- How Can Executives Successfully Navigate Disruption?
- How to Enhance Employee Motivation to Increase Productivity
- 5 Tips on Hiring Executives for Your Core Team
- Transferring a Business to Your Children
- Are You Contemplating or About to Sell Your Business?
- Find Business Advisors You Can Trust
- Relationship Banking: The Business Owner Benefits
- Managing Cash Flow for Privately Held Businesses in the Wake of the Trade War
- The Right Benefits Package to Positively Affect Company Growth
- Company Culture Update: The Impact of Technology on Culture
- Don't Underestimate the Importance of Company Culture
- How to Align Your Corporate Social Responsibility Program With Your Values
- House of Representatives Advances Retirement Plan Reforms for Small Businesses and Investors
- How Business Leaders Can Work Together to Help Prevent Payroll Fraud
- Protecting Your Business: How to Prevent Financial Fraud
- The Cost of a Data Protection Plan for Your Growing Business
- Business Email Compromise Defined
- Seven Ways to Prevent Malware
- Fake Check Scams On the Rise – How to Protect Your Business
How Business Leaders Can Work Together to Help Prevent Payroll Fraud
Tips to help prevent direct deposit fraud schemes
There are many forms of payroll fraud, and even the smallest companies must prioritize fraud protection to avoid becoming a victim. The Internal Revenue Service recently highlighted an increase in schemes involving corporate payroll departments. But how do you know when fraud has taken place and what can the leaders in your company do to mitigate risks?
How Does Payroll Fraud Occur?
Picture this: a payroll employee receives an email from a senior executive requesting an update to the bank account on file for their payroll direct deposit. The email asks for the change to take place immediately and not to call the executive to confirm because they're in a series of meetings, or about to catch a flight. The request to update the bank account on file is well-written and includes a new bank account and routing number for subsequent deposits. Apart from the fact that the email supposedly comes from a senior executive, it's unremarkable. Yet the executive did not initiate the request. Although their name appears as the sender of the email, the criminal behind the fraud used a free email service such as Gmail to create the account.
Had the company's payroll department followed the email's directions, they would have deposited the executive's paycheck in an account controlled by a criminal. Upon discovery, the company would then need to find the funds to make a second deposit into the executive's original bank account.
Finance and HR: Partners Against Crime
Stopping payroll fraud schemes requires a strong partnership between your company's finance and human resources departments for an overall commitment to fraud protection. Here are some tips and recommendations to strengthen your company's fraud prevention efforts:
- Educate Employees: For many fraud schemes to succeed, employees must view a transaction as routine. Provide employees with training on how to spot red flags associated with fraud schemes. Additionally, provide real-world examples to test their ability to spot fraud attempts.
- Create a Process: While it's tempting to process requests from senior executives quickly, to prevent fraud, create a process to ensure the legitimacy of a request. For example, instead of accepting an email from an executive to change their direct deposit information, require the completion of a company form. Additionally, establish service level agreements relating to changes to direct deposit that allow the payroll team sufficient time to scrutinize a request.
- Confirm via Multiple Channels: Having processed the request, notify the employee of the upcoming change via email, a letter to their primary residence and via phone. Make sure to provide the employee with the means to alert the company if they did not make the request.
- Verify the Person's Identity: It's important to know who you're speaking with. Be sure to gather all of the messaging details beyond the email address to ensure that the email is coming from and going to the right person. Utilize the kind of information or tools that you and your employees use on a regular basis to help verify the executive's identity — perhaps something that fraudsters may not be privy to.
- Include Vendors and Partners: Criminals don't limit their efforts to employee direct deposits. Make sure your accounts payable department follows a similar process relating to payments to vendors and third parties, particularly the process of notifying the company of changes via email, mail and phone.
Criminals use psychological tricks to convince their victims to act. While the emails that criminals send attempt to create a sense of urgency, your finance and HR teams should resist the temptation to act and instead take the time to scrutinize every request closely.
For most business owners, especially those experiencing rapid growth, worrying about the impact of a cyber-attack may not be a top priority. We provide insight on how we partner with businesses to mitigate these cyber-attack risks.
You may also like
The opinions expressed and information contained in any article published in the Vault are given in good faith and considered reliable. However, such opinions and information are subject to change without notice and are provided only as of the date issued. Neither Boston Private nor its affiliates warrant the completeness or accuracy of such information. Any third-party opinion is solely the opinion of its author and does not necessarily reflect the opinion of Boston Private or its affiliates. The materials on this website are for informational purposes only and do not take into account your particular investment objective, financial situation or need. Since each client’s situation is unique, you should consult your financial advisor and/or tax planning professional before acting on any information provided herein.