Salary Sacrifice Scheme
T he NHS Counter Fraud Authority (NHSCFA) has identified emerging trends about a new scam targeting salary sacrifice schemes within the healthcare system. These schemes allow employees to purchase items such as bikes, cars, or gadgets at a discounted rate through pre-tax deductions from their salaries. While convenient for employees, the system’s weaknesses have been exploited by fraudsters. Fraudsters are exploiting vulnerabilities in salary sacrifice schemes by acquiring staff credentials through phishing or data breaches, and then manipulating accounts to make high-value purchases, often expensive gift vouchers, that exploit the pre-tax benefit. Unfortunately, some organisations lack robust verification checks, allowing these fraudulent transactions to be processed unnoticed. The delay between receiving the goods and experiencing the salary deduction also means employees often discover the scam only after the damage is done. This not only impacts individual staff financially, but also leads to significant losses for the organisation itself as they reimburse these fraudulent transactions. While affected employees may eventually see their stolen wages returned, the initial financial burden falls squarely on the healthcare organisation, as they are the ones footing the bill for the fraudulent purchases. Beyond the immediate financial loss, these scams also erode public trust in the NHS and wider healthcare sector, raising concerns about the security of their systems and data. This reputational damage can have far-reaching consequences, ultimately impacting the public’s confidence in the healthcare system they rely on.
What can be done? There are actions that individuals and organisations can take to help mitigate the risks associated with salary sacrifice scheme fraud: Stronger passwords : Staff should practice good password controls, using strong, unique passwords and enabling multi-factor authentication wherever possible. For example, using a passphrase or three random words as your password and ensuring they are a minimum of 14 characters in length. Increased vigilance : Be cautious of suspicious emails, texts, or phone calls requesting personal information. Report any such attempts to the relevant authorities. Robust verification : Organisations must implement stricter verification procedures for salary sacrifice scheme enrolment and purchases. This could include additional checks, approvals, and notifications. Raise awareness : Educating staff about this scam and its modus operandi can help them stay vigilant and identify potential attempts.
8 | SCRUTTON BLAND | COUNTER FRAUD
COUNTER FRAUD | SCRUTTON BLAND | 9
Made with FlippingBook Learn more on our blog