We’re pleased to provide you with insights like these from Boston Private. Boston Private is now an SVB company. Together we’re well positioned to offer you the service, understanding, guidance and solutions to help you discover opportunities and build wealth – now and in the future.
Tips to help prevent direct deposit fraud schemes
There are many forms of payroll fraud, and even the smallest companies must prioritize fraud protection to avoid becoming a victim. The Internal Revenue Service recently highlighted an increase in schemes involving corporate payroll departments. But how do you know when fraud has taken place and what can the leaders in your company do to mitigate risks?
How does payroll fraud occur?
Picture this: a payroll employee receives an email from a senior executive requesting an update to the bank account on file for their payroll direct deposit. The email asks for the change to take place immediately and not to call the executive to confirm because they're in a series of meetings, or about to catch a flight. The request to update the bank account on file is well-written and includes a new bank account and routing number for subsequent deposits. Apart from the fact that the email supposedly comes from a senior executive, it's unremarkable. Yet the executive did not initiate the request. Although their name appears as the sender of the email, the criminal behind the fraud used a free email service such as Gmail to create the account.
Had the company's payroll department followed the email's directions, they would have deposited the executive's paycheck in an account controlled by a criminal. Upon discovery, the company would then need to find the funds to make a second deposit into the executive's original bank account.
Finance and HR: Partners against crime
Stopping payroll fraud schemes requires a strong partnership between your company's finance and human resources departments for an overall commitment to fraud protection. Here are some tips and recommendations to strengthen your company's fraud prevention efforts:
- Educate employees: For many fraud schemes to succeed, employees must view a transaction as routine. Provide employees with training on how to spot red flags associated with fraud schemes. Additionally, provide real-world examples to test their ability to spot fraud attempts.
- Create a process: While it's tempting to process requests from senior executives quickly, to prevent fraud, create a process to ensure the legitimacy of a request. For example, instead of accepting an email from an executive to change their direct deposit information, require the completion of a company form. Additionally, establish service level agreements relating to changes to direct deposit that allow the payroll team sufficient time to scrutinize a request.
- Confirm via multiple channels: Having processed the request, notify the employee of the upcoming change via email, a letter to their primary residence and via phone. Make sure to provide the employee with the means to alert the company if they did not make the request.
- Verify the person's identity: It's important to know who you're speaking with. Be sure to gather all of the messaging details beyond the email address to ensure that the email is coming from and going to the right person. Utilize the kind of information or tools that you and your employees use on a regular basis to help verify the executive's identity — perhaps something that fraudsters may not be privy to.
- Include vendors and partners: Criminals don't limit their efforts to employee direct deposits. Make sure your accounts payable department follows a similar process relating to payments to vendors and third parties, particularly the process of notifying the company of changes via email, mail and phone.
Criminals use psychological tricks to convince their victims to act. While the emails that criminals send attempt to create a sense of urgency, your finance and HR teams should resist the temptation to act and instead take the time to scrutinize every request closely.