How Do I Prevent Direct Deposit Fraud?

Direct deposit scams and fraud are on the rise—and they’re not going away anytime soon. Scammers are getting smarter, faster, and more convincing. As a business owner or payroll admin, it’s critical to stay one step ahead to protect your team’s paychecks.

At Paper Trails, we’ve seen an increase in fraud attempts across our client base, and unfortunately, even successful breaches when scammers get access to employee email accounts. This isn’t just an isolved-specific issue—it’s a global cybersecurity crisis. And while isolved and our team are working constantly to enhance security features, every employer needs to understand how these scams happen and what you can do to stop them.

How direct deposit scams work

Here are the most common scenarios we’re seeing:

1. A company or payroll provider receives an email, allegedly from an employee, asking to change their direct deposit. The form might look legitimate—even using your company’s official format. But the account it’s being changed to belongs to a fraudster. Come payday, the money is gone, and the real employee never saw a cent.

This can happen even if the email request appears to come from the employee’s actual email address. In many cases, their email account was hacked due to reused or weak passwords.

2. Earlier this year, over 16 billion usernames and passwords were leaked onto the internet—the largest credential breach ever recorded. If employees use the same password for multiple accounts (email, banking, payroll), hackers can easily access their inboxes and even platforms like isolved.

Once in the email inbox, a scammer can:

• Find payroll-related emails and pay stub alerts
• Attempt to log into isolved using the same email password
• If isolved MFA is set to email, they simply intercept the verification code and gain access

This is how fraud is happening. And it’s why email is no longer a supported method of MFA for isolved.

How do I protect my company and my employees from direct deposit fraud?

There are several steps you can take to ensure fraudsters are not able to intercept direct deposit funds.

Have employees make their own changes

The most secure way for an employee to change their direct deposit account is to do so themselves through our secure payroll system. Changing direct deposit accounts is very easy for employees to do through the isolved People Cloud mobile app or myhrstuff.com. Step-by-step instructions on how to change direct deposit information is available at papertrails.com/help.

Use strong multi-factor authenication methods

isolved uses enhanced security and multifactor authentication to prevent fraudulent access. To prevent email-based breaches, users must now authenticate using one of the following secure methods:

SMS
A one-time code is sent via text to the phone number listed in isolved.

Authenticator App (Recommended)
Apps like Google Authenticator or Microsoft Authenticator generate rotating 6-digit codes synced to isolved.

To set up: Open your app, tap “+” to add an account, and using the camera within the authenticator app, scan the QR code shown in isolved. Enter the generated code when prompted.

Passkeys
Passwordless login using facial recognition, fingerprint, or PIN. isolved will prompt users through this process automatically during login.

We recommend setting up at least two methods so users have a backup available.

Do not accept direct deposit changes via email

Do not accept direct deposit changes from employees via email! It is easy for spoofers to create a fake Gmail account or hack an employee’s email account and pretend to be the employee. Always verify with the employee in person or by phone that they actually want to change their direct deposit information and that the information being submitted to payroll is accurate.

Require a voided check or letter from the employees’ bank to verify that routing and account information is correct. Direct deposit funds sent to the incorrect account cannot always be recovered if they are sent to the incorrect account.

Have employees update passwords and turn on MFA

Please encourage employees to start changing their passwords across all logins. Make sure that these are strong, unique passwords for each system. For example, the password for their email address should differ from their isolved login password and Verizon password.

Also, encourage your employees to turn on multi-factor authentication on their personal Gmail/Yahoo/Hotmail accounts as well. Click the links for instructions on how to set this up in each platform. This is the easiest way to prevent these account takeovers that we're seeing.

Use a direct deposit approval workflow

To provide another layer of protection, we can set up direct deposit approval workflows. This means that any direct deposit change made by an employee through the isolved People Cloud app or at myhrstuff.com must be approved by a designated admin before it goes into effect.

How it works:

• An employee updates their direct deposit information.
• The admin receives an alert email with instructions to log into isolved.
• Navigate to: Employee Admin Tools > Employee Administration > Pending Workflow
• Verify the change by contacting the employee verbally and requesting a voided check or bank letter.
• Approve or reject the request directly in the workflow.

No change goes into effect without admin approval. This ensures that you contact the employee to be sure that the change was real.

Try to discourage pay cards

If employees are using a pay card or if the banking looks suspicious, always triple check that it is the employee submitting the change and that the account information is correct. Pay cards are notorious for fraud and funds can almost never be recovered if sent to the incorrect account.