NDIS Participant Projections — Forecasts to 2035 by service district. 646,000+ active participants nationally, growing to 304,000+ in NSW alone by 2035.

We now cross-reference supplier ABNs across 35+ distinct databases. Every new data source that yields a result is cited with its source URL and data freshness timestamp in the tile detail view.

Uncommon Insights

Uncommon Insight 1: What appears to be a clean ABN record may still mask underlying issues. ASIC's records, for instance, may not always reflect the current status of a company, as Section 601AD of the Corporations Act allows for a 28-day window for updating records after a change. This gap can be exploited by unscrupulous suppliers, making it crucial to cross-check against other data sources. Gumshoe's multi-source verification helps mitigate this risk by incorporating data from other government agencies, such as the ATO and APRA, to provide a more comprehensive view of the supplier's legitimacy.

Uncommon Insight 2: The ATO's tax debt data, while publicly available, is often overlooked in supplier verification processes. However, this data can be a valuable indicator of a supplier's financial stability and compliance with tax laws. By incorporating this data into its verification pipeline, Gumshoe can help identify potential risks associated with suppliers who have outstanding tax debts or a history of non-compliance. This is particularly relevant given the ATO's increased focus on tax debt recovery, as outlined in its 2022-23 Compliance Program.

Uncommon Insight 3: ASIC's banned director register is not always up-to-date, and a manual search may not capture all relevant information. Section 206F of the Corporations Act requires ASIC to maintain a register of disqualified persons, but this register may not reflect the current status of an individual if their disqualification is pending or under appeal. Gumshoe's automated verification process can help identify potential issues with directors or officers of a supplier company, even if the ASIC register is not current.

Uncommon Insight 4: The Australian Charities and Not-for-profits Commission (ACNC) register is often overlooked in supplier verification processes, but it can provide valuable insights into the legitimacy and financial stability of not-for-profit suppliers. By incorporating ACNC data into its verification pipeline, Gumshoe can help identify potential risks associated with not-for-profit suppliers who may be experiencing financial difficulties or have been deregistered. This is particularly relevant given the ACNC's increased focus on charity compliance and governance, as outlined in its 2022-23 Corporate Plan.