![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
This is a REALLY weird story that screwed over A LOT of people!
Almost no businesses process their own payroll anymore, they run through one or more processing companies. And that's where this problem takes place.
Here's the explanation from Brian Krebs:
To understand what’s at stake here requires a basic primer on how most of us get paid, which is a surprisingly convoluted process. In a typical scenario, our employer works with at least one third party company to make sure that on every other Friday what we’re owed gets deposited into our bank account.
The company that handled that process for MyPayrollHR is a California firm called Cachet Financial Services. Every other week for more than 12 years, MyPayrollHR has submitted a file to Cachet that told it which employee accounts at which banks should be credited and by how much.
According to interviews with Cachet, the way the process worked ran something like this: MyPayrollHR would send a digital file documenting deposits made by each of these client companies which laid out the amounts owed to each clients’ employees. In turn, those funds from MyPayrollHR client firms then would be deposited into a settlement or holding account maintained by Cachet.
From there, Cachet would take those sums and disburse them into the bank accounts of people whose employers used MyPayrollHR to manage their bi-weekly payroll payments.
But according to Cachet, something odd happened with the instructions file MyPayrollHR submitted on the afternoon of Wednesday, Sept. 4 that had never before transpired: MyPayrollHR requested that all of its clients’ payroll dollars be sent not to Cachet’s holding account but instead to an account at Pioneer Savings Bank that was operated and controlled by MyPayrollHR.
The total amount of this mass payroll deposit was approximately $26 million. Wendy Slavkin, general counsel for Cachet, told KrebsOnSecurity that her client then inquired with Pioneer Savings about the wayward deposit and was told MyPayrollHR’s bank account had been frozen.
Nevertheless, the payroll file submitted by MyPayrollHR instructed financial institutions for its various clients to pull $26 million from Cachet’s holding account — even though the usual deposits from MyPayrollHR’s client banks had not been made.
Everything is done by files being uploaded and downloaded, and those files are never inspected by people after they're initially verified - it's all an automated process. Apparently the CEO of MyPayrollHR thought he could steal the $26mil by diverting it into another bank account, but everything's been frozen and he's vanished with the FBI now involved.
Now things get worse.
Cachet's transfers go through, but they don't have the money from MyPayrollHR. So they issue a reversal. Again, electronic file. But they mess up the file and it's rejected. They do it a second time, and it's accepted, and all of the money that had been deposited into people's accounts is sucked out.
And then the original, misformatted reversal is processed, and the same amount is sucked out again. Resulting in overdrafts galore.
I'm not sure how it happened twice, but it's definitely a mess, and people are having fun trying to convince their banks that they're victims of a fraudulent scheme and trying to get the overdraft charges cancelled.
The one thing that I'd like to see in the Krebs article is some bio information on the CEO: age, family status, etc. Aside from the idiotic name - who would do business with MyPayollHR?! - were there any other warning signs that fraud was going to take place. MyPayrollHR had been in business for 12 years, was the CEO somewhat new or had he been in place since the beginning?
So. Many. Questions!
https://krebsonsecurity.com/2019/09/ny-payroll-company-vanishes-with-35-million/
Almost no businesses process their own payroll anymore, they run through one or more processing companies. And that's where this problem takes place.
Here's the explanation from Brian Krebs:
To understand what’s at stake here requires a basic primer on how most of us get paid, which is a surprisingly convoluted process. In a typical scenario, our employer works with at least one third party company to make sure that on every other Friday what we’re owed gets deposited into our bank account.
The company that handled that process for MyPayrollHR is a California firm called Cachet Financial Services. Every other week for more than 12 years, MyPayrollHR has submitted a file to Cachet that told it which employee accounts at which banks should be credited and by how much.
According to interviews with Cachet, the way the process worked ran something like this: MyPayrollHR would send a digital file documenting deposits made by each of these client companies which laid out the amounts owed to each clients’ employees. In turn, those funds from MyPayrollHR client firms then would be deposited into a settlement or holding account maintained by Cachet.
From there, Cachet would take those sums and disburse them into the bank accounts of people whose employers used MyPayrollHR to manage their bi-weekly payroll payments.
But according to Cachet, something odd happened with the instructions file MyPayrollHR submitted on the afternoon of Wednesday, Sept. 4 that had never before transpired: MyPayrollHR requested that all of its clients’ payroll dollars be sent not to Cachet’s holding account but instead to an account at Pioneer Savings Bank that was operated and controlled by MyPayrollHR.
The total amount of this mass payroll deposit was approximately $26 million. Wendy Slavkin, general counsel for Cachet, told KrebsOnSecurity that her client then inquired with Pioneer Savings about the wayward deposit and was told MyPayrollHR’s bank account had been frozen.
Nevertheless, the payroll file submitted by MyPayrollHR instructed financial institutions for its various clients to pull $26 million from Cachet’s holding account — even though the usual deposits from MyPayrollHR’s client banks had not been made.
Everything is done by files being uploaded and downloaded, and those files are never inspected by people after they're initially verified - it's all an automated process. Apparently the CEO of MyPayrollHR thought he could steal the $26mil by diverting it into another bank account, but everything's been frozen and he's vanished with the FBI now involved.
Now things get worse.
Cachet's transfers go through, but they don't have the money from MyPayrollHR. So they issue a reversal. Again, electronic file. But they mess up the file and it's rejected. They do it a second time, and it's accepted, and all of the money that had been deposited into people's accounts is sucked out.
And then the original, misformatted reversal is processed, and the same amount is sucked out again. Resulting in overdrafts galore.
I'm not sure how it happened twice, but it's definitely a mess, and people are having fun trying to convince their banks that they're victims of a fraudulent scheme and trying to get the overdraft charges cancelled.
The one thing that I'd like to see in the Krebs article is some bio information on the CEO: age, family status, etc. Aside from the idiotic name - who would do business with MyPayollHR?! - were there any other warning signs that fraud was going to take place. MyPayrollHR had been in business for 12 years, was the CEO somewhat new or had he been in place since the beginning?
So. Many. Questions!
https://krebsonsecurity.com/2019/09/ny-payroll-company-vanishes-with-35-million/
