Fight Payroll Direct Deposit Fraud

Fraudsters may attempt to re-route electronic payroll deposits to themselves through fraudulent requests to change the destination account. This could occur in an email purporting to be from an employee, or in a fraudulent direct depository change request form.

It is important to be aware of this threat and protect your payroll system with internal controls. Here are some specific controls to consider:

• Verify each request by contacting the employee directly -- in person, or using a phone number you can rely on.
• Require the employee to provide an original signed ACH form; not an electronic form.
• Take ACH forms off the internet, and only provide them to an internal or external address on file.
• On an ACH form, require that the employee to provide the previous bank routing and account number for verification.
• Require multiple approvals.

For additional information, see the League of Minnesota Cities Electronic Funds Transfer Fraud. See also, GFOA publication Bank Account Fraud Prevention.

Date this Avoiding Pitfall was most recently published: 3/8/2024