How to Safeguard Your HRO from Payroll Fraud

By Matt Raymond

A new client runs its first pay card payroll but the ACH comes back as “insufficient funds”—and the client is nowhere to be found.

A second client runs two unexceptional small payrolls before telling you they just signed a big customer which requires 40 immediate new hires to handle the additional business. They also need to pay the new employees on pay cards. The next payroll bounces.

These are two examples of actual schemes targeting HROs. Recently, there has been an increased number of reported fraud attempts like these across the entire payroll industry. What’s more disconcerting is that you can be vulnerable even if a prospective client satisfies standard security requirements, such as providing an FEIN and passing a credit check (as was the case in the first scenario above).

As PrismHR joins industry leaders like NAPEO (recent report: The Pillars of Cybersecurity for PEOs) in monitoring these developments, we want to make sure you are aware of resources to help you keep your data and platform access secure while mitigating risk. Because the security of the platform—and the client data that resides in it—is our highest priority.

6 Ways to Safeguard Your HRO from Payroll Fraud

1. Use authentication services

Multi-factor authentication (MFA) offers an additional layer of security to verify a user’s identity and prevent unauthorized access. In PrismHR, your organization can enable MFA at the system, client, or user level. Ensure that MFA is enabled for all users who have access to the payroll system.

2. Get alerts when ACH data changes using PrismHR Pulse

Set up an email notification that alerts worksite employees any time their direct deposit information changes. This gives the employee an opportunity to contact you immediately if they did not authorize the change, and allows you to be more proactive about identifying potential issues.

3. Enforce strong passwords

A strong password is the foundation of system security. By default, PrismHR requests upper and lower case letters, one numeric character, and must be at least 8 characters long. You can encourage or even require your users to change passwords periodically. For help with passwords, use a password-generation resource such as and a password management solution such as

4. Restrict user access

Limit individual user access to specific Internet Protocol (IP) addresses or a range of addresses. For example, you may require office employees to be logged into your corporate network to gain access to PrismHR, while manually authorizing the individual IP addresses of remote workers’ home networks. By restricting the networks with access to PrismHR, it’s much more difficult for an unauthorized user to gain entry to the system.

5. Run audit reports

PrismHR has robust reporting features that can help tip you off to suspicious activity. Look for an unusual number of changes, or for account/transit numbers that are the same or very similar. Confirm that any changes are accurate. Additionally, PrismHR recommends a review of all ACH audit records, ideally right before the ACH files are transmitted. This will confirm that nothing was altered during the business day. Fraudulent fund transfers are typically initiated and tested in small amounts just before a large sum is removed from the system. Even one change that was not authorized can indicate a vulnerability.

6. Be vigilant and suspicious

Train everyone who touches the systems (e.g., service providers, worksite users) on security best practices. Educate your users to be wary of emails with embedded links or attachments of any kind. While they may look legitimate, clicking a link or attachment can hand over access to your computer to hackers. Phishing efforts often include requests for account credentials from what appears to be a co-worker. Once a hacker has access to your computer, all your stored passwords may be available.

3 Characteristics of a Fraudulent Client

How do you spot a potential payroll scheme? Based on reports, a fraudulent client could have some or all of the following characteristics:

  1. You have never met the client in person and have only communicated with them by phone or email.
  2. The client may get agitated when an in-person meeting is requested.
  3. The client may be “in a hurry,” “simple to set up” and impatient during the onboarding process, and/or push back aggressively on wire transfers for funding.

Please be on alert that this type of activity is occurring and educate your teams. If you have experienced payroll fraud, notify your local/state/federal law enforcement agencies.

PrismHR customers can download the PrismHR Security Best Practices Guide which contains guidelines for safeguarding ACH, direct deposit and banking information for clients and worksite employees.