Payroll Diversion Fraud
Learn how to detect and prevent payroll fraud to protect yourself and employees. Watch for these red flags when processing payroll transactions.

What is payroll diversion fraud?
Payroll diversion fraud is when criminals impersonate someone at the company and divert payroll or payments to a bank account they oversee. Hackers will often research a company and target a specific employee with access to the payroll system, then use methods such a phishing to gain access to another employee’s email account. The hacker will then impersonate that employee and request updates to the payroll system that cause funds to be moved to accounts the hacker controls. The good news is that these scams are complex, research-heavy, and take time to execute which means they can be prevented with the proper knowledge and processes.
Watch For Red Flags
Kotapay has an excellent fraud detection system and team, but the reality is, we can’t catch everything. We act as a second set of eyes for our customers but it’s important you have solid processes in place as well. Take extra precautions if you come across these red flags when processing payroll and always go with your gut. If something doesn't feel right, it probably isn't.
Some Common Red Flags Include:
- Urgent set-up requested by new payroll customer.
- Communication only via email.
- An abnormal communication or method of communication for a particular customer.
- Customer and its employees are in geographically diverse locations.
- Employee accounts are PAYCARDS!
- Even dollar amounts or initiation of payroll files on atypical dates.
- New contact person suddenly provided.
- Payroll amounts that are not consistent with the type of business or industry.

What can you do to help prevent fraud?
Establish smart business practices
Having up-to-date best practices and procedures in place is one of the best ways you can protect your business from payroll fraud.
Beware of email-only communications
Confirmation phone calls or other forms of verification should be used for new customers or when new employees are added for a customer.
Confirm contact information
When calling to verify information with a customer, use the contact information you have on file, not what was given in an email.
Establish a business relationship
Require a wire or set up new clients on wire drawdown until you have established a positive business relationship with them.
Be cautious during the approval process
Do not approve new customers or add new employees if you have questions about the information provided during the approval process.
Educate your employees and your clients
Make sure your employees know the red flags to watch for and communicate these with your clients.
Keep sensitive information secure
Limit access and use of computer(s) that maintain sensitive information.
Pay attention
Be cautious with unknown emails, links, and pop-up boxes. These can all be ways to access your system.
Require proof of account ownership
Require a voided check and bank statement or bank letter to confirm the account owner and process prenotes to validate account information.
Stay up-to-date
Maintain a strong data security policy and keep up to date with anti-virus software, security settings, and fraud filters.
Verify all changes
When taking payroll requests or bank change information via email, always verify changes with a phone call or in-person meeting.
Talk with our fraud prevention experts
If you have any questions at all, please contact the Kotapay Risk Department at (800) 378-3328. We’re happy to help!