Become an insider!
Get our latest payroll and small business articles sent straight to your inbox.
In this Article:
When it comes to protecting your personal and business information, there are a number of approaches to get the job done. For example, simple solutions like updating your password to be more complex or reviewing payroll reports can help you prevent fraud and catch suspicious activity on your account before it’s too late.
At Wagepoint, we take the security of your information very seriously. That’s why we’ve given clients a range of strategies to increase security on their accounts. These measures are in place to give you an extra layer of security to keep your account safe from unsuspecting eyes.
Check out these 5 tips to get a hold on payroll security.
What is two-factor authentication (2FA)?
In this blog, we’ll be focusing on the best line of defense: Two-factor authentication (2FA). 2FA is a security system that protects the data in your account by requiring an extra login credential to gain access. Using Wagepoint 2FA as an example, in addition to a username and password, anyone trying to log in to your account will need to enter a special verification code sent just to your smartphone — making it difficult for unauthorized people to access your business and employee information.
Setting up 2FA in Wagepoint is easy! See how here.
What can happen without 2FA: Account Takeover.
An account takeover is a form of identity fraud, where a malicious third party — we’ll call them fraudsters — gains access to a user’s account credentials. This can happen when a fraudster steals personal information stored in online accounts. Then they not only steal data, but also use these legitimate accounts to complete fraudulent transactions using the person’s financial details.
With my experience as a payroll risk analyst, I wanted to provide a few case studies that highlight the importance of having two-factor authentication, as well as some of the consequences that occur when your security is compromised. I want to emphasize that all my experiences of account takeovers involved accounts without two-factor authentication.
NOTE: While the names of the individuals and their businesses in these case studies are fictitious, they are based on real-world events.
Case study #1: Jack’s Pizza
Jack’s Pizza was your everyday mom-and-pop, family-owned business. Unfortunately, they were affected when one of their employees with administrator access Sarah, had her email compromised. Because her email was compromised and she didn’t have 2FA, the fraudster was able to access her administrator account, change employee direct deposit information on file and submit a fraudulent payroll run.
Unfortunately, Sarah didn’t catch the fraudulent activity right away and enough time had passed where funds couldn’t be recovered.
Case study #2: Jill’s Photography Services
John, a photography director at Jill’s Photography Services, had his administrative account details compromised when he clicked on an unsolicited link in his junk mail. Without 2FA, fraudsters were able to access his payroll, change employee bank accounts and create a fictitious employee.
In this case, John caught it in time, requested to have direct deposits stopped and took active measures to prevent any further damage. With personally identifiable information compromised, John had to figure out how to tell his employees and was advised to speak with a privacy breach lawyer/advisor for next steps.
Unfortunately it didn’t end there. The fraudster took the bank account information to make illicit purchases with multiple vendors and send funds to foreign accounts. On top of that, with the email compromised, the fraudster used the business’s social media accounts to request access to other platforms.
Security is one of 5 must-haves for your payroll software in 2022. Click to see what else you should consider when deciding.
What can we learn from this?
Imagine if you had millions of dollars from a lottery win and were advised to move this money into a safe. You’re given the option to have a password to protect the money in your safe. With the knowledge that people are after your money, would you prefer to enter the password each time that you wanted to open the safe? What about entering the password twice?
It’s understandable that there is a convenience to only having to enter your password once and without 2FA. It can even feel as though there’s more effort to complete an additional verification step. However, I’ve seen how this extra step substantially increases account security. We might call this the Security-Utility Trade-Off — where increased security results in less ease-of-access, and, vice versa, where increased ease-of-access results in lower levels of security.
Given that fraudsters are trying to access your account and have a range of tools to steal passwords and access your information as we see in the above case studies, it’s best to take all precautions available.
Protect your payroll data with 2FA.
2FA provides the ideal balance between security and ease-of-access when accessing your information. Yes, it’s an extra step, but it’s a simple one to take to make sure that your payroll and other information are secure.
