PAYROLL
The Oklahoma Employment Security Commission has seen an upswing in fraudulent unemployment claims. The agency has been targeted by perpetrators filing fraudulent unemployment claims using stolen identities and personal information. OESC has implemented additional procedures to flag and investigate potential fraudulent claims and will require in-person ID verification for claimants.
To assist in preventing fraudulent claim payments, agencies are encouraged to respond as quickly as possible when a notice of unemployment insurance claim is received. This is especially true if you receive a claim on a person who is currently employed and on the job, or if the claimant was never an employee of your agency. Many times these are fraudulent claims and should be investigated immediately. If you suspect a fraudulent claim and would like to report it, please email OESC at [email protected] or call 405-557-7164.
OESC has provided the following information for what to do when a fraudulent claim is received.
- Agencies should respond to the notice as appropriate.
- The employee must write on the claim notice that he or she did not submit the claim and provide a copy of their social security card and driver’s license to the OESC. They can do this:
- By fax: 405-557-7199.
- By email: [email protected].
- In person at any workforce center location around the state or at the main office on the 5th floor of the Will Rogers building in Oklahoma City.
>> Back to Top
The top story in the May 2019 CAR Newsletter was in regards to fraudulent attempts to change an employee’s banking information. This article is a reminder to be cognizant that this issue is still ongoing and to be aware when receiving requests to update payroll information. To avoid processing fraudulent information, it is necessary to verify any attempts for payroll changes.
Immediate steps to take:
- Agencies must pull all Payroll Change/Direct Deposit forms from their public websites and move the forms to an intranet or distribute by employee request only.
- Additionally, until otherwise notified, personnel who handle employee payroll direct deposit procedures should verify ALL requests for changes to direct deposit by personally contacting the employee by phone and verifying information such as employee ID number, employment start date, etc. Do not contact the employee by responding to an email requesting the change. Make direct contact and ensure you are actually communicating with the employee and not someone posing as the employee.
- We advise agencies to set a time delay when changing direct deposit information to decrease the chance of wage theft.
>> Back to Top
JP Morgan has posted an alert regarding a new version of an ACH fraud scheme criminals are using to change employee payroll direct deposit information and ultimately divert funds. According to the Federal Bureau of Investigation’s Internet Crime Complaint Center, cybercriminals are deploying this scheme, targeting human resources or payroll employees who have access to online payroll accounts. In 2018, the IC3 received approximately 100 complaints of payroll diversion, with a combined reported loss of $100 million.
The phishing emails appear to be sent from a company employee or the company’s chief executive officer, chief financial officer or payroll director requesting a change in the bank account information listed. Experts say these emails are well written without the usual misspellings or grammar mistakes seen in typical phishing schemes. Law enforcement says criminals are using a “high number, low value” approach. For example, the criminals will direct payroll records to be updated to allow the deduction of a nominal amount, $10-$20, per paycheck from hundreds, if not thousands, of employees. These fraud attempts are often missed by the existing controls and best practices that companies have in place for validation of wire transfers or other payment instruction change requests. Remember, a company executive or other payroll employee should not email another employee to request a change in bank account information, or ask for credentials to access a company’s payroll system. Always call the requestor using a known telephone number to verify the request. According to the IC3, here are some additional recommendations to help mitigate the threat of payroll diversion:
- Reinforce education and awareness about cyberschemes among all employees.
- Hover over the sender's name in emails to display the real email address or website URL to confirm the actual sender or website.
- Never share login credentials.
- Never share personal information in emails.
- Implement two-factor authentication for access to sensitive systems and information, such as bank account info, that is initiated by employees who want to update or change direct deposit information.
- Monitor employee logins that occur outside normal business hours.
- Submit suspicious emails or criminal activity to your local FBI office and file a complaint with the IC3 at www.ic3.gov.
>> Back to Top
When earnings are payable after the death of an employee, the Payroll Processing for Death of an Employee manual must be followed to ensure proper processing. For payments to a spouse, dependents, guardians or beneficiaries of a deceased employee that are made through AP, the recipient(s) must be set up in the vendor file. Processing Step 1 in the manual states the agency can request a Vendor ID using the ‘Vendor File Additions/Changes for Employees/Board Members’ form. This form has been modified and is no longer valid for this type of vendor setup. Please submit a completed IRS Form W-9 to Vendor Maintenance for payments to be made to a spouse, dependents, guardians or beneficiaries of a deceased employee. Requests to add or update an employee Vendor ID made payable to the “Estate of …” an employee, may continue to be submitted using the Form Adding Employees CORE Vendor Database. All forms should be submitted to Vendor Maintenance via email to [email protected]. Forms may also be faxed to the updated number 405-521-3663, Attn: Vendor File Maintenance.
>> Back to Top
Agencies are reminded that employee bank deposit slips should NOT be used to get the bank routing/transit number for setting up direct deposit information. A voided check from the employee is the most reliable method. If the employee does not have a voided check or wants to deposit into another type of account, have the employee call the bank directly to get the routing/transit number. A bank routing/transit number should never start with the digit 5. This indicates a branch of the bank and will cause the direct deposit to fail. A direct deposit that fails will not leave OST to be paid and additional processing by the agency will be required to pay the employee.
>> Back to Top
We now have two new specialized payroll account codes providing more specific identification of payroll costs for select Higher Education entities. Use of these codes requires OMES Central Accounting and Reporting approval. Contacts are Jennie Pratt at [email protected] or Lisa Raihl at [email protected].
>> Back to Top
ACCOUNTS PAYABLE
The following articles address proper funding used on vouchers where the expense crossed fiscal years. This normally relates to vouchers that include such expenses as services, memberships and travel.
>> Back to Top
Payment of expenses must be split between the fiscal year budgets. Example: If a nine-month service period runs May 1-Jan. 31, the expense should be funded with two months (May 1-June 30) under fiscal year A budget and seven months (July 1-Jan. 31) under fiscal year B budget.
Although, if it is a type of service where advance payment was required and allowed, the cost would naturally fall under the FY budget for the payment period when due.
>> Back to Top
Per Statewide Accounting Manual, Chapter 10.5.2:
Payment of expenses is restricted to amounts applicable to the fiscal year in which the travel occurred. In addition, payment shall be subject to the availability of the amounts in the agency’s budget.
Vouchers for reimbursement of travel expenses shall not cover more than one fiscal year (74 O.S. § 500.3). In cases where the travel period (days claimed) extends beyond the end of the fiscal year, the travel voucher must be ended and a subsequent voucher submitted for the remainder of the trip in the next fiscal year. In addition, the first travel voucher must be annotated to show the travel period is continuous and a copy submitted with the second voucher for verification of the payment history of expenses claimed. If submitted together, a copy of the second voucher must be included with the first voucher.
>> Back to Top
P-CARD/TRAVEL
The current statewide travel contract (SW210) is still mandatory. The signed legislation does not take effect until Nov. 1, 2019.
Agencies must continue to book airfare either through FCM or the online booking tool.
>> Back to Top
|