TL;DR: Payroll fraud through “ghost workers” persists when payroll records are not tightly bound to verified identity, prompting Oyo State to launch a worker verification exercise using BVN, biometrics and document capture, according to Seamfix. The case shows that identity proofing and lifecycle governance must stay aligned or payment controls become easy to bypass.
NHIMG editorial — based on content published by Seamfix: ghost worker verification in Oyo State and the use of BioRegistra to reduce payroll fraud
Questions worth separating out
Q: What breaks when payroll identities are not tied to current employment status?
A: Payroll becomes a payment channel for stale or fabricated identities, which means organisations keep paying people who are no longer entitled to receive funds.
Q: Why do browser-based attacks matter to IAM and identity governance teams?
A: Browser-based attacks matter because the browser is where users authenticate, work, and move data in the same session.
Q: How can organisations tell whether identity assurance is actually working?
A: Look for consistency across onboarding, recovery, and re-verification events.
Practitioner guidance
- Reconcile payroll to authoritative HR status Link salary eligibility to a current employment record that must be confirmed before each payment cycle.
- Add duplicate detection to verification workflows Check BVN, biometrics, and supporting documents against existing records before approval so one person cannot appear more than once under slight variations of name or identifier.
- Define an offboarding trigger for payment removal Remove payment eligibility immediately when resignation, retirement, suspension, or death is confirmed through the approved source of truth, and require manual exception approval for reinstatement.
What's in the full analysis
Seamfix's full article covers the operational detail this post intentionally leaves for the source:
- The exact Oyo State verification workflow, including how workers are enrolled and checked against BVN records.
- The Bioregistra capture model for fingerprints, portrait data, and supporting documents across desktop, mobile, and web components.
- How the exercise is intended to detect multiple registrations and remove ghost workers from payroll.
- The role of Sally Tibbot Consulting in the verification process and the stated implementation timeline.
👉 Read Seamfix's article on Oyo State's ghost worker verification initiative →
Ghost worker verification: what identity teams can learn from payroll fraud?
Explore further
Ghost worker fraud is a form of identity lifecycle drift: once a payroll identity becomes detached from a real employment status, the organisation is no longer paying a person, it is paying a stale record. That failure mode is closely related to entitlement sprawl in IAM, where access persists because removal processes are weaker than creation processes. The practitioner lesson is to treat payroll verification as a lifecycle control, not a one-off compliance exercise.
A few things that frame the scale:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who should be accountable when a ghost worker remains on payroll after biometric capture?
A: Accountability should sit with the teams that own identity lifecycle, payroll reconciliation, and exception approval, not with the capture event alone. If employment status, payment status, and biometric status are split across functions, each team can assume another owns the risk. Governance only works when one process owner can trace and close the entitlement gap.
👉 Read our full editorial: Ghost worker verification shows how payroll fraud defeats identity controls