The information posted on PayrollTalk is for informational purposes only and is not intended to substitute for obtaining accounting, payroll, tax, or financial advice from a professional accountant.

Potential fraud from direct deposit transfer

edited November 2010 in General Payroll Topics
Morning all,
Does anyone have a series of questions that they ask employees when an employee contacts payroll to change their bank account info for direct deposit? We recently had a non-situation raise good questions and so I'm turning to you all for input.

Three employees recently contacted payroll to make changes to their direct deposit info because the "had" to close their accounts becasue they were robbed. When I overheard the payroll tech bemoaning the fact that "that's the third one in two weeks, it peaked my interest. I got slightly concerned that the issue our employees were having might have a connection to our records, etc. Luckily, none of the situations were the same and we didn't have any concerns on our end. But it did get me thinking that we should have a series of questions (2-3) we ask when DD info is changed.

So, any suggestions? Any input is appreciated.


  • We don't ask questions when they want to change their DD info but we require them to fill out a form and include a voided check that has their name and address printed on it or a DD form from their bank that has their signature as well as all of the account info.

    At one point we had someone want us to DD money to their boyfriends account and when we got the voided check our EE name was not on the account so we refused.
  • I agree with jadegurl, we require a written request for the change. They can either come in to the office to fill out the form or we will send the form to them to fill out and return to us. We must get the original, no faxes. We compare the signature on the DD form to the signature on there new hire paperwork if needed.
  • We also require all DD changes to be requested in writing on a special form. We also require a blank check or an Bank Spec sheet to show the proper routing and account numbers.

    No form, no change. It has worked very well for us.
  • lorr - correct me if I misunderstood, but I think your question is not so much how a DD change is requested, but whether and how to monitoring such requests and the reasons for them as potential red flags for a confidential information security breach.

    That is, three employees requesting DD changes due to improper access by someone to their bank accounts within a short period of time, seems worth investigating - to see if someone with access to the company DD info was using it to defraud employees. I thing what bothered you was that this was discovered by the "accident" of overhearing a comment by the person processing the changes. If the comment had not been made or if three different employees processed the changes, it might not have come up.
  • Hi Pat,
    My apologies for not responding before now.

    Yes, you are correct.

    My concern is when does that 'red flag' go off that something doesn't seem right here. When I overheard the comment and ensuing conversation, I was immediately concerned that we might have a problem that our ITS office hadn't uncovered yet with their processes.

    So, I was wondering if anyone has a few pertinent questions that could be answered when an employee requestes a DD change that could assist in identifying a potention problem on our side.

    Any suggestions? I've drafted (and re-drafted) but haven't finalized anything yet.

    Thanks for helping me to clarify what I was trying to ask.
  • Hello lorr - it must have been clear to me. I responded because it did not seem your question was being addressed.

    I would start by working with your security officer (if you have one) and first figure out what the red flags are. Then you can determine how you will track the information you want - including how you obtain it. i would think you would want to be able to detect an issue before it reaches the point of finding out from employees that there was a problem. That the questions you are contemplating would be a final indicator which, hopefully, would never be triggered, or if it is, identifies a problem outside of your control (say at the bank).
  • Thanks again for the input. I have contacted our ITS office and asked that they share with me what they review and how often to ensure that files haven't somehow been 'hacked' into, etc. and who they have listed as contact for the various files - in this case if they see that someone has tried (or did) access the files that contain DD information who is it that they'll contact, etc.

    We'll likely include this as a small component of our red flags training - we do fall under that rule :roll:
    Are you changing/closing this information due to suspected or known fraud on the account?
    If yes, when and how did you become aware of the problem?

    I've asked our payroll techs to follow up only with those employees that are changing their DD information (including a closed account/different bank). Based on the answers provided, they can escalate it to my level if needed. Likewise, I asked them to be aware of when we have multiple ee's chaning DD info in short periods of time. We have roughly 600 employees and the majority are on DD; we don't get alot of changes so when you get 3 in 10'ish days, that could mean something.

    Anyway, in this case, while the 3 mentioned in my OP were actually all 'robbed' it was their home, car and/or wallet that was the culprit and not our electronic files.

    Again, thanks. Any other suggestions will always be welcome.
  • Actually - a really good post - and perhaps have a better handle on the red flags stuff than a lot of us.
  • Another possible tool might be measuring changes made to direct deposit information. One piece of our monthly payroll metrics is direct deposit changes. This was originally done to measure use of our ESS system, but after a few years of historical data we have noticed seasonal trends, and anomalies. Fortunately, any anomalies to date have been the result of bank mergers / acquisitions, but it doesn't hurt to monitor.

    If your systems keeps an audit trail of these changes consider running regular reports. You could also run historical reports to get baseline data.