ADVERTORIAL
Andi Robinson, at Dataguard, explains how an intercepted paper payslip can be the start of an ID fraud chain reaction ruining personal lives and the business reputations Payslips and ID fraud
A s an employer, when processing recruitment, payroll and other HR documentation, there are risks to both employee and employer from data breach. These range from the costs to the business of mitigating the effects of a breach, to the financial and psychological
impact on the employee. But it is the reputational impact on the employer that might end up costing the business the most. However much as an identity theft is the responsibility of the fraudster, it will be the business whose system was weak that will likely be the also need your date of birth and mother’s maiden name. How do they obtain this? A simple call, posing as the company’s HR department and using the NI number as initial proof of who they are (because no one knows your NI number right?). With trust established they ask for date of birth, place of birth and mother’s maiden name as security confirmation. The call is concluded by letting the employee know their payslip portal may still be vulnerable to interception. ● Employer-owned portals require security, backup and maintenance. Responsibility for this applies as it would for any employer- controlled data. There is a solution though. Dataguard ePay provides a solid first line of defence protecting your employees’ data and your reputation. It’s a secure digital solution that provides the processes and technology to securely transmit payslips and other confidential HR documents to employees. The uniqueness of this platform is that it will work with all payroll systems – it doesn’t matter which you have now or in the future. Wide range of benefits – From within a high grade security environment, you can reap all the benefits such as reduction in cost, time and environmental impact, with an increase in efficiency and exceeding
one receiving the lion’s share of negative publicity and accountability. So, what makes a payslip so useful to a fraudster? Aren’t there many documents that contain confidential data useful to a bad actor? Here’s Darren Rose, a data privacy expert: has been delayed and another will be sent shortly. Now the identity thief has enough information to fraudulently impersonate you or obtain a fake ID document such as a passport, which, when combined with a fake utility bill and the payslip as proof of employment and salary, will enable them to stack online loans and open bank accounts. www.gdprconsortium.co.uk regulatory and compliance requirements. This can all be done with the minimum of disruption, staff training or development costs associated with such a significant leap forward. Employees receive their epayslip immediately on day of distribution. They have the option of electronically archiving their payslips into the future, beyond their current employment. ePay is available through a simple app on any of their devices - smartphone, tablet, laptop or desktop running IOS, Mac OSX, Android or Windows. Why is ePay so safe? The encryption keys and hash codes are sent to the recipient’s email address separately and via a different route to the encrypted message itself. They only ever join up and work together at the verified destination. o www.dataguard-uk.com
The hidden risk of the insecure distribution of a payslip
On the surface, a payslip appears to include general information; name and address.
However, it may also contain confidential information such as NI
number, employer and salary. To take out an online loan or take over your email account an identity thief would Don’t be responsible for the first domino to fall To avoid being held accountable for allowing the first domino to fall in a disastrous sequence of events for an employee of yours, it is necessary to put in place rigorous processes. Distributing paper payslips is an inherently insecure and costly process. But going digital has it drawbacks too if correct processes and technologies are not employed. ● Emailed payslips are vulnerable to interception, and manually password protected attachments lead to inevitable admin overload. ● Portals are potential targets for attack. The worst-case scenario is if the portal itself stores payslips in unencrypted form. Furthermore, portals may only encrypt the data at rest – the data being transferred to and from the
| Professional in Payroll, Pensions and Reward | July/August 2019 | Issue 52 46
Made with FlippingBook - Online magazine maker