Payroll Security: How To Prevent 5 Types of Payroll Fraud

By: Brian Westfall on August 18, 2022

Left undetected, payroll fraud can grow from a small dent in the company coffers to a major financial drain. According to the Association for Certified Fraud Examiners (ACFE)[1], the average case of payroll fraud lasts two years and results in losses upwards of $62,400.

As a small-business owner or payroll administrator, your risk is even greater. The ACFE found that:

  • Payroll and billing fraud are both twice as likely to occur in businesses with fewer than 100 employees than those with 100 or more.

  • Check and payment tampering are four times as likely to occur in small businesses than large businesses.

  • The median loss for small businesses ($150,000) was higher than that for large businesses ($140,000).

“It’s OK,” you’re thinking. “We just bought new payroll software, so we’re safe.”

Except you’re not.

Small businesses that adopt payroll software without utilizing the right features or implementing important protocols are still highly susceptible to payroll fraud.

Below, we’ll look at five common types of payroll fraud and detail ways that you can use software and policy in tandem to prevent it from taking place in your small or midsize business (SMB).

Jump to:

Time theft

Falsifying wages

Ghost employees

Expense reimbursement fraud

Employee misclassification

Next: Update your payroll process with new software

Time theft

 WHAT IT IS:   Also known as “timesheet falsification,” time theft occurs when an employee reports working more hours than they actually did, inflating their paycheck in the process. Time theft most often takes the form of a worker clocking in for a shift early, clocking out late, or clocking in for a coworker who isn’t actually at work (i.e., “buddy punching”).

In all of its various forms, time theft is a common form of payroll fraud.

A one-off instance of a worker clocking in five minutes early isn’t going to sink your business, but a pervasive culture of even minor time theft can add up to a significant cost. If 10 employees at your company who make $12/hour add just 10 minutes to their shifts a day, that’s a loss of $10,000 a year.

 HOW TO PREVENT IT:   Employee self-service can be a blessing and a curse. You want to let workers clock in and out of shifts themselves to not only give them a sense of autonomy, but to also take an enormous administrative burden off management.

What you don’t want is to give your employees too much free reign over their hours to the point where they can easily abuse this policy.

Integrating your payroll software with the right time and attendance system can help you strike the perfect balance through two critical features that help prevent egregious time theft:

  1. Predefined shift rules limit the time frame during which workers can clock in and out of work. If they try to do so outside of the predefined time window, the system won’t let them. Rules can be set for individuals, departments, or the company as a whole.

  2. User authentication eliminates buddy punching by requiring workers to produce a unique identifier when they clock in and out of shifts. Depending on the sophistication of the system and whether it’s able to integrate with any hardware, such as a scanner, this identifier could be an ID badge, a fingerprint, or even a photo of the worker’s face.



User authentication in Humanity[2]

With regard to the payroll system itself, ask your vendor if it has any features that can automatically flag out-of-the-ordinary time entries. These features are fairly common.

You should also pair your software with sound attendance policies. For example, a best practice is requiring workers that miss their approved window for clocking in or out to request a manual entry from their manager. The manager can review the circumstances surrounding why that employee was early or late and determine if the entry should be allowed or not.

Finally, all timesheets should be reviewed and signed off by managers before they are processed for payroll to ensure that all of the entries are legitimate.

Falsifying wages

 WHAT IT IS:   Working alone or in coordination with the payroll manager, workers can falsify their wages before a payroll run either by upping their wage rate, increasing their sales numbers (for commission-based pay), or tampering with the actual paycheck itself.

That last method is especially costly. The ACFE found the average check tampering scheme results in losses upwards of $110,400. And that’s just the average.

A well-known and often-cited case of falsifying wages was uncovered at the Indianapolis Bond Bank, where two employees stole nearly $400,000 [3] in unauthorized pay and benefits over nine years.

 HOW TO PREVENT IT:   Putting all of your eggs in one basket is always a recipe for disaster, and that’s no less true when it comes to payroll, according to Mason Wilder, research specialist at the ACFE.

“If only one person is responsible for approving timesheets, producing and signing checks, while also managing the files that include employee wage information and classification, there is a huge vulnerability in terms of payroll fraud,” Wilder says.

Even if you’re a personnel-strapped startup and don’t have a payroll department, you need to segregate your payroll processing duties. In general, it’s recommended that one party handles authorization, a second party handles distribution, and a third party handles reconciliation.


Typically, the business owner or payroll administrator will authorize, the payroll service provider will distribute, and the CPA will reconcile, but this can change depending on your needs and size. You may even consider outsourcing all of your payroll responsibilities to a professional employer organization (PEO).

When it comes to your payroll software, there are a few things you can do to prevent employees from falsifying their wages:

  • Flag wage and bonus amounts out of the ordinary. Alongside flagging strange time entries, many payroll systems can also automatically flag strange wage rates or bonus payouts. Talk to your vendor if this feature isn’t enabled.

  • Leverage auditing capabilities. Your payroll system should include audit capabilities, allowing you to see what changes were made to your payroll, when they were made and who made them. If you suspect an employee is altering their wages, check the payroll records.

  • Look into your system’s user permissions. You should be able to limit every user’s access based solely on their needs and change those with unauthorized access, so rank-and-file workers can’t change their pay rates. You may also be able to limit when pay rates can be changed, for example, after performance reviews.

  • Get rid of paper checks. Physical paychecks are much easier to forge and steal than their digital counterparts, so consider going the direct deposit or pay card route if you haven’t already. Your software should allow you to change payment methods with ease.



 Get Price

Compare Products

Adding a direct deposit account in Patriot Payroll[4]

If you’re worried about salespeople inflating their numbers to increase their commission pay, investing in a formal customer relationship management (CRM) system can bolster your payroll security.

Not only can you fix item prices and commission rates in place, preventing employees from fudging their numbers on a paper ledger, you can also use embedded analytics and dashboards to more easily scrutinize your top performers. If sales across the company are going down, but certain folks’ commission is going up, that’s a big red flag.

Ghost employees

 WHAT IT IS:   A ghost employee is simply a non-existent worker at your organization who is receiving a paycheck. This can take the form of a former worker still being paid after they left the company or a current worker setting up a fake account in your payroll system.

Though they’re more prevalent in massive organizations where people can more easily get lost in the fold, ghost employees can pop up in SMBs as well. In 2019, a former Metropolitan Transportation Authority (MTA) employee was found to have collected nearly $250,000 via paychecks after his termination in 2013.[5]

 HOW TO PREVENT IT:   Without an effective offboarding process, your company can easily forget important steps such as purging exiting employees from the payroll system.

Formalizing a comprehensive offboarding workflow in a project management or HR software system can ensure the process is the same every time an employee leaves and nothing falls through the cracks.

Read about everything a good offboarding process should have here.

But what about those workers who create ghost employees for their own gain?

You should already be double-checking your payroll system user permissions and converting cash and checks to direct deposits or pay cards where possible to more easily track payments. But sometimes that’s not enough.

A formal quarterly payroll audit can help you catch any fake accounts and prevent long-term damage.

Working with your CPA or payroll processor, here are the things you should look for during a payroll audit:


If you suspect you have a ghost employee on the payroll, talk to the manager of that worker’s listed department to confirm.

Expense reimbursement fraud

 WHAT IT IS:   Expense reimbursement fraud occurs when a worker gets paid back for a company expense that either:

  • Didn’t take place.

  • Was actually a personal expense.

  • Or, cost less than the employee reported, allowing them to pocket the difference.

Should SMBs look out for workers blowing thousands of company dollars on big screen TVs and soundbars? No. But a few expensive dinners for clients or fraudulent claims for office supplies a quarter can add up to substantial damage over time.

 HOW TO PREVENT IT:   What qualifies as “office supplies” at your company? What’s the exact per diem allotment for traveling workers? What are the approved types of purchases with that per diem?

If you can’t answer those questions, neither can your workers. That vagueness opens the door for abuse, so if you haven’t formalized a travel and expense (T&E) reimbursement policy at your SMB, now’s the time.

Work with your legal counsel to suss out the details, then ensure a copy is included in your new hire materials, and that current employees are trained on the policy too. It should include specific punishments for malicious fraudulent claims so workers know the consequences.

When it comes to monitoring for reimbursement fraud, there should be two security checks in place at your organization: a micro check and a macro one.

  • The micro check looks at every submitted receipt to ensure it’s authentic, that the receipt amount lines up with the account charge and that the expense is part of a company-approved category.

  • The macro check happens once a quarter looking at expense reimbursements company-wide. You’re looking for any individual employees or departments where reimbursements are abnormally above average.

Because these checks can be tedious and error-prone when done manually, ask your payroll software vendor if their system has an application for expense reimbursements or if one is in the pipeline to be added in the future.



 Get Price

Compare Products

Employees can submit expenses for approval on their phone with Xero[6]

Employee misclassification

 WHAT IT IS:   So far, we’ve only touched on types of payroll fraud where the employee steals from the employer. Employee misclassification is the opposite, but is growing more prevalent with the emergence of the gig economy.

Employee misclassification occurs when companies, either purposefully or accidentally, mislabel employees as independent contractors, allowing them to avoid paying for overtime, employment taxes, insurance or workers’ compensation.

SMBs should take special care to avoid misclassification because the penalties for being caught can be severe. Companies can face fines from $50 to $1,000 per worker, and even jail time if the misclassification is deemed intentional by the Department of Labor or the Internal Revenue Service (IRS).

 HOW TO PREVENT IT:   In some cases, determining if a worker is an independent contractor or a full-fledged employee can be tricky. The one critical question you need to ask to make this distinction though comes straight from the IRS: “How much control as a business do I have over the worker?”[7]

The more control you can exert on a worker, the more likely they’re an employee instead of an independent contractor. Your level of control is based on three criteria:

Behavioral control

• Are you training the worker on how to do the work?

• Are you providing the tools or equipment to do the work?

• Do you mandate how results are to be achieved?

Financial control

• Is the worker being reimbursed for business expenses?

• Is the worker free to seek out other business opportunities?

• Can the worker make a profit or loss?

Type of relationship

• Does the worker provide a key aspect of your business?

• Do you provide the worker with benefits?

• Is your company’s relationship with the worker indefinite?

If you’re still having trouble classifying workers on the fence, consult your legal counsel. You can also submit Form SS-8 to the IRS to get their determination.

Once you’re confident in your classifications, record them for every employee in your payroll system to ensure you’re withholding the right taxes, offering necessary benefits and using the right forms.

Next: Update your payroll process with new software

Leveraging the right software in tandem with best practice protocols can set you on the right path, helping you avoid long-term damage and even prevent fraud from happening in the first place.

Feeling inspired to find a new payroll solution? We’re here to help. Whether you’re looking for a tool with user authentication or expense reimbursement features, you can find what you need (plus a whole lot more) in our payroll software directory. You can filter products in our directory by functionality, price, or business size, and you can also read reviews from real users.

If you’d like some personalized guidance on the best payroll solution for your business, chat with one of our advisors. After a free 15-minute consultation to review your needs, they’ll provide you with a shortlist of products that suit your business.


  1. ACFE 2020 Report to the Nations, Association for Certified Fraud Examiners (ACFE)

  2. Image of user authentication in Humanity,

  3. 2 former Indianapolis Bond Bank employees accused of stealing $400,000, Indystar

  4. Image showing the addition of a direct deposit account in Patriot Payroll, Patriot Payroll

  5. Bronx man fired from MTA continued to collect $250k in paychecks, New York Post

  6. Image showing how employees can submit expenses for approval on their phone with Xero, Xero

  7. Employer’s Supplemental Tax Guide, Internal Revenue Service (IRS)