For payroll and HR services provider Paychex, processing a massive volume of payments is a basic business function. Some payments to clients' employees are check disbursements, but the vast majority happen either via ACH or the Real-Time Payment (RTP) network. Paychex makes approximately 15 million EFT payments, worth several billion dollars, every month.

That means payment fraud is always top-of-mind for Paychex management, and the organization has a dedicated fraud prevention team. "Fraud is much more common these days than it was years ago," says Tim Yandow, fraud supervisor. "We separate fraud attempts into two types: new account fraud, which is a bogus client providing fictitious or stolen business information to enroll in our services, and cyber fraud, where the attacker is trying to steal the payments of legitimate clients."

Within the cyber fraud category, Paychex breaks down attacks further. Account takeovers (ATOs) involve a criminal stealing the user credentials of an employee in a client's HR or finance function, with the goal of logging into the Paychex system and changing information to redirect that firm's payroll. Business email compromise (BEC) schemes can target either clients or Paychex employees, attempting to convince the target to change payment information by sending emails that appear to come from a known source. For example, Yandow says, "they might say: 'We have a new contractor that we need to pay; they were supposed to be paid last week. We need to add them to the payroll and pay out $20,000 right away.'" Meanwhile, social engineering attacks target Paychex employees, imitating a legitimate client via phone or chat with the intent of changing bank account data and launching a payroll run or a round of bonus payments.

Continue Reading for Free

Register and gain access to:

  • Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
  • Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Meg Waters

Meg Waters is the editor in chief of Treasury & Risk. She is the former editor in chief of BPM Magazine and the former managing editor of Business Finance.