Shielding Your Payroll from Digital Pickpockets: A Business Owner’s Guide to Preventing Direct Deposit Fraud - Allevity

In the ever-evolving landscape of business operations, direct deposit fraud has emerged as a significant concern, and it is more common than you think. As cybercriminals become more sophisticated, safeguarding your company’s payroll system is essential. 

How Does Direct Deposit Fraud Occur?

Direct deposit fraud, also referred to as payroll diversion fraud, is a cybercriminal tactic aiming to reroute direct deposits into an unauthorized bank account under the criminal’s control. These schemes begin with phishing attacks, where fraudsters spoof an employee’s email address and request a change to an employee’s direct deposit account. These emails frequently appear legitimate, with no obvious indicator of fraud. Most of the time, it isn’t until an employee reaches out asking why they haven’t received their paycheck that anyone realizes something is wrong.

How do I Protect my Company?

Employee Education: Awareness is your first line of defense. Train your staff to recognize phishing attempts and in secure handling of payroll information. Additionally, here are a few tips from the FBI Internet Crime Compliance Center (IC3)

• Alert and educate your workforce, including preventative strategies and appropriate measures should a breach occur.
• Instruct employees to hover their cursor over hyperlinks included in emails to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
• Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any email.

Secure Payroll Processes: Implement stringent verification processes for any changes to payroll information. We recommend you consider the following actions.

• Verbal confirmation of all change requests: Do not accept changes to direct deposit credentials through email. Pairing a verbal request with a standardized request form adds additional security that makes spoofing harder. This is the process we use at Allevity. We always require verbal confirmation, along with our official change form.

Tip:  Do not use the email address or any contact information from the original communication.  No matter how the request comes,  always use your own contact information on record and contact the person requesting the change for confirmation.  

• Confirmation of funds: A deposit of a few cents is made via direct debit. The change is confirmed when the employee reports back the exact deposit amounts.
• Direct deposit pre-note: On the payday following a change, the employee receives a live check and a “pre-note”—a zero-dollar ($0.00) deposit in their account. This process allows confirmation of the deposit without risk of loss, while ensuring the employee is paid on time. This minor one-time inconvenience is worth the added level of security it provides.

Collaboration with Financial Institutions: Work closely with your bank to understand their fraud prevention tools. 

Company Culture: Fostering an organizational culture that prioritizes security mitigates the risk of direct deposit fraud. Encouraging employees to report suspicious activities and being transparent about the steps your company takes to prevent fraud can also bolster a collective effort toward safeguarding your business.

In Case of Fraud

Despite best efforts, should your company fall victim to direct deposit fraud, it’s critical to act swiftly. Notify your bank immediately to attempt to recover diverted funds. Report the incident to appropriate law enforcement agencies, and consider seeking legal advice to navigate the aftermath.

Tip:  Many employees live paycheck to paycheck. Remedy the situation for your employee immediately, even if you have not been able to recoup lost funds.

Conclusion

Direct deposit fraud is becoming more prevalent and costs businesses a lot of money each year. Limit your exposure by implementing our recommendations and staying vigilant.If you have any questions regarding how best to protect yourself from direct deposit fraud or are interested in learning more about our secure payroll services, please give us a call at 1.800.447.8233