By Ethel COFIE
The revelation that over 81,000 ghost names were found on Ghana’s National Service Scheme (NSS) payroll highlights a significant cybersecurity and governance challenge. This issue is not just about NSS but serves as a critical lesson for CEOs, CFOs, and leaders of state-owned enterprises (SOEs).
Payroll fraud is not limited to government institutions. Any organization with a large workforce and financial disbursements is vulnerable. The failure of biometric validation at NSS raises key questions:
- How did fake names bypass verification?
- What loopholes were exploited?
- How can organizations strengthen payroll security to prevent similar fraud?
This article examines how such fraud could have occurred despite biometric validation and outlines actionable steps for CEOs and SOEs to secure payroll systems and prevent financial loss.
Step 1: How Fake Identities Could Have Bypassed Biometric Validation
Biometric systems are designed to verify identity through fingerprints or facial recognition. However, if ghost names still appeared on payroll, individuals involved in the fraud likely manipulated the system at the enrollment stage.
How This Could Happen in Any Organization
Pre-Registered Fake Biometric Profiles
-
- If the system allowed manual entry of biometric data, ghost names could have been preloaded with fake fingerprints or facial scans.
Reusing Real Biometric Data for Multiple Identities
-
- Some employees could have registered multiple times under different names but with the same biometric data.
Marking Unverified Employees as ‘Validated’
-
- If administrators had system privileges, they could have manually marked unverified names as “approved” without actual biometric scans.
Enrolling Real Individuals as Ghost Names
-
- Fraudsters may have paid real people to scan their biometrics multiple times under different identities.
How CEOs & SOEs can prevent this
Ensure Biometric Enrollment is Mandatory for Payroll Inclusion: Every payroll entry should be linked to a real-time biometric scan, preventing manual overrides.
Deploy AI to Detect Biometric Duplicates: AI-powered systems should flag identical fingerprints or facial features registered under different names.
Secure Enrollment Access: Limit biometric data entry privileges to a separate, independent security team rather than payroll or HR.
Step 2: How Payroll Verification Systems Can Be Manipulated
Once a fake name enters the system, it must pass payroll verification checks before payment. Weak security protocols allow fraudsters to manipulate this process.
How This Could Happen in Any Organization
Abusing HR & Payroll System Privileges
-
- If HR teams can approve employee verification without an external audit, fraudulent records can easily be marked as valid.
API & Data Transfer Manipulation
-
- If verification is handled through API calls fetching data from external sources, attackers could modify the API response before payroll processing.
Tampering with Audit Logs
-
- If logs can be deleted or modified, fraudsters can remove traces of unauthorized payroll additions.
How CEOs & SOEs Can Prevent This
Require External Verification Before Payroll Approval: Cross-check new employees against national ID records (NIA, SSNIT) before salaries are approved.
Implement Blockchain for Payroll Logs: Blockchain-based payroll records ensure that no one can modify, delete, or alter approval logs.
Restrict Payroll Verification Access: Segregate duties so that HR cannot approve names and finance cannot process payroll without external verification.
Step 3: How Ghost Names Received Payments Without Detection
For payroll fraud to succeed, ghost names must receive payments without raising red flags.
How This Could Happen in Any Organization
Using Real Bank Accounts for Fake Employees
-
- Fraudsters could have used real but inactive employee bank accounts to receive salaries.
Registering Fake Mobile Money Accounts
-
- Large-scale payroll fraud often involves hundreds of fraudulent mobile money wallets, each receiving small, low-detection transactions.
Gradually Increasing the Number of Ghost Names
-
- Instead of adding all ghost names at once, payroll numbers grew slowly over time to avoid suspicion.
How CEOs & SOEs Can Prevent This
Require Biometric Authentication for Payroll Disbursement: Instead of just verifying employees at onboarding, require real-time biometric scans before salary payments.
AI-Powered Payroll Monitoring: Machine learning models should flag:
- Employees receiving salaries but never logging into internal work systems.
- Multiple payments linked to the same biometric ID or bank account.
Real-Time Banking Cross-Verification: Partner with financial institutions to ensure salaries are paid only to active, verified employees.
Step 4: How Weak Oversight Allowed the Fraud to Continue
Large-scale fraud doesn’t go unnoticed—it persists because oversight mechanisms fail.
How This Could Happen in Any Organization
Lack of Frequent Payroll Audits
-
- If payroll audits were infrequent or superficial, ghost names could persist for years.
Failure to Conduct Physical Employee Verification
-
- Many payroll fraud schemes rely on digital-only validation, making it easier for fake employees to remain undetected.
Lack of Action on Red Flags
-
- Payroll fraud is often hidden in financial reports, and if leadership ignores unusual trends, fraud thrives.
How CEOs & SOEs Can Prevent This
Quarterly Independent Payroll Audits: External auditors should review payroll records every three months to detect irregularities.
Mandatory Surprise Employee Verification: Conduct random biometric attendance checks at worksites to confirm employees physically exist.
AI-Powered Payroll Fraud Dashboards: Deploy analytics dashboards to flag:
- Employees receiving salaries but not appearing in biometric logs for months.
- Departments with unusual payroll increases.
Final Thoughts: Payroll Fraud Is a Governance Issue, Not Just an IT Problem
The NSS ghost name scandal is a wake-up call for every CEO, CFO, and leader of state-owned enterprises.
Payroll fraud is not just a technical failure—it is a governance failure. It can drain millions in public funds, destroy organizational credibility, and expose companies to financial and legal risks.
Key Takeaways for Business Leaders & Government Institutions
Biometric validation is not enough—it must be combined with real-time verification and external cross-checks.
Payroll verification must be independent—HR, IT, and finance must have segregated duties to prevent internal collusion.
AI-powered fraud detection is critical—manual audits alone cannot detect payroll fraud at scale.
Executives and government leaders must treat payroll security as a core governance issue, ensuring biometric authentication, banking verification, and real-time fraud detection are embedded into payroll systems.
If these measures are not implemented, payroll fraud will continue to drain financial resources across both public and private institutions.
