Using AllianceHCM to protect against direct deposit fraud
Direct deposit fraud is rising, putting your workers’ hard-earned money at risk. Learn how to protect yourself, your team members, and your company.
Taking a few steps can go a long way in protecting against direct deposit fraud. Make sure all of your companies networks are secure and especially secure all wifi networks, as wifi is a favorite target for bad actors.
AllianceHCM Protections Against Direct Deposit Fraud
Enable two-factor authentication in AllPay and MyPay.
Two-factor authentication, or 2FA or TFA, is one of the strongest methods available to safeguard access to AllPay and MyPay through individual profiles.
For AllPay users: Make sure to enable TFA in your AllPay account. Your company’s administrator can also require all AllPay users to enable TFA. Learn more about TFA here.
For MyPay users: Administrators can require employees to use TFA in their MyPay accounts. If TFA is required, employees receive reminders every 15 days until they enable it. Employees can also turn on TFA at any time, even if it isn’t required. Learn more about TFA here.
AllianceHCM Recommendation
Every AllPay user and every MyPay user should have TFA set up. Learn more about TFA here.
Educate employees to review direct deposit communications.
Employees automatically receive an email and push notifications (as long as their email and cell number are set up in their AllPay employee record) about direct deposit changes in their MyPay account. Employees should always review those notifications for any unauthorized or unexpected changes.
See image below for example.
AllianceHCM Recommendation
Employees should add reply@hralliance.net to their email contacts so that they don’t accidentally miss any notifications and should always open and review emails from that address. Furthermore, employees should confirm their information within MyPay is accurate and can be relied upon by payroll administrators.
Review direct deposit changes every time you run payroll.
AllianceHCM Recommendation
Payroll administrators who run payroll should always review the Payroll Rules that are automatically generated when closing each payroll batch. This Payroll Rule feature cannot be turned off as it is a critical audit feature.
Reviewing these exceptions will allow payroll administrators a final chance to validate direct deposit changes, and follow up on anything suspicious. Learn how here.
Review and approve direct deposit change requests from MyPay before running payroll.
Your company’s MyPay administrative settings can dictate whether your employees MyPay direct deposit change requests automatically go into effect or must be reviewed and approved in AllPay before they go into effect. Learn how here.
AllianceHCM Recommendation
Ensure your settings mandate that all MyPay direct deposit change requests are reviewed, confirmed with the employee and approved within AllPay. Learn how here.
Additionally, it is considered best practice for payroll administrators to verify submitted account numbers against a secondary, validated source (e.g., a copy of a voided check provided by the employee through another secure channel, such as an approved secure email address or a hard copy).
When you combine these powerful protections with your companies’ best practices for cyber security, you are proactively taking steps to discourage direct deposit fraud.
Do not wait until someone’s paycheck disappears–take the extra steps today to secure your accounts and processes.