My husband recently experienced identity theft. Our mail was stolen, and tax information was gathered. In the course of a few weeks, over 12 credit cards were opened as well as a bank account. My husband has been on the phone constantly with credit card companies, credit bureaus and the police to resolve the matter, but we know that this will be a long process and we will have to be vigilant. Everyone must be vigilant to protect their information and assets. Criminals are more sophisticated now and more creative.
In the payroll business, I see attempted fraud on a regular basis. Employers are the victims of these crimes and protective measures need to be in place. Payroll fraud comes in many guises and is often hard to identify:
- Time sheet fraud. Often referred to as “buddy punching,” this type of fraud involves an employee adding unauthorized hours to his or her time sheet. This may go unnoticed for a long time because it may be done in small increments, a few hours here and there.
- Ghost employees. This is usually committed by an employee who is trusted and has access to payroll. A “ghost” employee is set up in the system to receive direct deposits.
- Payroll diversion scam. This is the most common scam we are seeing now. Typically, the HR representative receives an email that appears to be from an employee of the company requesting to change the direct deposit for the current pay period. Once payroll processes, the pay for the employee is diverted to this wrong account. Propel HR recently stopped such a transaction that included a large year-end bonus that was routed to a pay card that our system recognized as fraudulent. The FBI reports that the average dollar loss reported in direct deposit change requests is $7,904.
- Keep staff informed. Through formal cybertraining or regular communication on scams and security measures, employees need to be able to recognize phishing and spoofing emails as well as other potential threats.
- Review and constantly update IT. It is important that cybersecurity is a focal point of IT needs. If the company is too small to maintain its own IT department, consider outsourcing and have the firm provide regular security assessments.
- Embrace protective technology. Yes, it may be a pain to open an encrypted email, but it is worth the trouble. Email encryption is a simple way to protect employee data. Other tools that are simple and can greatly reduce fraud are multi-factor authentication for payroll access and using a positive-pay fraud-prevention system, offered by most commercial banks, to verify all checks presented. Also, require employees to regularly change their passwords.
- Implement controls. Set up proper security measures for employees with payroll access. There needs to be a system of checks and balances, and permission levels should be regularly reviewed.
- Scrutinize payroll reports. This is the most important step of the process and should be performed by both the HR representative tasked with payroll as well as a senior person in the company. Review the final payroll register for accuracy. Look for ghost employees, padded hours, and any unauthorized advances or changes. This not only reduces your risk for payroll fraud but also gives you time to catch any honest mistakes.
- Pick up the phone. This sounds too simple, but it may be the most effective way to prevent payroll diversion. If you receive an email request to change a direct deposit account, pick up the phone and confirm with the employee. However, call the number in the company directory, not the phone number on the email signature line.
Payroll fraud is real. The victims are both hardworking employees and the companies that employ them. But fraud can be prevented. It is important that we are all more aware and are more vigilant around email, internet and payroll processes. There are simple things we can all do to make our data safer. As for my family, we installed a locking mailbox and placed a credit freeze on our accounts. It may seem a little excessive, but it gives us peace of mind that we can take steps to protect our data and assets. Wouldn’t you have more peace of mind if you knew you were taking all steps to protect payroll?
For more expert HR insights, visit www.MyPropelPro.com/ubjblog.
About Propel HR
Propel HR is an IRS-certified PEO that has been a leading provider of human resources and payroll solutions for more than 20 years. Propel partners with small to midsize businesses to manage payroll, employee benefits, compliance and risks, and other HR functions in a way that maximizes efficiency and reduces costs. For more information, visit www.propelhr.com.