When an employee steals from a customer or commits fraud against a third party while on the job, the employer often gets sued. The key legal question is whether the employer is responsible for that theft. The answer depends on a single test used by courts across the country: was the employee acting within the “scope of employment” when the theft occurred? If yes, the employer can be held liable even if the company did nothing wrong. If no, the employee alone is on the hook.

Scope of employment sounds fancy, but it really means two things. First, was the employee doing the kind of work they were hired to do at the time of the theft? Second, was the theft connected in some way to that work? Courts do not require that the company ordered the employee to steal. That would be absurd. Instead, they look at whether the theft happened during a work-related activity that was intended, at least in part, to benefit the employer. Even if the employee acted purely for personal gain, the employer may still be liable if the theft arose from a task the employee was supposed to perform.

Consider a delivery driver who collects cash payments from customers but pockets the money instead of turning it in. That driver was doing exactly what the employer hired him to do: deliver goods and collect payments. The theft happened while he was performing a core job duty. The employer put him in a position to take the money. In that situation, courts almost always find the employer liable because the theft was within the scope of employment. The driver was acting as an employee, not as a random crook off the street. The employer chose to trust him with cash, and that choice creates responsibility.

Now take a different example. A warehouse worker who steals tools from the company’s own inventory while on break. Is that within scope? Probably not. The worker was not doing his job when he took the tools. He was not handling inventory as part of his duties. He was just there because he had access. Courts typically say that stealing from the employer itself is not within the scope of employment because the employee is not furthering any company purpose. The theft is a personal act that conflicts with the employer’s interests. So the employer is not liable for that kind of inside theft under the scope test, though the employer might be liable under a different legal theory, like negligent hiring.

The tricky cases involve theft or fraud against customers or third parties. For example, a bank teller who uses her position to steal account numbers and commit identity theft. That teller was doing her job when she accessed customer data. The theft grew directly out of her job duties. Courts will likely find the employer liable, even though the teller’s actions were clearly against bank policy and illegal. The employer gave her the tools and the access. The scope test does not require that the employer approved the act. It only asks whether the act was closely related to the work the employee was hired to do.

What about an employee who commits fraud while off duty? Say a salesperson solicits investments from a customer after hours using personal phone numbers and fake documents. If the customer believed the salesperson was acting for the company because of their official job title, the court may still find the employer liable under a concept called “apparent authority.” This is different from scope of employment. Apparent authority means the employer created the impression that the employee had the power to do what they did, even if the employee acted outside their actual duties. For example, a company that gives a salesperson business cards and a company email address sets up that appearance. If the salesperson then uses those tools to commit fraud, the employer cannot simply say “we told him not to do that.” The company created the opportunity for the deception.

Employers often try to escape liability by arguing that theft is never part of any job. But courts reject that argument flatly. The test is not whether the employer authorized the theft. It is whether the employee was doing a job-related activity when the theft occurred. If the employee was acting within the general scope of their work—even if they were abusing that work—the employer is responsible for the resulting harm.

A few factors make a difference. Did the theft happen at the workplace or during work hours? Was the employee using company equipment or resources? Was the victim someone the employee dealt with because of the job? If the answer to these questions is yes, the scales tip toward employer liability. If the theft happened entirely away from work, using the employee’s own tools, and the victim had no connection to the company, then the employer is probably safe.

The bottom line for employers is simple. If you put employees in positions where they handle money, data, or customer relationships, you assume the risk that a dishonest employee will misuse that access. You cannot avoid liability just by having a policy that says “no stealing.” The law holds you responsible because you chose the employee and gave them the opportunity. The only real protection is careful hiring, supervision, and insurance. But even then, if a theft falls within the scope of employment, you will be paying for it.