When you think of payroll fraud and how it happens, a first impression might be of a lone employee pilfering cash from the register. But payroll fraud is a much bigger problem than that. It is a type of fraud in which someone manipulates the payroll system, either intentionally or unintentionally, to gain an economic benefit for themselves or someone else.
While it is hard for employers to imagine any one of their trusted team members would commit payroll fraud, it does happen. The Association of Certified Fraud Examiners (ACFE) estimates that payroll fraud accounts for 9% of all asset misappropriation cases in the U.S., with a median loss of $62,000 per incident.
In this article, we will take an in-depth look at what payroll fraud is, its common types, and how to detect and prevent it in the first place.
What is payroll fraud?
Payroll fraud is a type of fraud that involves manipulating the payroll system for financial gain. It can be intentional or unintentional, but it always involves someone taking advantage of the system to gain some form of economic benefit. Without the proper controls and checks in place, payroll fraud schemes typically last around 14 months before detected, causing an organization significant financial losses.
Employers, employees, and third-party fraudsters can be found guilty of committing payroll fraud. Employees may falsify information on their timesheets, such as overestimating their hours or taking extended unpaid vacations without notifying their employer.
Employers may be complicit in payroll fraud by underpaying employees, taking fraudulent deductions from employee wages, or skimming cash out of the payroll system. Third-party fraudsters use email scams to divert employees’ pay. Either way, payroll fraud is a serious problem that can have significant financial and legal consequences.
Common types of payroll fraud
Payroll fraud comes in many different forms. Some are easier to detect, while others require a closer examination of an organization's payroll records.
Let's look at the most common types of payroll fraud schemes:
Misclassification of employees
Classifying your employees means assigning them the correct job title, salary, and other duties that match their qualifications, working hours, and contributions to your business.
For example, you can classify someone as an independent contractor, a full-time, or a part-time employee.
Misclassifying employees occurs when, for instance, employers intentionally or unintentionally classify their employees as independent contractors instead of full-time employees and evade taxes and labor laws. The Internal Revenue Service (IRS) has strict rules and guidelines around classifying employees to avoid misclassification fraud, and employers who violate these rules can face hefty fines.
Buddy punching is a common name for timesheet fraud in which employees manipulate their timesheets to include hours they haven't actually worked. Generally, this can happen in two ways: by a colleague "punching in" for an absent employee or by an employee entering false information on the timesheet. The person committing this payroll fraud will benefit financially, while the employer will lose out on paying for work that wasn't done.
Commission schemes often involve sales staff or other employees who are eligible for commissions. This type of fraud occurs when an employee records false sales to increase their commission payments or hit milestones, such as recording a sale that never happened or overstating the value of an actual sale.
For example, if your policy states you will pay a commission at the time of sale instead of when the customer pays for the product, an employee may try and take advantage of that by recording false sales and receiving commissions they do not deserve. These types of fraud often take advantage of weaknesses in commission policies and sales processes, so it is important to have a clear and well-defined commission policy in place.
Workers' compensation fraud
Workers' compensation fraud occurs when an employee fabricates or exaggerates an injury to receive higher compensation benefits. In some cases, employees may commit fraud by intentionally hurting themselves to receive money from workers' compensation insurance. In other cases, an employee might get injured at home or outside of work but falsely report it as an on-the-job injury to receive compensation benefits.
This fraud is especially costly for self-insured employers, who may be responsible for the entire cost of workers' compensation claims. Alternatively, it can cost an insurance company a lot of money, resulting in increased insurance premiums for all employees.
The term ghost payroll is used to describe a situation where an employee does not actually exist but is still listed on the payroll. This type of fraud can occur when someone creates fake employee records in the payroll system and arranges for them to be paid or keeps a staff member on the payroll after they have left the company.
This fraud is often committed by human resources or a payroll department employee, typically in a larger organization, where it can go undetected for a long time due to the high number of workers. It can also occur due to a lack of segregation of duties, meaning one person is responsible for all aspects of payroll management, including hiring and terminating staff. By falsifying employment records, the fraudster can pocket the money paid to ghost employees as if it were their own.
Advance retention fraud occurs when an employee is paid a bonus or advance payment but fails to deliver on the promised work or never pays it back. This payroll fraud scheme is especially costly for small businesses, as these payments are typically not recovered from the employee's wages.
The employee may take advantage of a lack of financial controls or inefficient internal processes to commit fraud, as it works best when the accounting staff does not record advances as a loan or asset. Instead, the advance is treated as a regular expense, making it difficult to track and recover the money.
Expenses and reimbursement fraud
Expense and reimbursement payroll fraud occur when an employee files false or inflated expense claims for items that were never purchased, personal items, or higher-priced items than what was actually purchased. This type of fraud is more common in companies with a per diem allowance policy, as it can be hard to track and verify every expense claim.
Employees may also falsify mileage claims or travel expenses, such as hotel stays or meal costs. To avoid it, employers should provide clear guidelines on what expenses are eligible for reimbursement and develop a system to verify all claims.
Lack of deductions
A lack of deductions fraud occurs when an employer incorrectly calculates payroll taxes or fails to deduct employee contributions, resulting in the improper payment of funds. Employees with access to the payroll system can also alter their payroll information to avoid taxes or other mandatory deductions, leaving the employer responsible for the costs.
This fraud is more common in companies with manual payroll systems, as manual calculations are labor-intensive and may lead to errors. With automated payroll systems, such errors can be easily detected and corrected.
Direct deposit scam
Cyber security companies are reporting numerous incidents of businesses being targeted with direct deposit business email compromise (“BEC”) scams. These direct deposit scams, unlike generic phishing scams, also known as payroll diversion scams, are specifically crafted for a target company. Bad actors impersonate an employee of the company, often by establishing an email address using the employee’s name that utilizes display name spoofing in the email message.
These fraudulent emails are normally sent to the payroll, accounting, or human resources department and request either a change in a direct deposit account or a direct deposit change form. Companies have reported the bad actors actually located the company’s direct deposit form online and include the completed form in the email.
This type of scam intends to divert an employee’s payroll check to an account under the bad actor’s control. The emails sent by the bad actors have noticeable red flags, such as spelling and grammatical errors, but there are many that are well-crafted and difficult to identify.
How can employers protect against payroll fraud?
Hopefully, you're not feeling disheartened by all these fraud possibilities. Payroll fraud can be easy to prevent with the right checks and balances in place. Here are the most important safeguards employers can take to prevent and detect payroll fraud before it snowballs:
Conduct background checks
Employers should conduct background checks on all potential employees, including checking references, verifying credentials and qualifications, and scanning for criminal records. This is especially important for those with access to sensitive financial data, as they should be thoroughly vetted and monitored.
Adopt automated payroll systems
Using payroll software can help reduce the chance of human error, as calculations are done accurately, and taxes and deductions are automatically calculated. Automated systems also make it easier to detect any anomalies, mistakes, or discrepancies in payroll records.
Develop internal controls
Establishing strong internal accounting controls is critical for preventing and detecting fraud. This includes having separate staff in charge of different aspects of the payroll process, such as those responsible for inputting data and those who review and approve payments. Require two levels of approval and verbal agreement from employees requesting changes.
Limit access to payroll information
Employers should restrict access to payroll information, such as bank account numbers and employee data, to only those who need it. This will help limit the potential for unauthorized access or manipulation of payroll data.
Organize fraud awareness training
Regular fraud awareness training can help employees understand the different types of payroll fraud and how to spot them. Set up your email account so that it identifies any email that is “external” to your organization. This will also make them more conscious of their actions and better equipped to detect suspicious activity.
Always review payroll reports
When you're tired, sleepy, busy, or on the weekend, it is easy to trust the payroll reports and pass them for payment. But trust is risky when it comes to payroll fraud – always review the payroll reports, flag anomalies, and audit suspicious activities.
Consider outsourcing payroll services
Finally, if your organization needs more resources or expertise to handle payroll internally, consider outsourcing it to a professional firm. This will reduce the risks associated with manual payroll systems and ensure accurate and secure payroll processing.
Streamline your payroll and reduce your risk of fraud
Payroll fraud can be hard to detect and is often overlooked until it's too late. But with the right protection measures in place, employers can protect their organizations from financial loss and reputational damage. To streamline your payroll processes, consider automating it or outsourcing to a reputable provider – the peace of mind is worth it.
Even the most experienced employers can miss the signs of payroll fraud, so it's important to stay vigilant and take the necessary steps to protect your organization from this costly crime. Luckily, CAVU HCM provides a comprehensive service, including the tools and technology needed to ensure your payroll is accurate and secure.
Our expert Payroll Guides will provide unmatched guidance and support to help employers manage payroll processes, detect errors and fraud, and stay compliant with all payroll regulations. Additionally, our flagship software solution allows employers to expedite everything from their payroll to HR and talent acquisition.
To learn more about how CAVU HCM can help your organization, contact us today.