Doral FL mother-daughter duo charged in alleged dental clinic Zelle-and-cash scheme

A Doral, Florida dentist became the latest practice owner to learn that the people closest to the front desk can also be the most damaging to it. On May 14, 2026, Doral police announced the arrests of Cynthia Joya, 53, and her 24-year-old daughter, Kaylyn López, alleging that the mother-daughter pair quietly diverted client payments from the dental office that employed them both for roughly a year.

According to investigators, the alleged scheme targeted Doral Dentistry Specialty Center, located at 7902 NW 36th St. The clinic’s owner told police that from March 2025 through March 16, 2026, the two employees accepted cash payments and Zelle transfers from patients but failed to record those payments as practice revenue, instead routing the funds to themselves. On March 16, 2026, both women resigned abruptly without notice and could not be reached afterwards — a sequence that prompted the owner to launch an internal audit of the practice’s books.

That review, and the subsequent police investigation, reportedly identified a Bank of America account that both defendants “maintained and controlled.” The bank provided documentation of multiple Zelle transactions between the accused and clinic patients that investigators say were never authorized by the practice’s ownership. A total dollar figure has not been publicly disclosed as of the date of arrest.

Joya, a Cuban national, and López, born in Puerto Rico, each face two felony counts under Florida law: third-degree grand theft and engaging in an organized scheme to defraud. Both were booked into the Turner Guilford Knight Correctional Center (TGK) in Miami-Dade, each with bond set at $5,000.

The case fits a familiar pattern that Prosperident sees repeatedly — small, recurring diversions hidden inside payment channels (cash and same-day digital transfers) that do not generate the contemporaneous third-party receipts a practice owner can spot on a bank statement. Zelle in particular has emerged as a recurring vector because the funds settle to whatever bank account an employee links to a phone number, not to the practice’s merchant account. When the employee in question also controls the day-end posting and reconciliation, every layer of friction is removed.

Practice owners who want to make this category of theft impractical should consider: (1) prohibiting any payment instrument — Zelle, Venmo, CashApp, personal QR codes — that does not deposit directly into a practice-owned operating account; (2) requiring that every dollar collected, regardless of method, be entered into the practice management software the same business day, with the day-end report reconciled to the deposit by someone other than the person who took the payment; (3) running unannounced spot reconciliations between patient ledgers, the practice’s bank and merchant statements, and any third-party payment apps the office permits; and (4) treating sudden, unexplained resignations — particularly from finance-adjacent staff — as a trigger for a forensic review rather than a routine HR matter.

The allegations against Joya and López have not been proven in court, and both are presumed innocent unless and until convicted.

Read the ORIGINAL ARTICLE