Fight Payroll Direct Deposit Fraud
Fraudsters may attempt to re-rout electronic payroll deposits to themselves through fraudulent requests to change the destination account. This could occur in an email purporting to be from an employee, or in a fraudulent direct depository change request form.
It is important to be aware of this threat and protect your payroll system with internal controls. Here are some specific controls to consider:
- Verify each request by contacting the employee directly -- in person, or using a phone number you can rely on.
- Require the employee to provide an original signed ACH form; not an electronic form.
- Take ACH forms off the internet, and only provide them to an internal or external address on file.
- On an ACH form, require that the employee to provide the previous bank routing and account number for verification.
- Require multiple approvals.
Date this Avoiding Pitfall was most recently published: 10/15/2021