What is a sanctioned entity?
A sanctioned entity is a company, country, or individual that is prohibited from conducting business in a certain jurisdiction. In many cases, …
Some 61% of Americans still write checks, with this form of payment the second most popular for amounts that exceed $500. So it should come as little surprise that 65% of organizations experienced check-based fraud attacks in 2023.
However, investigating check fraud is complex and can have serious financial and operational consequences. As tactics continue to evolve, businesses must understand the various forms of check fraud as well as the measures required to detect and prevent them.
With that in mind, let’s explore some common types of check deposit fraud and the factors key personnel need to consider when investigating it.
While there are many types of check fraud, most of them fall into one of three categories.
Counterfeit checks mimic authentic checks and are sometimes created with sophisticated printing techniques.
To deceive banks, fraudsters replicate the check’s design and use stolen or fabricated bank account details.
In the case of an altered check, a criminal steals a legitimate check that has already been filled in and signed. Then, they alter either the check amount or the payee to access the money.
Forged checks are also stolen. But this time, the fraudster fakes the actual account holder’s signature (or other credentials) to make the check appear as if it has been authorized.
Check deposit fraud is dynamic and ever-changing, but here are some common types and what to look out for.
Criminals that engage in check kiting exploit the time delay (the “float time”) between when a check is deposited and when the bank processes it.
In such a scheme, the criminal writes a check from one bank account with insufficient funds and deposits those funds in a second account. Before the check inevitably bounces, the money made temporarily available by the bank is withdrawn or transferred.
This process may repeat indefinitely. Money is moved between accounts and authentic deposits are made in the drawn-on account to create the illusion that sufficient funds are available.
In 2014, a Michigan man was sentenced to 97 months in prison after his multi-year check-kiting scheme caused losses of nearly $150 million.
Some of the warning signs of kiting include:
Duplicate check fraud occurs when a criminal deposits a check with mobile remote deposit capture (mRDC) and then attempts to cash the same check at a dedicated facility or check casher.
Like check kiting, duplicate check fraud takes advantage of the float time in check processing.
Banks call this type of check deposit fraud “double presentment” since the same check is deposited twice. It can be difficult to prevent since:
In identity theft-related check fraud, a fraudster obtains sensitive information (such as an account number) and then writes checks against the victim’s account.
Access can be obtained via phishing attacks (as part of account takeovers) or physical theft.
Physical checks that are duplicated, forged or otherwise tampered with tend to exhibit several red flags when presented.
Here is what to be on the lookout for.
Fake checks may feature no perforations or perforations that do not tear easily.
If the check number is not located in the top right-hand corner of the check, it may be fraudulent.
The same can also be said for low check numbers, which may indicate that the entity writing the check has recently opened an account to commit fraud.
For ACH transactions, the 9-digit routing number should always match the identifier of the bank that issued the check.
Vague or superfluous notation in the memo area of a check is also a sign it could be fraudulent.
It is also important to consider the condition of the check. Since authentic checks are printed on high quality paper, any stains, discolourations or unusual marks may be cause for concern.
Fraudulent checks also tend to lack attention to detail.
In practice, this could manifest as:
Authentic checks typically contain watermarks and other security features to dissuade replication.
These watermarks are designed to be almost invisible under normal conditions, but can seen if the check is held up against the light.
Similarly, authentic checks will also feature thin, metallic strips called security threads. These threads are woven into the paper and often reflect the light or change color.
While they can be replicated by criminals, the security threads on a fraudulent check will often be irregular in some way.
Holograms are an advanced security feature on checks to prevent counterfeiting. These three-dimensional images are embedded into the design and are difficult to replicate because of their intricate details and color shifts.
Authentic checks use special inks to prevent check washing, where fraudsters remove the existing ink and alter the check’s details.
Authentic checks are printed in vibrant, consistent colors that are resistant to washing or tampering and free from inconsistencies.
The MICR line increases security and streamlines check processing and typically contains the routing number, account number and check number.
Authentic checks contain all three numbers, and the digits within those numbers are consistent, clear and accurate.
Based on the numerous ways a criminal can commit check deposit fraud, here are six questions a business can pose in the investigation process.
Also included are tips on preventing check deposit fraud in each scenario.
The first step is to determine how the deposit was made. In other words, was it made via a mobile device, bank branch, or ATM?
Mobile and ATM deposits increase the risk of check fraud because of the relative anonymity they afford fraudsters.
Real-time AI monitoring systems match check numbers and alert banks to checks that have already been processed.
But it’s important to consider the rules that will set off alerts in the first place.
Companies must first understand the needs of their customers and how they use checks. To achieve this, they can analyse transaction data and establish limits on the check amount as well as how frequently checks can be deposited.
Hold time is also key. A bank may hold checks for 5 days before the funds are made available, but the exact duration of a hold should be balanced with:
The length of a customer’s association with a particular financial institution is also important. New customers tend to be riskier propositions than customers with whom banks have established relationships.
The risk increases of fraud increases substantially if large checks are deposited in the first six months.
Companies may find that customer segmentation works well here. To better understand how this works in practice, let’s return to hold times:
While the length of a customer-bank relationship is important, so too is the nature of the relationship.
In this context, a customer who utilises multiple services (such as loans, credit cards and insurance) from the same bank is likely to be at a lower risk for check deposit fraud.
Why this should be so comes down to data. When a customer holds multiple products, the bank has access to a broader range of transaction behaviour and other financial patterns to predict their behaviour.
Criminals often deposit multiple bad checks in a short period to inflate their account balance. Here, the intention is to withdraw or transfer the funds before the fraud is discovered.
Deposits that are made without associated business activity or withdrawals deserve extra scrutiny.
Businesses can verify the sources of checks to ensure they make sense in the context of the customer’s situation. For instance, cross-referencing check issuers with account history may detect check kiting.
Positive Pay – a fraud protection service on the ACH network – also enables financial institutions to follow up on irregularities with employers and identify fake or unauthorised paychecks.
If funds are consistently withdrawn the same day they are deposited, this may also indicate check deposit fraud – particularly in cases of duplicate check fraud where the criminal exploits float time.
As with other circumstances in check deposit fraud, it is important to consider context. An employee who deposits their paycheck every month and immediately withdraws it has genuine reasons for doing so.
However, individuals who deposit unusually large checks with no apparent pattern should be subject to tighter controls and more stringent reviews.
By extension, a customer’s past behavior can also leave clues as to whether a check may be fraudulent.
If they have a consistent history of depositing authentic checks, a single suspicious deposit may indicate that they are the victim of fraud (and not the perpetrator).
To conclude, let’s bring everything together with a three-step approach to investigating check deposit fraud.
The first step for a business is to employ a real-time monitoring solution to detect unusual account activity and user behaviour.
As we touched on earlier, the criteria that constitute unusual activity should be based on a detailed understanding of various customer groups.
These solutions utilise a combination of behavioural analytics, pattern recognition and threshold-based alerts to identify fraud. Today, these are powered by AI (which can analyse vast amounts of transaction data) and ML (which can adapt, evolve and stay ahead of new fraud techniques).
When suspicious activity is identified, the next step is investigation.
Fraud teams should review flagged transactions with a core focus on:
Based on the answers to these questions, the relevant personnel can decide whether to allow the transaction, reverse the transaction or freeze the account.
Link analysis uncovers broader patterns of fraud via data that identifies connections between different accounts, customers or checks.
If multiple checks come from the same source or if the same depositor is linked to multiple accounts with irregular deposits, link analysis can expose a more organised fraud scheme.
Machine learning can again be used to spot otherwise hidden connections, while integration of data from third-party sources is also effective.
Summary:
A sanctioned entity is a company, country, or individual that is prohibited from conducting business in a certain jurisdiction. In many cases, …
A refund rate, also known as a return rate, is a financial metric that retailers use to track how much of their …
Corporate social responsibility, known as CSR, is a business model that holds companies responsible to themselves, their stakeholders, and the general public. …
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.