Direct deposit scams and fraud are on the rise! We all must do our part to ensure that employee direct deposits are not sent to scammers. Fraudsters are using publicly available information like social media to target employers, HR staff and employees in an attempt to steal their direct deposits.
The most secure way for an employee to change their direct deposit account is to do so themselves through our secure payroll system. Changing direct deposit accounts is very easy for employees to do through myhrstuff.com or as an admin through isolved. isolved uses enhanced security and multifactor authentication to prevent fraudulent access. Step-by-step instructions on how to change direct deposit information is available at papertrails.com/help.
Here is the most recent scenario that has been catching employers and payroll companies:
The company or payroll company will receive an email, allegedly from their employee requesting that their direct deposit account be changed. The form may or may not be on company/official direct deposit form. Often, the new direct deposit account being requested is going to a pay card or far away bank. The company sets up the new direct deposit and come pay day, funds are deposited to the newly requested account. However, it was never the actual employee who requested the change, and the funds have been sent to the fraudster – never to be seen again.
How do I Protect My Company and My Employees from Direct Deposit Fraud?
- Require employees to log into myhrstuff.com to update their direct deposit information themselves. This is a secure website with multi-factor authentication to ensure that employees really are who they say they are and eliminates the middleman when employees are updating their account information. Step-by-step instructions on how to change direct deposit information is available at papertrails.com/help.
- Do not accept direct deposit changes from employees via email! It is easy for spoofers to create a fake Gmail account or hack an employee’s email account and pretend to be the employee. Always verify with the employee in person or by phone that they actually want to change their direct deposit information and that the information being submitted to payroll is accurate.
Require a voided check or letter from the employees’ bank to verify that routing and account information is correct. Direct deposit funds sent to the incorrect account cannot always be recovered if they are sent to the incorrect account.- Ensure that your employees are using strong passwords for online applications, including their personal and work email accounts. Always use multi-factor authentication for personal and business email accounts. Fraudsters have also been known to hack email accounts and request changes from the employee’s legitimate email account .
- If employees are using a pay card or if the banking looks suspicious, always triple check that it is the employee submitting the change and that the account information is correct. Pay cards are notorious for fraud and funds can almost never be recovered if sent to the incorrect account.
How does Paper Trails help me to avoid direct deposit fraud?
- Paper Trails no longer processes direct deposit changes on behalf of employees. We require employees or company administrators to log in to make these changes. We do not want to add another middleman to the process which increases the chance of fraudulent activity. Step-by-step instructions on how to change direct deposit information is available at papertrails.com/help.
- If a client insists on submitting a direct deposit change on paper, we will only accept direct deposit change requests from our primary point of contact at your company, or specified designee. The form must be signed by the company contact indicating that the client has reviewed and approve the change request with the employee prior to submission. Unsigned direct deposit forms are not accepted or processed. Once the form has been received, our team will place a phone call to the client to ensure that the change has been authorized. Paper Trails bills $10 per change to the client for paper direct deposit form changes.
- isolved and myhrstuff.com require strong passwords that are hard to crack and use multi-factor authentication to verify user credentials.
- When a direct deposit change is made in myhrstuff.com, the employee and employer will both receive an email alert that a direct deposit account has changed. This email will alert the employee to a change and potentially raise a red flag of fraud.
- Our team undergoes thorough information security & fraud prevention training, and is always on high alert for fraudulent activity. If we see something suspicious, we will alert you immediately.
If you have questions on this or any other fraud prevention topics, please feel free to reach out to your payroll processor. The tricksters are getting better and better at this type of thing, so we all need to stay vigilant.