Payroll is a major responsibility for any small business. Aside from just processing payroll on time and correctly, business owners and human resource teams must make sure that all the information regarding payroll is secure. There’s actually a lot of sensitive information tied to payroll data including social security numbers, bank accounts, and home addresses. Here are a few tips to help ensure your business has a secure payroll process.
Because of all the valuable information related to payroll, it can be a playground for hackers who want to steal sensitive data. Even worse, it may be tempting for your own employees to break the rules and pad their paycheck or help another employee commit fraud. By taking all the precautions you can to protect private information, you’ll help prevent payroll fraud in your organization.
Payroll security means that your business is proactively safeguarding employees’ personal data. It also entails doing regular audits on the payroll process, and reporting any potential payroll fraud.
Payroll fraud can wreak havoc on a business. The Association for Certified Fraud Examiners states that the average payroll fraud case lasts for over two years, and results in a loss of over $60,000. That’s why business owners should take every preventative measure available.
Obviously it’s not something you want to mess around with, but exactly what is payroll fraud? Technically, the payroll fraud definition is any type of fraud that results in the theft of cash from a business through the payroll system. Let’s look at some concrete examples of payroll fraud, how they can happen, and what you can do to prevent it.
There are a few different ways employees can steal from a business through the payroll process. By knowing the different causes of payroll fraud, you can have a better understanding of how to detect and prevent it from happening at your company.
Time theft occurs when an hourly employee reports working more hours than they actually did, resulting in a larger paycheck. This happens more often than employers may realize. In a randomized study of hourly employees, 43% admitted to committing time theft.
There are different ways employees can commit this type of payroll fraud. One method used is “buddy punching” which is when one employee clocks in or out for another who is not present.
The more common method is simply clocking in a few minutes before your shift begins or clocking out after your scheduled shift has ended. Many employees see this as innocent enough, but it can end up costing businesses up to 7% of their gross annual payroll according to the American Payroll Association.
Another payroll fraud scheme is falsifying wages. This usually involves another employee working in coordination with the payroll manager to either increase their rate of pay, increase the commissions paid out, or tampering with the actual check.
There are major payroll fraud risks associated with this behavior. The Association for Certified Fraud Examiners (ACFE) discovered one case at the Indianapolis Bond Bank where two employees stole nearly $400,000 over nine years. Even when the case hasn’t gone on as long, the ACFE has found the average check tampering scheme results in about $150,000 in losses – the highest average of most payroll fraud schemes.
A ghost employee is simply someone who doesn’t work at your business but is receiving a paycheck. This can be either a former employee who is still being paid after they’ve left the company, or a fake employee who was set up in your payroll system.
Ghost employees are an example of payroll fraud that is typically more prevalent in larger organizations . This is simply because it’s easier for a ghost employee to be hiding in the mix with more team members on board. However, this doesn’t mean small businesses shouldn’t be on the lookout for this payroll fraud risk.
Reimbursement fraud occurs when an employee is issued payment for a company expense that either didn’t occur, was actually a personal expense, or cost less than the amount the employee actually reported. The employee is essentially stealing from the company under the false context of being paid back for their business-related expenses.
Advance repayment fraud can also happen when an employee is issued an advance payment, but never repays the balance or completes the work required.
By implementing a regular payroll audit, you can quickly detect payroll fraud and ensure it doesn’t continue to happen in the future. One of the things you will want to look for in your payroll audit is the number of payouts per pay period. This should obviously match the number of employees in your organization.
You’ll also want to double check any new hires, pay rate changes, or any bank account or address changes. A payroll services company may also provide you with these reports to make auditing easier.
You should also do regular reimbursement audits both at a micro and macro level. At the micro level, you’ll want to check individual receipts to ensure they match the reimbursement the employee is asking for and is for a legitimate business expense. At a macro level, you’ll want to see if certain employees are consistently asking for a higher reimbursement amount than others in their same role and address any concerns right away.
To prevent time theft, you should require supervisor approval on all time card punches so any issues are caught quickly. Supervisors will also have a better understanding of what is happening day in and day out, which benefits the company and the employee. For example, if an employee is asked to stay late to help a customer, their supervisor will understand that particular case and can ensure that the late punch is not fraudulent.
There are several ways your company can be proactive against fraud. Let’s look at how to prevent payroll fraud of each type before it has a chance to begin.
To prevent time theft, you can use a unique identifier for each employee, such as an ID card or a fingerprint for clocking in and out. This minimizes the chance of buddy punching occurring. You can also create a predefined shift rule in your timekeeping system that automatically flags an employee punch that is more than 5 – 10 minutes before or after a scheduled shift. Their supervisor will then have to approve this punch in order for it to be valid.
To prevent falsifying wages, you should have multiple people reviewing and approving payroll. Typically, the business owner or human resources manager will authorize the amount for each paycheck, the payroll service provider will distribute the checks or direct deposit, and the CPA will reconcile the accounting after each payroll period. By having multiple people involved in the payroll process, it’s easier to quickly catch any incorrect numbers.
To prevent ghost employees, you should have a strong onboarding and offboarding process for all employees. This helps ensure that former employees will not stay on payroll, and makes it harder to “hire” fictitious employees. Doing a payroll audit, as previously mentioned, will also catch any additional payouts.
To prevent reimbursement fraud, you should have a strong travel and expense policy in place for all employees. That will help clear up what is and what is not a legitimate business expense, as well as maximum reimbursement amounts. Then, when you perform your micro reimbursement audit, you have an easy checklist you can measure receipts against.
It’s also important to have a system in place for how to report payroll fraud at your company. If someone in your organization catches an error, whether intentional or not, they should know exactly who to report it to so that the matter gets handled right away. Keep in mind, more employees are usually willing to speak up if you have an anonymous way to report discrepancies.
When fraud is caught, it brings up the question, “Is payroll fraud a felony?” It can be if the employee intended to commit the fraud (meaning it wasn’t an accident or typo) and you have sufficient proof. Ideally you’ll catch the employee committing payroll fraud and can terminate the employee without having to take the matter to court.
Now that we’ve looked at how to prevent payroll fraud, let’s look at a few other ways your company can secure payroll against outside hackers. Unfortunately, outside attacks usually happen because an employee has given sensitive information like social security numbers, bank accounts, and home addresses to an unreliable source. Here are a few ways you can help prevent that from happening at your company.
When we think of secure payroll services, many of us automatically think of online security. However, a lot of information can be taken right off of paper documents. You’ll want to ensure any new hire paperwork with private information is locked up, and only able to be accessed by those who need it. When that information is no longer needed on file, you should black out personal data and shred the documents.
You’ll also want to limit the amount of information printed on paper checks or pay stubs. Unnecessary data like social security numbers and home addresses can put employees at risk if this piece of paper gets into the wrong hands.
Of course, you also cannot fail to protect information online. If you use an online payroll system, you’ll want to make sure that employee logins are regularly updated with their most current email address and new passwords. In fact, many companies will require a password change as often as every 90 days. This prevents the chance of passwords falling into the wrong hands and hackers getting into your system.
In addition to catching payroll fraud, regular monitoring and audits can help catch any security issues in a payroll system. If an issue arises that is not due to employee fraud, you’ll have to look at any opportunities outside hackers had to get into your system. During these audits, you should involve your IT department to ensure all best practices are being followed and that there is as little opportunity for human error as possible.
If you work with an outside payroll services company, look at the reports they generate to catch any possible issues. You’ll also want to follow their best practice guidelines and ensure you are always using the most current technology they offer.
At PayTech, secure payroll services are our top priority. We help ensure that your employee’s sensitive data is protected, your payroll is processed on time and accurately, payroll taxes are done correctly, and that payroll fraud detection and prevention are in place.