Two moments you may have already seen
A contractor who has been with your program for six weeks submits a request to update their banking details. It looks routine, and someone approves it. The next payroll cycle, the funds go somewhere they shouldn’t.
Or: you onboard a senior developer. The interview was solid. References checked out. The first sprint looks fine. Then delivery quality drops, the working style changes, and someone on your team says something no one wants to hear: are we sure the person doing the work is the person we interviewed?
Neither of these shows up in your bad-hire cost model.
The standard 1.5-to-2x salary estimate captures something real — what it costs to exit a poor performer and restart a search. That’s a recoverable cost. But it describes only one layer of exposure. The layer you caught and acted on.
The fraud problem is not what you caught and replaced. It is what ran undetected, what you absorbed as ordinary variance, and what you never thought to measure at all.
Candidate fraud in contingent work operates on a four-level continuum. Most organizations have reasonable visibility into the first level. They are absorbing the second without measurement. They occasionally experience the third without naming it as fraud. And they have never assessed the fourth — until an incident forces the question.
This document names all four.
The four-cost continuum
These costs are not equal in frequency or magnitude. They sit at different points along a spectrum: from visible to invisible, from recoverable to consequential. The further along the continuum, the less likely an organization is to have a number for it — and the more damage it can do before anyone names it.
COST
01
Delivery failure
The cost you can see
Substitution, skills inflation, AI-assisted interviews, performance that degrades after onboarding. The work doesn’t match the expectation. You catch it. You act. You absorb the replacement cost.
COST
02
Operational drag
The cost you absorb
Slower velocity. Rework. Internal teams covering gaps they didn’t create. None of it gets labeled as fraud. It looks like a difficult engagement or a fit issue. The cost is real but invisible in the books.
COST
03
Security and financial exposure
The cost that looks like a process failure
Unauthorized subcontracting. Access that expands without review. Banking instruction changes. Location drift into unapproved jurisdictions. When these surface, they rarely get classified as fraud. Until they do.
COST
04
Program integrity
The cost you can’t fully recover
When a fraud incident erodes confidence in the program itself. Stakeholders route decisions around it. Leadership loses trust in the data. The program loses standing it took years to build.
Cost 1: Delivery failure
The cost most organizations already measure — partially
This is the familiar layer. A hire who looked credible through screening turns out to be something different in delivery. The fraud may have been deliberate — AI assistance during interviews, a proxy who handled screening, credentials that were inflated or fabricated. Or it may have been misrepresentation combined with rushed hiring decisions.
What it produces: velocity drops, quality slips, rework accumulates, the team absorbs the gap. At some point someone makes a call and the engagement ends. A replacement process begins.
This is what the 1.5-2x bad-hire model captures. It is a real cost. But it is the fraud you caught. Not the fraud you missed.
What to watch for
-
Strong interview, weak delivery
-
Skills that don’t transfer from screening to environment
-
Working style or communication patterns that shift materially after onboarding
-
An inability to complete tasks the interview suggested were well within reach
Cost 2: Operational drag
The cost absorbed as ordinary variance
This layer is harder to see because it does not announce itself. There is no incident. There is no decision point. There is just a program that runs a little slower than it should, a team that manages a little more than it should, outputs that require a little more oversight than they should.
The underlying causes are often fraud-adjacent: a contractor who secured the role through inflated credentials and is working at 60% of expected capacity; a resource that was substituted midway through an engagement without disclosure; a worker managing multiple simultaneous engagements and distributing effort accordingly.
Candidate fraud doesn’t always fail visibly. Sometimes it just costs you quietly — in every sprint, every handoff, every review cycle that takes a little longer than it should.
Because none of this surfaces as a specific incident, it never gets investigated, measured, or attributed. It becomes part of the baseline. And the baseline gets accepted.
What to watch for
-
Delivery that consistently underperforms without a clear explanation
-
Output patterns that don’t match the stated experience level
-
Internal team members carrying more than their share
-
Rework that recurs without root cause analysis
Cost 3: Security and financial exposure
The cost that looks like a process failure — until it isn’t
Every contingent engagement involves a basic transfer of access: to your systems, your data, your workflows. That access was granted based on who you believed you were engaging. When the underlying identity, location, or working arrangement differs from what was represented, the access profile is wrong.
This is not theoretical exposure. The patterns that create it show up regularly:
-
Unauthorized subcontracting — work passed to a third party the organization never vetted
-
Access creep — access that expands incrementally without review or reauthorization
-
Payment and banking fraud — instruction changes that feel administrative until they result in misdirected funds
-
Location misrepresentation — work performed from jurisdictions that violate security policy, data sovereignty rules, or contract terms
These exposures are difficult to manage because they exploit the moments where organizations have optimized for speed. A banking change request looks like a routine HR update. A location shift looks like a remote work preference. Each is low-friction by design — because friction is what would catch it.
What to watch for
-
Banking or payment instruction changes from contractors, especially early in an engagement
-
Location data that doesn’t match declared working arrangements
-
Access that expands without a corresponding change in role scope
-
Subcontracting disclosures that are absent or vague
Cost 4: Program integrity
The cost you cannot put a number on
This is the cost that program leaders who have lived through a significant fraud incident understand intuitively — and that everyone else underestimates until it happens to them.
When fraud becomes visible inside an organization — a substitution scheme that gets exposed, a payroll diversion that requires investigation, an access incident that pulls in security and legal — the program itself comes under scrutiny. Not just the incident. The program. The oversight model. The controls. The people responsible for them.
What follows is not just remediation. It is a credibility deficit. Stakeholders who relied on the program start routing decisions around it. Senior leaders ask questions they never asked before.
A single high-profile fraud incident doesn’t just cost what it costs. It resets the trust baseline for everything that came before it.
This cost is not recoverable in a quarter. In some organizations, it reshapes the program permanently: more oversight, more friction, less autonomy, and reduced scope. The programs with the most credibility to lose often had the least visible fraud exposure — which means the incident that caused the damage was often Cost 1 or Cost 3 in disguise.
What to watch for
-
Rising skepticism from internal stakeholders about program data or decisions
-
Increased requests for oversight documentation
-
Leadership questions about controls that were never raised before
-
Any pattern that suggests confidence in the program is eroding before a formal incident has occurred
Why all four costs are more likely now
Candidate fraud is not new. Three changes have made every layer of the continuum more likely to materialize.
The tools improved.
AI assistance during interviews, synthetic credentials, and deepfake proxies have raised the quality of fraudulent presentation while lowering the cost of attempting it. Screening signals that worked five years ago pass today even when the underlying risk is higher.
Delivery got more distributed.
Remote and hybrid work created more handoffs, more system access points, and more normal variability in how work gets done. That variability provides cover. When every team works differently, fraud blends into ordinary delivery noise.
The economics became favorable for the fraudster.
Most schemes don’t require a high success rate. They take volume shots. A few land. The losses show up later and look like performance issues — which is precisely why they stay in Cost 2, absorbing quietly, rather than surfacing as incidents.
The front-door controls most organizations rely on — background checks, structured interviews, reference verification — are necessary. They are not sufficient. The question is not whether to have controls. It is where to put them.
The diagnostic
The four-cost continuum is most useful not as a taxonomy to memorize, but as a diagnostic to apply. Here is where most programs actually sit:
Cost 1 — Most programs have a replacement process and a rough cost model. They can flag and address delivery failure. This layer is visible.
Cost 2 — Almost universally unmeasured. It shows up in program data as variance, not fraud. No one has built a model for it because no one has named it as a cost category.
Cost 3 — Inconsistently managed. Organizations that have experienced a payment fraud or access incident have usually responded with a control. Organizations that haven’t tend to discover this exposure at the wrong time.
Cost 4 — The one no one wants to discuss until it is relevant. Which is usually the wrong time to start.
The question worth asking: which of these costs is your organization currently measuring — and which ones are you absorbing without a number?
What this is not
This is not a call to treat every contractor as a suspect. Most contingent workers are credible, capable, and exactly who they say they are.
This is a call to know where your measurement actually stops — and to have that conversation before an incident answers the question for you.
The four-cost model is a diagnostic lens, not a compliance checklist. Organizations that use it well tend to have a few things in common: they have named the risks clearly, they have built lightweight checkpoints into normal workflows, and they have made it easy for people to escalate something that feels off without making it a major event.
Fraud thrives in gaps and silences. The simplest counter is a culture where people talk about what they are seeing — and a program that gives them a framework for naming it.
Go deeper
Procom has published a full framework for assessing your organization’s fraud risk posture — including the financial modeling behind each cost level and a self-assessment tool you can run internally. Download the whitepaper.
If any of this maps to what you’re seeing in your program, I’m happy to compare notes. You can reach me at [email protected] or connect with me on LinkedIn.
About the author
Simon Gray
With over 25 years of experience in strategic staffing, Simon leads Procom’s Workforce Solutions division to help clients hire quickly and compliantly.
