Payroll Outsourcing Firms are High Value Targets for Cybercriminals

Authentify Logo

CHICAGO, May 8, 2014 (GLOBE NEWSWIRE) -- The heaviest part of the 2014 tax filing season is in the rearview mirror for most U.S. citizens, but it will still take some months to discover whether the increase in tax return fraud has been slowed. If recent history is any indicator, the answer is an emphatic "No."

In 2010, 15 percent of the complaints received by the Federal Trade Commission were tax fraud related. In 2013, the number of tax fraud related cases rose to 44 percent. Interestingly, this rise corresponds to the 30 percent growth rate in the outsourced payroll market space.

Payroll and tax return fraud was a conversation topic of significant concern this week at the 2014 joint summit of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and BITS. The conference, held this year near Jacksonville, Fla., is an annual gathering of the "cyber warriors" of financial services - a title bestowed during a keynote address by former FBI director, Robert Mueller. Payroll fraud is typically discovered when viewing bank accounts, and banks are typically the first to be queried.

"It's a perfect storm," said John Zurawski, vice president of marketing for Authentify, Inc., one of the sponsoring organizations of FS-ISAC. "Smaller firms are outsourcing business processes like payroll because cloud services are making it more cost effective than ever before. Cybercriminals target smaller businesses because their security practices are only average. For payroll services protected with only usernames and passwords, it's almost too easy."

Brian Krebs, investigative reporter and author of the daily blog, Krebs on Security, explains how these attacks occur, with an online gang preying on the payroll accounts for smaller healthcare providers and doctors in order to launch tax return fraud. The gang had their own online dashboard for managing the medical record and payroll fraud for individuals who have had their personal information compromised. Krebs also dug into the lack of two-factor or multi-factor authentication being offered by some providers.

In one of her research reports, Avivah Litan*, vice president and distinguished analyst at Gartner Research, also cites out-of-band authentication. "Out-of-band or dedicated hardware-based transaction verification affords stronger security and a higher level of assurance than in-band processes do. The technologies in this layer can be typically deployed faster than those in subsequent layers and go a long way toward defeating malware-based attacks."

A long-time member and sponsor of the FS-ISAC, Authentify introduced phone-based two-factor authentication workflows to the security space in 2001. "We have hundreds of banking clients," according to Zurawski. "The banks got better at defending accounts they control. As a result, the cybercriminals moved on to weaker links in the supply chain. Unfortunately, it's a target-rich environment."

*Gartner, The Five Layers of Fraud Prevention and Using Them to Beat Malware, Avivah Litan, April 21, 2011 (Gartner Foundational).

About Authentify, Inc.

Authentify, Inc. is the global provider of phone-based, out-of-band authentication. These services enable organizations that need strong security to quickly and cost-effectively add 2-factor or 3-factor authentication layers to sensitive user activities including login, transaction verification and critical account data changes such as adding a payee to an e-pay or wire account. Authentify markets primarily to corporate security, e-commerce, e-payment and financial services firms that need to protect accounts from compromise or other exploits against digital assets. For more information, visit

CONTACT: Deb Montner Montner & Associates, Tech PR 203-226-9290 dmontner AT

Source: Authentify