June 25, 2019

Nacha Creates Voluntary Formatting Standard to Help ID Questionable Payroll Credits


Michael W. Kahn

Michael W. Kahn


Payroll impersonation and redirection fraud is a fact of life today, but there’s a new way to help fight it. 

As part of its ongoing commitment to help protect against fraud, Nacha worked with payroll providers, Receiving Depository Financial Institutions (RDFIs) and users to create the new Payroll Credit formatting standard for ACH payroll files. While its use is voluntary, the benefits are real. 

RDFIs would have an easier time identifying payroll credits where there might be questionable activity. And RDFIs and Originators will be able to work together in identifying—and acting on—suspect activity. 

“In certain scenarios, some RDFIs use algorithms and standard programming to search incoming ACH files for potential fraud. They’re looking for items that don’t match historical patterns or are out of the ordinary,” said Jordan Bennett, Nacha Senior Director, Network Risk Management. “By creating a standard for payroll credits, RDFIs could make their algorithms more specific and less general, which will lead to greater identification of suspicious payroll credits.”

According to the FBI, cybercriminals send out phishing emails, looking to get hold of an employee’s payroll credentials. The bad guys then access that employee’s payroll account, changing the bank account information. Salaries are “redirected to an account controlled by the cybercriminal, which is often a prepaid card,” the bureau said in an alert issued last year.

The new Payroll Credit formatting standard is straightforward and easy to use:

  • In the Company Entry Description field, enter PAYROLL.
  • In the Individual Name field, enter the first name, then a space, then the last name, all without punctuation. For example, Timothy Bennett is entered as TIMOTHY BENNETT.
  • When there’s a first and last name that exceeds 22 characters, truncate the last name. For example, Mary-Elizabeth Turnipseed is entered as MARY-ELIZABETH TURNIPS
  • Individual Identification Numbers are at the Originator’s discretion, but “NEW” would appear in positions 40-42 for all first-time entries to an account number. That includes both the first payroll credit for a new employee as well as any changed account number for an existing employee. Using this field signals to an RDFI that it’s a first-time direct deposit from a specific Originator, allowing for use in any fraud checks. 

The standardized formatting in both the Company Entry Description and the Individual Name fields allows RDFIs to recognize the PPD credit as a payroll payment. While the Nacha Operating Rules don’t require RDFIs to name match, the standardized format simplifies the task for those choosing to review payroll credits for questionable activity. 

The Rules exempt an RDFI from the funds availability requirements if it reasonably suspects an ACH credit entry is unauthorized. When that’s the case, the RDFI must promptly notify the ODFI. 

Visit Nacha’s Current Fraud Threats page where you’ll find a wealth of resources, including our newly updated booklet “Protecting Against Fraud: How to Spot and Prevent Fraud Schemes.”