What is payroll fraud?

Payroll fraud is when criminals or insiders manipulate payroll systems to redirect employee wages to fraudulent bank accounts. This includes creating fake employees (ghost employees), changing legitimate employees' bank details, or compromising payroll data to divert salary payments.

How does payroll fraud differ from other payment fraud?

Payroll fraud targets recurring, predictable payments that happen every pay cycle. Because payroll runs on a schedule and involves many employees, small changes can go unnoticed for months. It can be committed by external attackers (via BEC or system compromise) or by insiders with payroll access.

How can ezyshield prevent payroll fraud?

ezyshield verifies bank account ownership for every payee, including employees. Any change to bank details triggers re-verification through our secure flow, requiring the account holder to confirm ownership. Ghost employees fail verification because there is no real person to verify.

THREAT GUIDE

Payroll Fraud

Fake employees, redirected wages, and compromised payroll data. Payroll fraud is recurring, predictable, and often goes undetected for months because no one questions the pay run.

Recurring theft every pay cycle

Average 12+ months before detection

2x more common in small businesses

Source: ACFE Report to the Nations, 2024

How payroll fraud works

Payroll fraud exploits the fact that payroll is routine. Every fortnight or month, the same payments go out to the same people. No one scrutinises individual pay run entries the way they might examine a large supplier invoice. That predictability is exactly what makes it vulnerable.

The fraud can come from outside, through business email compromise targeting HR or payroll staff with requests to "update bank details". Or it can come from inside, through employees or contractors with direct access to payroll systems.

Unlike one-off payment redirection, payroll fraud is recurring. A single undetected change means money is stolen every pay cycle until someone notices. And because the amounts per employee are relatively small compared to supplier payments, the theft often flies under the radar.

Common types of payroll fraud

Payroll fraud takes several forms, all exploiting the routine nature of pay runs.

Ghost employees

Fictitious employees are added to the payroll system. Their wages are paid to accounts controlled by the fraudster. Common in larger organisations where headcount is harder to track.

Bank detail redirection

A real employee's bank details are changed to an account the fraudster controls. The employee doesn't get paid, and the fraudster withdraws before anyone notices.

BEC targeting payroll

An attacker impersonates an employee via email, requesting HR or payroll to update their direct deposit details. The next pay cycle sends their salary to the criminal.

Terminated employee exploitation

Employees who have left the company aren't removed from payroll. An insider continues to process their 'wages' to an account they control.

Warning signs to watch for

Payroll fraud is designed to blend in. But there are patterns that stand out under scrutiny.

Bank detail change requests via email

An employee asks to change their bank details by email rather than through HR systems or in person.

Multiple employees sharing bank details

Different employee records with the same BSB and account number is a strong indicator of ghost employees.

Employees with no tax file number

Ghost employees often have incomplete records: missing TFN, no super fund, or generic contact details.

Payroll changes before long weekends

Changes made right before a pay run or long weekend, designed to avoid scrutiny during processing.

Headcount mismatches

The number of people on payroll doesn't match HR records, department headcounts, or building access logs.

Resistance to payroll audits

Employees responsible for payroll who discourage reviews or insist on handling the process alone.

How ezyshield prevents payroll fraud

ezyshield verifies the person behind every bank account before money moves, including employees. Ghost employees can't pass verification, and redirected wages get caught before the pay run.

Verify every payee

Every person on payroll is verified biometrically and their bank account ownership confirmed. Ghost employees fail because there's no real person to verify.

Re-verify on change

Bank detail changes trigger re-verification. The account holder must confirm ownership through our secure flow, not just an email to HR.

Pre-pay-run checks

Every pay run is checked against verified fingerprints before money leaves. If anything has changed since the last verification, payment is blocked.

See How ezyshield Works

Protect every pay run, every cycle

ezyshield verifies bank account ownership before every payment, including payroll. No ghost employees. No redirected wages.

Book a Demo View Statistics