Payroll Fraud

Types, Red Flags, & Prevention Best Practices

Subscribe to our newsletter!

Please fill out the form below:

Click on the bookmark to view chapters of this webpage
Click on the bookmark to view chapters of this webpage

Financial institutions (FIs) are typically most concerned with fraudulent threats from outside their organization. While that’s usually the case, fraudulent behavior can occur within a company as well.

It’s important for FIs to monitor these threats and protect against them—and to do that they need to truly understand what payroll fraud is, the common types that fraudsters use, and how to prevent it from happening.

Access the State of Fraud and AML 2022 Report Now

What is Payroll Fraud?

An individual (or group of individuals) illicitly gains funds from an organization’s payroll processing system. Most commonly, this is done by employees who manipulate the payroll system to their advantage to earn more money than they are entitled to or inflate their hours—and then cover their tracks.

However, this can also be done by employers, who manipulate the payroll system to avoid expenses related to staffing—such as payroll expenses, unemployment tax, and worker’s compensation insurance.

Common Types of Payroll Fraud

Payroll fraud seems straightforward enough—employees abuse the payroll system to increase their income. In practice, it’s much more complicated. There are actually many ways payroll fraud can be committed, making it difficult for organizations to fully protect against—and prevent—payroll fraud.

Below, we look at the most common forms of payroll fraud and dig into how teams can prevent them.

Ghost Employee Fraud

Ghost employee fraud is when a non-existent employee is used to steal funds from the payroll system. The employee either never existed in the first place and was created entirely for the purpose of committing fraud, or a previous employee's payroll account is retained and used for the purpose of committing fraud.

This type of payroll fraud is almost exclusively committed by an employee at the company with access to the payroll system. For most organizations—and especially for larger corporations—this is often the human resources department.

This problem is more common with larger companies that have many employees and a high turnover rate, as it’s much easier for this behavior to go on undetected. Companies that lack the proper internal controls will also suffer from payroll fraud. To catch this, organizations must perform regular internal audits of their employees, looking for duplicate social security numbers and other irregularities.

Timesheet Fraud

Timesheet fraud occurs when an employee is paid for hours they didn’t actually work. This is most often committed by an employee misrepresenting their own hours by clocking in early and clocking out late.

Another employee may be in on it, clocking out for an employee later in the day when they didn’t stay that long. This form is so common that this type of fraud has its own name—“buddy punching.”

Timesheet fraud can be committed internally, where the payroll clerk is involved. They could alter hours worked for another employee—themselves receiving a kickback for helping the employee.

Businesses that pay staff hourly are more susceptible to timesheet payroll fraud, as employees have greater incentive to inflate their hours (and their compensation). Companies with poor internal controls will struggle to effectively combat timesheet fraud and mitigate losses.

Employee Misclassification Fraud

In worker misclassification fraud, an employee's status as either an employee or independent contractor is misrepresented so the company can avoid expenses such as unemployment tax, payroll taxes, and worker’s compensation insurance.

Since companies have different obligations—and expenses—for employees and independent contractors, misclassifying an employee as an independent contractor can allow the company to save on the expenses that come with an employee.

While this would be easy to notice for smaller companies with a handful of employees, it’s much harder to identify at large organizations with many workers (of different employment statuses) and a high turnover rate. Strong internal controls and intermittent internal audits will help identify errors in employee classification.

Pay Rate Alteration

An employee’s pay is altered so they receive a higher hourly rate than they should. This can be done in error, with the employee never correcting it. However, this typically requires the help of someone with access to the payroll system. Staff then try to cover their tracks to avoid detection.

Organizations must perform internal audits to check for pay rate alterations and falsification. Look for errors in the payroll register—inconsistencies should be investigated further to uncover this type of payroll fraud. Strong internal controls that restrict access to limited individuals and logs individual’s access to the payroll system can be used to manage threats more effectively.

False Expenses Fraud

An employee falsely claims expenses they aren’t entitled to. Employees can fabricate expense reports entirely or simply inflate the true value of a legitimate expense to earn a profit.

Organizations should require proper documentation for any expenses filed, including a receipt, information on the payment method, and anything else that may be relevant. This needs to be verified prior to paying out any expenses to employees to prevent this fraud from occurring.

Advance Payment Fraud

Any misuse of an advance payment option by an employee is a form of payroll fraud. Essentially, the employee requests and obtains an advance payment, but never repays it.

It’s often committed by an employee that (either accidentally or intentionally) fails to pay back an advance payment. However, it can also be done by someone with access to the payroll system, with the advance payment being recorded as another expense in an attempt to hide the payment.

Typically, this is the result of poor internal controls, in the form of lazy accounting and inadequate oversight procedures. Strict anti-fraud and AML programs—that are actually followed by staff—will combat these threats effectively.

Commissions or Bonuses Fraud

An employee abuses a bonus or commission program by claiming a bonus or commission they aren’t entitled to. Typically, the employee falsifies documents themselves to inflate or entirely falsify the value of a bonus or commission.

Internal controls need to be in place that verify bonus and commission claims from employees before they are paid out. Internal audits and reviews should be conducted to identify suspicious activity that should be investigated further, potentially uncovering instances of this type of payroll abuse.

Moonlighting or Sick Leave Fraud

When an employee falsely claims sick leave while working for another company, it’s a form of payroll fraud. Individuals falsify documentation to extend compensation for sick leave, at the same time earning an income elsewhere. In this scenario, the employee receives income from two different organizations simultaneously, while falsely claiming sick leave at one of the institutions.

The fraudster is able to illegally earn sick leave compensation, costing companies significantly. Without proper internal controls, this type of fraud can go unchecked—make sure staff need to provide a doctor’s note and validate the need for their time off. Monitor employee behavior for abnormal use of sick leave to try to catch these fraudsters in the act.

Worker's Compensation Fraud

Employees falsely claim an injury or exaggerate the extent of an injury received to gain worker’s compensation and increase their time off. This leaves organizations not only without an employee for this period of time but puts them on the hook for paying worker’s compensation.

Without insurance, these costs are absorbed by the company. Even when a company has insurance, they’ll eventually pay for this as well, through increased premiums in the future.

Organizations need to be diligent about verifying cases related to worker’s compensation, not only to validate that the injury occurred, but that it actually occurred in the workplace and that what was reported accurately represents the extent of the injury. Risk teams will need to thoroughly investigate these instances, and review scenarios where an employee’s time off is going on for longer than anticipated.

Third-Party Scams

As you can see, most of the scams we’ve covered occur by individuals within the company exploiting their position or access to exploit the company for personal gain. But that isn’t the only way fraudsters abuse the payroll system.

Outsiders can also commit payroll fraud in a couple of ways. Typically, this is achieved in one of two ways. The first is payroll diversion, in which the fraudster tricks an employee into changing their direct deposit information to an account the fraudster has access. The scammer can then collect these payments directly. The second method is a W-2 scam, in which fraudsters trick employees at a company to provide an employee’s personally identifying information (PII), which they then use to file fraudulent tax returns.

Activity monitoring that allows risk professionals to identify account changes is a great way of identifying these threats. Logins and account changes can be monitored to look for instances where fraudsters may be attempting to divert payments in a payroll system.

Payroll Fraud Red Flags to Look For

Since payroll fraud can take so many forms and is typically performed by insiders, it’s often challenging to detect. For teams to identify payroll fraud and root it out, it’s crucial that teams know what to look for.

Below, we cover some of the biggest red flags for monitoring payroll fraud. Surprisingly, many of these are non-monetary indicators that aren't tied directly to the transactions themselves.

  • Unfamiliar or abnormal changes to payroll records could signal abuses in the payroll system and should be investigated for potential fraud.
  • Inconsistencies between the payroll system and outgoing payments, which could signal employees are drawing funds illegitimately in some way.
  • Errors, mistakes, or entirely missing records in the payroll system may not always be accidental—and could instead be intentional instances of fraud.
  • Unrelated employees that list identical pieces of information, such as a bank account number, Social Security Number, or address.
  • Unauthorized access to payroll records, with individuals accessing information they aren’t allowed to see or accessing information for no valid reason.
  • Unsolicited or unusual payroll communications, for payrolls that weren’t submitted or are from an unrecognized email address.

By looking for these (and other) unusual behaviors, teams can identify payroll fraud and work towards stamping it out.

How to Prevent Payroll Fraud: Best Practices

Preventing payroll fraud from occurring comes down to having the proper internal controls in place. These measures inhibit fraudsters and their ability to commit payroll fraud and deters them from even attempting it.

Below, we cover the best practices for organizations to follow to prevent payroll fraud.

Establish a Concrete Policy

Have clearly defined, written policies for staff. Make this easily accessible and available so that staff can follow the rules—and are always aware of the most current guidelines.

Ensure the policy clearly outlines the consequences of breaching the policy and failing to meet obligations. Explain what the internal, organizational punishment would be, as well as the legal consequences when they apply.

Staff require training on understanding and implementing the risk management policy to ensure they maintain compliance and do their part to mitigate payroll fraud.

Implement Controlled Access

Access to the payroll system needs to be restricted based on employee needs. Limiting access can mitigate employees' ability—and opportunity—to commit fraud.

As a basic protective measure, all users should have their own access—with each sign-in and event being tracked and logged. At the very least, this can be used to retroactively identify who was involved in payroll fraud—at best, it can be used to stop it in its tracks. Devices (or access) should never be shared so that each individual's activity can be tracked accurately.

Avoid situations where an insider can aid the fraudster—or hide their own fraudulent activity better. Without these checks in place, it’ll be much harder to track and (therefore) much easier for fraudsters to do successfully. Separate responsibilities as much as possible, and ensure there are systems in place that hold staff accountable for their activity.

Role-based authorization and adequate due diligence checks will ensure that fraudsters can’t leverage access they aren’t supposed to have or abuse their legitimate access.

Maintain Activity Logs

Track user access and changes within the payroll system. Keep diligent records with clear details that your organization can use to monitor employee activity—and see anomalies.

With each login and activity tracked (and recorded), teams can go back and review suspicious activity to uncover payroll fraud. Having this behavior tracked will not only allow teams to identify the culprit but will also deter employees from attempting payroll fraud in the first place since they know their activity will be monitored.

Perform Internal & External Audits

Run regular audits that check employee behavior, verify records, and provide general oversight. Internal audits should be performed consistently to identify weaknesses and make adequate adjustments and improvements.

But internal audits aren’t enough—adept employees can still get away with payroll fraud without external checks. It’s important to have third-party audits performed periodically, making it much harder for insiders to continuously get away with fraud. It also deters fraudsters from trying in the first place, as they know they’ll be caught out. Typically, fraudsters committing payroll fraud believe there are weak controls that they can circumvent—allowing them to get away with it.

Outsource Payroll Services

Alternatively, organizations can outsource payroll services entirely, relying on a third-party company to manage this for them. With a third-party responsible for managing your payroll system, employees have less opportunity to commit payroll fraud.

It’s imperative that your organization vets a high-quality payroll service to do this, and that you audit their performance as well to ensure they aren’t abusing the payroll system. However, relying on a payroll service provider can significantly reduce the risk of insiders committing payroll fraud.

Download Operating System Product Guide

Mitigate Payroll Fraud with Unit21

Detecting and preventing payroll fraud comes down to having the right measures and internal controls in place. While payroll fraud takes many forms, it can be prevented in many the same ways—limiting and managing employee access to payroll systems, logging, and tracking behavior within the system, and conducting periodic audits and reviews.

Schedule a demo today to learn how Unit21’s Risk & Compliance Infrastructure can help your team manage payroll fraud threats—and keep customers (and your organizations) safe.