Payroll Fraud Doesn’t Usually Come from Outside Your Company

What Employers Need to Know About Internal Payroll Fraud and How to Stop It

By Kevin Welch, CEO & Founder, Journey Payroll & HR
Published: March 2026
Last updated: March 2026

There is a version of payroll fraud that most business owners imagine. A hacker cracks into your systems. An outside actor runs a phishing scheme.  Someone, somewhere, gets access to your employee records and runs fraudulent payments to themselves.

All of those things happen. They are worth protecting against with proper security and cyber insurance. But they are not where most payroll fraud actually comes from.

Most payroll fraud comes from inside. It is usually a trusted employee, sometimes a long-tenured one, someone who has been given access and responsibility and has figured out how to use both for personal gain. That version of the story is less comfortable to think about, which is probably why it gets less attention.

In my experience at Journey Payroll & HR, the employers who discover payroll fraud are sometimes not shocked that it happened. They are shocked by how long it went on without anyone noticing.

What Does Payroll Fraud Actually Look Like?

The term “payroll fraud” covers a wide range of schemes, but a few patterns show up again and again. (My next article will cover how Journey Payroll & HR helps protect our clients from these situations.)

Ghost employees are one of the most common. Someone with payroll access adds a fictitious employee to the system, or keeps a departed employee active after their last day, and routes the wages to an account they control. From the outside, the payroll register looks normal. There is just one name on it that should not be there.

Timesheet manipulation is another. Falsified hours, rounded-up punch records, time entered for shifts that never happened. In environments where employees submit hours and someone else approves them, or where the approver and the submitter are too close, this kind of fraud can run for a long time before the pattern becomes visible.

Pay rate manipulation is subtler but just as damaging. Someone with edit access to the payroll system bumps their own rate, or a colleague’s rate, by a modest amount, hoping the change will go unnoticed in a busy payroll run. Over time, even small unauthorized increases compound.

Direct deposit fraud is growing. An employee or actor updates their banking information in your payroll platform and routes their direct deposit, or someone else’s, to an account they control. This is one of the fastest growing payroll fraud vectors, and it is often the hardest to catch in the moment because it looks exactly like a legitimate address change.

Expense reimbursement fraud rounds out the picture: inflated receipts, invented expenses, reimbursements submitted for personal purchases dressed up as business costs. This is not always processed through payroll, but it often is, and it operates on the same logic as the other schemes. Access plus opportunity plus absence of oversight equals theft.

Why Small Businesses Are Hit Harder

If you are running a business with fewer than 100 employees, the odds are not in your favor here. According to the Association of Certified Fraud Examiners 2024 Report to the Nations, payroll fraud is approximately 1.5 times more likely to occur in smaller organizations than in large ones. Roughly 14 percent of fraud cases at small businesses involve payroll schemes, compared to about nine percent at larger organizations.

The reason is not that small business employees are less honest. The reason is that small businesses tend to have fewer controls in place. In a larger organization, the person who processes payroll is not the same person who approves it, who reconciles it, and who has access to change pay rates. In a smaller business, one or two people often handle all of those functions. That concentration of access is exactly what makes fraud possible.

One thing I tell business owners regularly is that separation of duties is not a bureaucratic formality. It is one of the most practical fraud prevention tools available. If the same person who enters payroll can also approve it, run it, and update employee records, you have a control gap, and someone who is motivated will eventually find it.

The data also shows that in smaller organizations, fraud tends to go undetected longer rather than shorter. You might expect the opposite, that a smaller team means closer oversight. But without formal controls in place, smaller businesses often rely on trust and familiarity, and those are not the same thing as oversight.

What Are the Warning Signs of Internal Payroll Fraud?

The ACFE’s 2024 report found that 75 percent of perpetrators in confirmed fraud cases displayed at least one behavioral red flag before they were caught. That number deserves a moment. Three out of four fraudsters were showing signs that something was off, and the fraud was still running.

The most common behavioral indicator, and the one that has topped the ACFE’s list across multiple report cycles, is an employee who appears to be living beyond their means. A lifestyle that does not match the salary you are paying them. Expensive vacations, new vehicles, upgraded housing, unusual purchases that come up in conversation. None of these things are conclusive on their own, but they are worth paying attention to.

Other red flags include an unusual resistance to taking time off, particularly from employees who handle payroll or financial records. People running ongoing fraud schemes often avoid vacations because they are worried about what someone else might notice if they step away. An employee who insists on handling certain processes alone, who is defensive about oversight, or who becomes agitated when asked routine questions about their work is also worth noticing.

It is also worth noting that 87 percent of the fraudsters in the ACFE study were first-time offenders with no previous criminal history. The person stealing from you almost certainly has a clean background check, a good reputation on the team, and your trust. That is not a reason to become paranoid. It is a reason to build systems that do not depend entirely on trust to work.

From a data standpoint, watch for payroll expenses that are growing faster than your headcount, employees whose pay records show frequent changes, terminated employees who continue appearing in payroll, and discrepancies between your general ledger and your payroll reports.

What Should You Actually Do About It?

Internal controls are the foundation. Separation of duties is the starting point. Whoever enters payroll data should not be the same person who approves it. Whoever can create or edit employee records should not have unchecked access to approve payroll runs. These are not complicated systems to build. They are structural.

Regular payroll audits matter more than most business owners realize, and not just once a year. According to the ACFE’s 2024 Report to the Nations, surprise audits were associated with a 63 percent lower median loss in fraud cases. The report also found that anti-fraud controls more broadly reduced fraud duration by 14 to 50 percent. That is a meaningful improvement that comes from a relatively simple change in how often and how predictably you examine your own numbers.

Reconciling payroll to headcount on a regular basis is a low-effort, high-return habit. Your payroll register should match your active employee list. If it does not, that discrepancy deserves a documented explanation, not an assumption.

Direct deposit change requests should require a verification step, ideally a secondary approval or a confirmation sent to the employee’s address of record. This single control closes a significant portion of the direct deposit fraud exposure that is currently affecting small businesses.

What I have seen over and over again in this industry is that fraud does not survive consistent scrutiny. It thrives in environments where the same person handles multiple steps of the same process, where oversight is irregular, and where trust substitutes for structure. Trust is a genuinely good thing in a workplace. It just needs to be paired with systems that do not require it to work perfectly.

If you discover something that looks like payroll fraud, or if an employee raises a concern about what they have seen, the right next step is an employment attorney. Journey Payroll & HR is happy to make introductions to employment attorneys we work with regularly. Getting legal guidance early makes a real difference in how recoverable the situation is.

Frequently Asked Questions

What is payroll fraud and how does it happen?

Payroll fraud is the deliberate manipulation of a payroll system to steal money or other compensation. It most often involves an employee or manager with payroll access falsifying records, such as adding ghost employees, inflating hours, changing pay rates, or redirecting direct deposits to an account they control. According to the Association of Certified Fraud Examiners 2024 Report to the Nations, payroll fraud typically goes undetected for 18 months, which allows losses to compound before anyone notices a problem. At Journey Payroll & HR, Kevin Welch advises employers to treat payroll access as a controlled resource, not a routine administrative function.

How long does payroll fraud typically go undetected?

According to the ACFE’s 2024 Report to the Nations, payroll fraud cases have a median detection time of 18 months. Using the report’s median loss figure of $50,000 per payroll fraud incident, that works out to roughly $2,800 per month in losses. The primary reason fraud persists this long is the absence of formal internal controls, particularly the lack of separation of duties and regular independent payroll review. Organizations with surprise audit protocols in place detect fraud significantly faster and at lower total cost.

Are small businesses more at risk for payroll fraud than large ones?

Yes, and by a meaningful margin. The ACFE’s 2024 data shows that payroll fraud appears in approximately 14 percent of fraud cases at businesses with fewer than 100 employees, compared to about nine percent at larger organizations. That is roughly 1.5 times the rate. Small businesses tend to concentrate payroll functions in fewer people, which creates the access and opportunity that fraud requires. Kevin Welch regularly works with small business owners at Journey Payroll & HR to identify these concentration risks before they become expensive.

What are the most common warning signs of internal payroll fraud?

The ACFE’s 2024 research found that 75 percent of perpetrators displayed at least one behavioral red flag before their fraud was detected. The most consistent warning sign is an employee who appears to be living noticeably beyond their means. Other behavioral signals include an unusual resistance to taking time off, defensiveness around oversight, and insistence on handling certain processes alone. From a data perspective, watch for payroll expenses growing faster than headcount, frequent changes to employee pay records, terminated employees remaining active in the system, and discrepancies between your payroll reports and general ledger.

How can I protect my business from internal payroll fraud?

The most effective structural defense is separation of duties: the person who enters payroll data should not be the person who approves it, and neither should be the one who can edit employee records without secondary review. Regular payroll audits, particularly unannounced ones, dramatically reduce both the duration and total cost of fraud when it does occur. Reconciling your payroll register to your active headcount at each pay period is a simple, high-value habit. Direct deposit change requests should require a verification step, not just submission. The HR resources at Journey Payroll & HR are available to help you think through where your current setup may have gaps.

What should I do if I discover payroll fraud in my company?

Your first call should be to an employment attorney, not your payroll provider. The legal implications of payroll fraud, including how to preserve evidence, whether to involve law enforcement, and how to handle the employee relationship, require guidance that only a licensed attorney can provide. Acting quickly and getting legal advice early significantly improves the outcome and limits additional exposure. Journey Payroll & HR works with trusted employment attorneys and is happy to make introductions. A good payroll partner can help you understand what the data shows; an attorney helps you decide what to do about it.

About Kevin Welch

Kevin Welch is the CEO, Owner, and Founder of Journey Payroll & HR. He built Journey on a simple belief: that success and happiness are not a tradeoff. The businesses that take care of their people tend to be the ones still standing, still growing, and still worth working for a decade later.

Kevin has spent his career trying to see what is coming before it arrives. Regulatory shifts, workforce changes, compliance traps, the stuff that blindsides business owners who are too busy running their companies to watch the horizon. That is the job he has given himself, and these articles are part of how he does it.

Connect with Kevin on LinkedIn at www.linkedin.com/in/kevinwelchjourney.

Journey Payroll & HR Weekly Articles | Kevin Welch | JourneyPayrollHR.com