After Payroll Provider Collapses, Banks Drain Employee Accounts (techtarget.com) 105
dcblogs writes: MyPayRollHR, a payroll processing provider with about 4,000 small to mid-sized business customers, suddenly closed late last week. In response, the banking system went haywire and began taking funds from employees at many of these firms. Previously deposited pay was removed from their personal banking accounts, or 'reversed.' Not once, but twice and there are reports that these withdrawals happened continuously. The checking account of one employee of an animal rescue facility was pinged for nearly $1 million. Her account shows a negative $999,193.75.
May as well keep going (Score:5, Funny)
If they keep withdrawing enough surely they will reverse the sign bit on her balance and she'll have positive 10 bazillion dollars!
Re:May as well keep going (Score:4, Funny)
I was suspicious when I saw it was named "MyPayRollHR". It sounds like one of those counterfeiting stores on Amazon.
MyPayRollHR
UPayHRyay
happyHRPayStuff
HrRainbowBlissNow
QualityPayRollThings4U
Re: (Score:3)
Re: (Score:2)
Or a product, PostgreSQL rules MySQL drools!
[Prepares for karma burn].
Yep (Score:2)
Nope... code was written in Rust.
Turns out you were mistaken, code was written by rusty programmers, not *in* Rust.
Re: (Score:3)
Re: (Score:2)
Ten brazillion dollars isn't all that much.
Re: (Score:2)
How many millions is a brazillion?
Computer error? (Score:2)
If you want to mess something up, hire a human to do it... If you want to make the same human error repeatedly, buy them a computer.
Somebody hired a computer...
Now they have billions of dollars.... Borrowed from hapless hard working folks a few million at a time..
Re:Computer error? (Score:5, Interesting)
Human error
Re: (Score:2)
Re: (Score:2)
Unforeseen consequence.
Cachet requests a reversal.
Reversal happens but money is diverted away from Cachet.
Cachet checks status, sees no transfer.
Cachet requests a reversal.
Etc.
Re: (Score:1)
When you deposit money in the bank, it is the banks money not yours. The bank is legally responsible for the money you give them, but you give the bank money and they own it, not you.
That money in your checking and saving account, isn't sitting in a big money vault. But going out to loans to other people to buy cars, houses and start their own business. Where they pay back the loans with interest, this is how banks make a profit.
CDs give you a higher interest because the bank holds on to the money longer w
Re: (Score:2)
Re: (Score:1)
Fraud
"They manipulated the account, so that instead of the money going from the employer to our Cachet settlement account, it went into a different account that was controlled by MyPayrollHR — or Michael Mann, I assume, who is the principal," Slavkin said.
The company was probably insolvent, and one week "Michael Mann" decided to take the money and run to some tropical nation with no extradition treaty. Spending the rest of your days sipping Mai Tais on the beach (paid for with some other fool's money) sounds better than losing everything and begging for your old job back at BigCorp HR after your startup with a stupid name fails...
Re: (Score:2)
"Michael Mann"
I always wondered what became of him after all that climate hockey-stick bullshit.
Re: (Score:3)
Careful. He'll sue [washingtonpost.com]!
Re: (Score:2)
I still not clear on how this could happen as described. Our software generates ACH files for direct deposit, and the files contain either only one transaction record for each employees pay amount and their bank account #/routing # or those transactions and a balancing transaction with the company's account # to deduct the funds from. Not all banks required the balancing entry as the ACH file is uploaded typically through a secure web portal and some banks have other means for the customer to designate wh
Re: (Score:2)
The KrebsOnSecurity article explains it. It appears MyPayrollHR submits two ACH files, one that is supposed to transfer total direct deposit funds paid for each client into Cachet's holding account and one that transfers the individual amounts for each employee from the holding account to the employee's bank accounts. Money never moves directly from the employer bank account to the employees' bank accounts.
Cachet processed a file that moved client money to an account controlled by MyPayrollHR rather than
Well, at least (Score:3)
This is Good for Bitcoin.
Re: (Score:2)
This is Good for Bitcoin.
You mean because there are obviously extreme idiots are work? Sure. The more idiots the temporarily better Bitcoin (and any other pyramid schemes) do.
Re: (Score:2)
Re:Well, at least (Score:4, Insightful)
Most bank transfers have a fee?
Re: Well, at least (Score:3)
Re: (Score:2)
As an employer I pay a fee to transfer pay to employees.
The bank that manages your payroll account might even pay you for the privilege of doing so. You are not bright at all if you are paying them extra for it. Its a fractional reserve world and that payroll account lets them lend out many times more than whats in that account at any given moment.
...and thats without the data mining profits they get off it.
NOT. BRIGHT. AT. ALL.
Re: (Score:2)
Re: (Score:2)
Standard fee in Europe, regardless of transaction volume is something like 0.14 cent per transfer last time I checked. Most banks just charge you a flat fee and do not bother to collect that.
Re: (Score:2)
Re: (Score:2)
Bitcoin transactions take less than 20 minutes; and any fees are overwhelmed by it's deflationary nature.
Re: (Score:2)
Assuming good performance, privacy and low transaction fees, maybe. There is a reason transfers are reversible in traditional banking. Although AFAIK, 4 weeks are the assured limit and usually banks do it by convention up to 6 weeks after the transfer, but not longer. Something must have really gone wrong here if earlier transactions were reversed. At least in Europe, the receiving bank becomes liable if they agree to reverse older transactions. Of course, transactions that were fraudulent are something el
Re: (Score:2)
Another blow to the banking sector (Score:2)
Sorry for those affected. Dealing with banking/financial stress is horrible.
Seems the future is wide open for entrepreneurs to set up payroll-processing operations that pay with Bitcoin etc.
Re: (Score:2)
Hey, sound like the Bitcoin Nutters have arrived!
Re:Another blow to the banking sector (Score:5, Funny)
We never really leave. We just continue to hang around in the background like a bad smell waiting for something else to smell worse so we can join in.
Re: (Score:2)
Sorry for those affected. Dealing with banking/financial stress is horrible.
Seems the future is wide open for entrepreneurs to set up payroll-processing operations that pay with Bitcoin etc.
So you're saying that appealing and reversing an erroneous BC transaction is easier than arguing with a branch manager at your local bank? What's that process, exactly?
Re: (Score:2)
Don't talk to anyone. Just sue. Immediately and for a *lot* of damages. The Bank has lots of money to pay the outside lawyers to defend, or if they know what is good for them you will just offer to settle immediately since they haven't a leg to stand on.
Re: (Score:2)
Exactly. The banks need motivation to fix their systems. Arguing with the manager at the local bank is a waste of time.
Re: (Score:2)
Arguing with the manager at the local bank is a waste of time.
Not necessarily. Once I got a bank loan for a car I'd bought. The bank kept sending me letters telling me that I had to buy insurance for the car, or else the bank would buy the insurance and charge me for it. I kept telling the bank that I had insurance, but I kept getting the letters.
Finally I went to a branch of that bank, and talked with a manager (I think the manager of the entire branch). I showed him proof that I had car insurance. I told him that he needed to change my bank records to indicate that
Re: (Score:2)
Re:Another blow to the banking sector (Score:5, Insightful)
They gave the bank permission for the payroll company to deposit the funds. The first time a cancellation request came the bank was right, at least from the bank's standpoint, to honour it, assuming that the transaction had not already cleared through the system. Any subsequent cancellation requests for the same transaction had to be rejected by the bank because the transaction was already cancelled. The bank is at fault for repeatedly taking out funds for the same transaction, or for cancelling cleared transactions for which the funds were received (if multiple pay periods were cancelled).
Re: (Score:2)
Re: Another blow to the banking sector (Score:1)
Re: (Score:2)
Re: (Score:2)
No. Years back I looked closely at the banking terms of service. Buried in them was the line: "The bank is not liable for any errors including their own."
I believe the clause is still in most bank accounts, but the wording has been changed to make it less obvious.
Since then, I have seen situations with printed evidence (the original check). The bank never does anything wrong. There is even a new scam against small businesses. With the advent of cell-phone based check d
Re:Another blow to the banking sector (Score:5, Informative)
Did the bank do anything wrong?
Yes.
You've given them authorization to accept deposits and withdrawals from your employer or their payroll system
No. I've never seen or heard of anybody giving their employer permission to make withdrawals.
A valid request (as far as they know) comes in
Withdrawing a million dollars from an account with an average balance of a few hundred and a current balance of a few hundred is very obviously not a valid request.
Re: (Score:2)
Happened to me (Score:4, Funny)
It drained my entire account of the equivalent of a years' pay. $50,000 in IT in San Jose. At least I get a Christmas bonus.
Were these .... (Score:4, Insightful)
This is why I prefer a printed check. The rules are pretty clear about check deposits. Once the funds have cleared, they are in my account. I grant no one permission to put funds in automatically, because I suspect that there is something in the fine print which allows them to pull them back out. Computer goes nuts and this happens.
Re: Were these .... (Score:5, Insightful)
Never let anybody do ACH to your primary store of value account(s). If you get direct deposit, set up an automatic transfer that moves your payroll amount to a different account the same day. Goes double for Paypal. Ideally this goes to another bank. Tell your bank(s) to not honor overdrafts (if they will).
When something goes wrong, let the corporations be the ones holding the bag - they're all too happy to have it be you.
Re: (Score:3)
Never let anybody do ACH to your primary store of value account(s). If you get direct deposit, set up an automatic transfer that moves your payroll amount to a different account the same day.
Problem is, all those bank fees add up and end up costing quite a bit, especially when you consider that you generally have to pay a fee at both ends when transferring money from one bank to another. EFT fees are very steep.
Re: (Score:3)
Must suck to live in a third world country.
Private bank transfers are cost free in the EU ...
Re: (Score:2)
Re: (Score:2)
Yes they are... in most banks, at least. Actually I have one bank account that is a net gain for me, because I get a smallish percentage back on direct debit bills (basically utilities), and the fees for everything I usually do (credit card paid off end of month after my salary comes in, debit card, www and app access, national and international SEPA transfers [wikipedia.org]) are zero.
Re: (Score:3)
Re: (Score:2)
They can still revers the ACH for something like 90 days, including reversing the transfer to your other account it funded.
The principle is that if a mistake is made, everybody can go back and rewrite history for a time. Last I heard, this was good for 90 days. It's also true for stock transactions. They don't really settle for a day or so after they are made, so if any recording errors or frauds can be rolled back and corrected.
CU's (Score:2)
Re:Were these .... (Score:4, Interesting)
This is why I prefer a printed check. The rules are pretty clear about check deposits. Once the funds have cleared, they are in my account. I grant no one permission to put funds in automatically, because I suspect that there is something in the fine print which allows them to pull them back out. Computer goes nuts and this happens.
Electronic payments can be reversed for up to 90 days. I found this out two decades ago when I was buying a house using funds my employer had deposited into may checking account to cover parts of the transaction costs. The closing company wouldn't accept my personal check and the bank wouldn't issue a casher's check or cash for 90 days. Messed up the closing and really ticked me off... But if you think about it, it kind of makes sense that ACH transactions should be reversible if made in error.. Just like a bad check will be reversed if it's found to be unfunded.
Re: (Score:2)
Re: (Score:2)
If there isn't any money in the account, then why even allow the transfer in the first place?
Because that’s not the only reason a transaction can be reversed. Fraud, for example, is a common reason why banks rescind transactions.
Re: (Score:2)
I had no idea this existed in the US. I cannot imagine having such a "feature" in Europe.
Re: (Score:2)
Re: (Score:2)
The story above is about criminals withdrawing funds.
Does not matter if you got the money into your account by a "wire transfer" or via a check ... they would withdraw it anyway illegally.
ACH let's them take more then they put with over (Score:2)
ACH let's them take more then they put in and they can then hit you with overdraft fees
Re: (Score:2)
Why is this such a convoluted process? (Score:3, Interesting)
I don't understand why there are so many layers involved in cutting someone a paycheck. An employer hires MyPayrollHR to do their payroll, except apparently MyPayrollHR isn't capable of actually moving money (you know...the specific thing they're hired to do) so they contract that out to some other company; but that third company can't figure out how to collect payroll taxes, so that's outsourced to yet another provider who's skimming off the top, and suddenly there are 10 different companies touching your employees' money and 10 different places to fuck it all up and 10 different middlemen sucking money out of your company.
This whole process is fucking stupid.
Re: (Score:2)
Re: (Score:3)
Welcome to the modern technology driven world where even your paycheck is outsourced :D
Payroll is one of the very first things that most companies outsource. Running a payroll is very time consuming and complicated, and there are steep penalties for getting it wrong.
Re:Why is this such a convoluted process? (Score:4, Interesting)
Payroll is one of the very first things that most companies outsource. Running a payroll is very time consuming and complicated, and there are steep penalties for getting it wrong.
So we should see some steep penalties here, yes?
Re: (Score:3)
Theoretically, yes. The trick will be finding those responsible and money connected to those responsible so that those penalties can actually be enforced. That gets a lot harder when provider has gone down the rabbit hole. Their best hope may be trying to hang responsbility on their actual employers who are still in business, because they hired the provider. As usual, the real winners will be the lawyers.
Re: (Score:2)
I've read several articles where the employers have already taken steps to make employees whole. I think the law normally provides some room for human error/circumstances beyond the employers control if the employer has already taken steps to correct the situation.
For now I think a lot of employers may be out the money for one week of payroll for a while. They'll also have to make up the payroll tax deposits if those have disappeared as well.
Re: (Score:3)
Steep penalties apply to the company doing the payroll. As in they didn't deduct enough off your pay to cover taxes or missed a deduction etc. Then there's the tax slips that have to be created and sent out which accurately reflect what you earned. Add in stock purchase plans, retire
Re: (Score:2)
Indeed. We should bankrupt and close the payroll provider...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I agree, it's stupid.. It's also very insecure..
Literally anybody who has access to the network that does this can dump a file of transactions into it. There is little in the way of security here. If we trust you, we trust you. So when a previously trusted user puts in their transactions, who's going to know the account numbers are different than yesterday, flag the transactions as suspicious and not accept them? Account numbers are always changing.
Computer error or nefarious actor? (Score:3)
Re: (Score:3)
Given what happened... It sure looks suspicious. It *could* be a mistake, but it sure smells like fraud to me.
The normal process moves money though three accounts. The employer's, the Company handling the Paychecks and the employee.
What happened is the Employer to Processing Company transfer was redirected to a different account, but the employees where paid out of the normal Processing company account (which apparently had enough funds to cover). The second set of transactions where reversed, once with
Re: (Score:2)
Re: (Score:3)
Reading the articles, it's both. The constant reversals are honest (well, as honest as our banking system can be) foul-ups. Batch processes run amok, using input with errors from people at a bank (Cachet) trying to undo fraudulent transactions.
The fraudulent transactions came from MyPayrollHR, who gave Cachet instructions to move money from employer's accounts to a MyPayrollHR-controlled account instead of a Cachet holding account, then instructed them to move money from the Cachet holding account to the em
Sure errors happen. (Score:4, Funny)
Re:Sure errors happen. (Score:4, Insightful)
LOL.. You DO realize that they don't keep the paper anymore right?
Pretty much every check is cleared and paid by ACH transactions anyway. The actual check is usually destroyed after it's scanned. Where they used to return the check to the writer, that is rarely done anymore. It was too expensive. Now they scan the check, convert it to a ACH and post the transaction. They get their money faster and it costs lest for the banks.
Re: (Score:2)
You don't use your phone to take pictures of the cheque and deposit it with the bank's/credit union's app?
Re: (Score:2)
But this is why I still prefer checks with a paper trail. Automated movement of numbers over a network is great until it isn't.
Wait what? You prefer a system that gives you no indication of whether you actually have money other than a pinkie promise written on a piece of paper over a system that actually gives you that money directly the very moment you are issued it?
You'd have to be mad to voluntarily be on the receiving end of a check.
Better article (Score:4, Informative)
Slogan... (Score:2)
(hey if it works for an essentially automated bank, maybe it will work for payroll... take a "frown" and turn it upside down)
Clearly just rounding errors when taking out taxes (Score:5, Funny)
Joanna: [Confused] So you're stealing?
Peter Gibbons: Ah no, you don't understand. It's very complicated. It's uh it's aggregate, so I'm talking about fractions of a penny here. And over time they add up to a lot.
Joanna: Oh okay. So you're gonna be making a lot of money, right?
Peter Gibbons: Yeah.
Joanna: Right. It's not yours?
Peter Gibbons: Well it becomes ours.
Joanna: How is that not stealing?
Peter Gibbons: [pauses] I don't think I'm explaining this very well.
Joanna: Okay.
Peter Gibbons: Um... the 7-11. You take a penny from the tray, right?
Joanna: From the cripple children?
Peter Gibbons: No that's the jar. I'm talking about the tray. You know the pennies that are for everybody?
Joanna: Oh, for everybody. Okay.
Peter Gibbons: Well those are whole pennies, right? I'm just talking about fractions of a penny here. But we do it from a much bigger tray and we do it a couple a million times.
no it's like milton we don't fire people just stop (Score:2)
no it's like milton we don't fire people just stop their pay check.
separate accounts (Score:3)
I had an employer that insisted on distributing expense reimbursement by direct deposit, even though we could have actual paychecks. I created a separate account for that, specifically for this kind of idiocy. Once deposited, I moved the money to my regular account.
I do the same thing for PayPal. Rather than tie it to a credit card, I have a PayPal account into which I transfer enough to cover anticipated expenses. Should there be some sort of error/hack/..., all that can be taken is that amount.
Re: (Score:2)
If the separate account is at the same bank, I wouldn't trust this technique to protect you in any way. When the unwind happens and fails, someone at the bank will look at what's up and helpfully "fix" it. Remember, they aren't representing you, they are working for the bank, and the banks work together by default.
If the separate account is at a distinct bank, there's a chance - possibly they'll just initiate a chain of unwound deposits, but possibly someone will decide to question the original unwind req
Correction (Score:1)
The checking account of one employee of an animal rescue facility was pinged for nearly $1 million.
The term you're looking for is dinged [wiktionary.org]. See verb definition 5:
(transitive, colloquial) To deduct, as points, from another, in the manner of a penalty; to penalize. My bank dinged me three bucks for using their competitor's ATM.
Sincerely,
Your Friendly Neighborhood Pedant.
Fail to pay can = jail so your office better fix i (Score:2)
Fail to pay can = jail so your office better fix it fast or the boss can endup in lock up.
"Payroll" and "HR" in the same name? (Score:2)
This is why I got REALLY pissed when my ex-employer automatically signed me up for a payroll deposit with another bank without my permission. It supposedly wouldn't go active until I called up and confirmed I wanted the account, but there's always something that could go wrong.
On the plus side, my ex's stock price is now worth 1/14th what it was when I quit a few years ago.
Don't US bank accounts have limits? (Score:2)
Here in .nl, bank accounts have a debit limit. When you're at the limit, you can't withdraw any more. My bank sets the limit at 0 by default (the account owner can change it online if necessary). Being able to withdraw $1M from an account that's never held that much sounds like a recipe for disaster.
There's More to the Story.... (Score:1)
Thanks for the useless 5 sentence summary Slashdot... there's WAY more to the story. This was part of a massive fraud operation by Michael Mann, the CEO of MyPayRollHR. Check out the article from Kreb's on Security [krebsonsecurity.com] for more details.