What is Direct Deposit fraud?
- Sometimes referred to as “payroll diversion fraud”, direct deposit fraud is when an employee’s direct deposit account is updated illegitimately by a villainous party/scammer.
- Most often occurs when a scammer uses social engineering tactics to appear as an employee, requesting to make an update to their direct deposit information via email.
How it’s done
- The fraudulent party will send an email from the employee’s email address, requesting to make an update to the employee’s direct deposit, supplying a routing and account number for an account controlled by the scammer.
- The scammer often then attempts to suppress any alerts that would go out to the employee indicating that their direct deposit information has changed to circumvent the employee from noticing.
- This allows time for a payment to be processed to the employee’s newly updated account without the employee or payroll administrator noticing that the account is fraudulent. At this point the funds are quickly disseminated to multiple other accounts to eliminate the possibility of tracing and recalling the funds.
How to combat Direct Deposit fraud within your organization
- Setup a procedure for all direct deposit updates, requiring all employees to complete a handwritten direct deposit form which is then handed in to the company’s payroll administrator when looking to update direct deposit information.
- If the employee is a remote worker, have the employee verbally confirm that they are sending/have sent the completed direct deposit form via email.
How we combat Direct Deposit fraud at PayDay Employer Solutions
- We work with our banks to identify any potential fraudulent account changes, in which they notify us if they believe there is an attempt to change an employee’s direct deposit account to an account that is not truly the employees.
- We then require our account specialists to verbally confirm with the client that the direct deposit update is indeed legitimate.