Preventing today's sophisticated payroll fraud requires businesses to examine their internal digital security practices.
Payroll fraud, which involves the theft of money via an company's payroll processing system, unfortunately happens with alarming frequency and comes with substantial price tags. According to the Association of Certified Fraud Examiners (ACFE), payroll fraud generates a median loss of more than $100,000 and typically takes 30 months to detect. Furthermore, the ACFE also found that payroll fraud takes place more frequently at smaller companies with 100 employees or less, versus companies with larger payrolls.
As explained by Tim Ogden, ADP's VP of Global Fraud, "Fraud attacks have become increasingly sophisticated. One type of payroll fraud we often see happens when one of our clients or employees receive emails posing to be from ADP. They click on the email, enter their ADP credentials and then their information gets compromised. The person committing the fraud then logs into the employee or HR administrator's account using the real credentials and adds the 'ghost' employee or changes the banking email. Sometimes the fraudster even takes over the email address of the compromised employee and confirmation emails are deleted."
A Proactive Approach is Key
While the security measures ADP takes as a payroll provider are important in keeping a company and their employees safe, it's crucial that the company also takes their own precautions by following or implementing internal digital security practices. Ogden says these include:
- Implementing a policy that requires all bank account and W-4 changes to be done in person, or over the phone – not by email.
- If email is required, emails from employees asking to change bank account information or run ad hoc, bonus or odd payrolls should require additional confirmation, as well as validation that takes place outside of email.
- Periodically run W-4 informational audits on all employees in the payroll system to ensure that there are no discrepancies.
- Implement employee training to highlight the risks of phishing emails, especially for HR administration, and highlight schemes that target payroll.
- Remind employees that using username and passwords across multiple accounts is ill-advised. That's because fraudsters may steal passwords from other compromised sites and then try their luck at other sites hoping that users reused the same information.
For the most part, stopping payroll fraud doesn't require major changes in how your company pays its employees. However, it does require a willingness to adopt countermeasures designed to make theft by payroll more difficult.
With a dedicated fraud prevention program, ever-evolving anti-fraud practices, and cutting-edge technology, ADP works hard to protect our clients' funds and personal information, and addresses disruptions immediately.
- Download the ADP Research Institute® report on The Evolution of Pay.
- Fighting Payroll Fraud? Combine Education and Oversight for Best Results