Payroll Fraud

  • James Finlay FMAAT, CFE, PCPJames Finlay FMAAT, CFE, PCP
    Member since Jun 2022

      Payroll Fraud can come in the form of many different schemes.
      Has anyone encountered payroll fraud?
      Can you describe the circumstances? (no need for company / employee names)
      How was it handled, i.e. was the perpetrator fired / charged / convicted?
      What changes / processes were made after the fraud was uncovered to stop it from happening again?

      October 17, 2022 at 20:54
    • Katie RothertKatie Rothert
      Member since Jun 2022

        I haven’t see any payroll fraud, but am experiencing a huge increase in the number of phishing emails asking me to change employee’s bank account information. Any one else experiencing this?

        October 19, 2022 at 16:33
        • James Finlay FMAAT, CFE, PCPJames Finlay FMAAT, CFE, PCP
          Member since Jun 2022

            Hi Katie, yes this is becoming more common. We just need to keep vigilant by checking the real sender of the message. When changing bank details from employees, I request either a hard copy in person or an encrypted pdf with the password send via text message on the work phone. Prior to making the change I call the employee for a verbal conformation.

            October 19, 2022 at 17:09
        • Norma CroneNorma Crone
          Member since Jan 2023

            We are often dealing with employees at distance. We now require a PDF of their banking information from the financial institution clearly identifying the employee’s name on the account, along with a copy of the employee’s picture ID. HR follow up with verbal confirmation.

            This is becoming way too common.

            January 2, 2023 at 10:03
          • Anonymous

              I’m also receiving many phishing emails asking me to change employee’s bank account information.

              April 18, 2023 at 21:13
            • Stacey Wood PCPStacey Wood PCP
              Board of Advisors

                The increase in phishing emails “from” an employee asking to change banking is staggering! We’ve even seen one recently that had a bank direct deposit form attached–the account holder name had been altered to an employee’s name.

                My practice is to confirm via a separate email (separate from the request) if the employee actually wants to make the change. If so, we require the actual direct deposit form from their financial institution prior to initializing a change; if not, no change is made. So far, every one has been either a phish or spoof email.

                April 21, 2023 at 11:14
                • Dipti PandyaDipti Pandya
                  Member since Sep 2022

                    I do the same. I receive average 1 phishing email a month. I ask the employee whose name was used for the banking change request on team message and i also send the snip shot of the email received to confirm if this was sent from them.

                    May 4, 2023 at 09:11
                • Elisabeth WhitsonElisabeth Whitson
                  Member since Jan 2023

                    Interestingly, both payroll fraud stories I have were by middle managers.
                    In one case the manager had “rehired” a former employee on a casual basis with an established EEId and SIN. The bank deposit form was filled out manually rather than including a cheque – the bank account ended up corresponding to the managers account on file for expense reimbursement (they used a different account for payroll deposit). Deposits had occurred for a couple of months before anyone caught on. Manager was dismissed, and verification reports started to go to 2nd level mgrs bi-weekly.
                    The second situation was where the manager, on compassionate grounds, continued to approve salary for an employee on sick leave. Employee apparently had no idea how much sick time they were entitled to and didn’t realize there was an issue. Manager was given escalated warning, employee’s sick bank was exhausted to payback a partial of what was owed, employee was not required to pay it all back.

                    May 19, 2023 at 18:04
                  • Margaret GenettiMargaret Genetti
                    Member since Jul 2022

                      Boot allowance has recently come up. Employees were providing receipts for boots, and then returning them. Another instance, the company providing the receipts, were providing ‘fake’ receipts.

                      Another example of fraud. Our public works department had an employee using large equipment for personal income during work time. They employee didn’t realize there was a GPS on the equipment, and was caught.

                      June 13, 2023 at 14:02
                    • Trina Anderson, PCPTrina Anderson, PCP
                      Member since Aug 2022

                        We provide tool allowances to our service techs and we had many of them submitting their receipts for reimbursement and then returning the tool without having brought them into the shop. We now make sure that we keep a list of the type tools being reimbursed and manager/shop foreman ensures that it is being used for at least a month before we complete the reimbursement.

                        I’ve also seen a huge increase in requests for a change of banking information. Our employees have access to their profile to update their banking themselves so encourage them to do so. If I have to make the change, I verbally contact them and ask security questions to confirm their identity and also confirm with their direct superior in person that this change is legit.

                        June 13, 2023 at 15:06
                      • Denise BurnettDenise Burnett
                        Member since Apr 2022

                          I have not experienced this but we have multiple checks and balances in place to prevent any payroll mistakes (intentional or accidental) from occurring.

                          August 8, 2023 at 10:35
                        • Harman Dhatt PCPHarman Dhatt PCP
                          Member since Sep 2022

                            I have experience with phishing emails on bank accounts. I always call the person to confirm. We are using BambooHR. I also told employees that if they change their banking information, they must do it through BambooHR.

                            August 14, 2023 at 11:58
                          • Diane PetersDiane Peters
                            Member since Nov 2023

                              Related to Payroll Fraud subject, I am wondering if your company requests a copy of employee’s SIN card / document as part of onboarding? Or just accept SIN as provided by employee on their TD1 forms?

                              November 8, 2023 at 11:40
                            • Lanelle BerardiLanelle Berardi
                              Member since Sep 2022

                                So many phishing emails pretending to be employees that want to change their banking info. We use Dayforce and have it locked down so that banking changes need to be approved by a Cliet Admin Role, in case an employee’s account gets compromised. We also ask for a EFT form or void cheque as backup.

                                November 8, 2023 at 13:36
                              • Leslie AlbrightLeslie Albright
                                Member since Mar 2023

                                  The most we have in fraud are outside agencies attempting to change employees bank accounts.

                                  They tell us they need to update their deposit info and what would we need to do that. We now make all changes go thru HR on a validated bank form. Changes also must come from our inhouse address not a personal email address.

                                  We did get caught once and by the time we new and pulled the deposit back they had already closed the account. we lost…

                                  December 14, 2023 at 18:36