Cybersecurity and Fraud Protection
Convenience Versus Security: Avoiding Check Fraud Schemes
Checks may still be a popular payment method for many businesses, but they also may increase the risk of fraud.
Despite the efficiency and security of electronic payments, checks remain a popular payment method for smaller organizations. The significant use of check payments makes it an attractive option for cybercriminals to commit fraud. While cybercriminals have escalated business email compromise and ransomware attacks in the digital age, check fraud remains a powerful tactic because it is easy to pull off. According to the 2020 Association for Financial Professionals Payments Fraud and Control Survey, 42% of business-to-business payments were made by check and 74% of organizations that used checks reported they were targets of attempted and/or actual payments fraud in 2019.
Criminals are opportunistic and have used the uncertainty and chaos caused by COVID-19 to launch new check fraud schemes. Payments employees working remotely may be at risk if they rely on checks as the primary vendor payment method.
“Small to midsized companies are more vulnerable to check fraud than larger organizations due to limited resources and lack of strong internal controls,” said Alec Grant, Head of Client Fraud Prevention for Commercial Banking. “It’s important that every organization follow a system of checks and balances for validating and authenticating payment requests prior to releasing funds.”
No matter how well an organization develops security protocols, such as a dual control approval and signing process, there are multiple opportunities for a check to be stolen. After a check is initialized and printed, it should be dropped in the outgoing mail to be delivered to the recipient’s office. However, it can be intercepted at any point in this process. Once a criminal has the bank routing number and account number, they can create fake checks and pass them undetected between banks before they are verified.
There are additional fraud concerns that make checks more vulnerable, such as:
Forged, missing or improper endorsement
Once a check has been stolen, endorsement fraud is likely to occur and is often difficult to stop. Endorsement fraud occurs when a fraudster steals a check made out to a third party, forges the endorsement on the back of the check and negotiates the check on their own behalf. If a check is payable to two parties and only one person endorses it for deposit or cash, it’s considered improper unless both parties sign.
Claims that a check was deposited over a forged or missing endorsement are subject to time limits in your deposit agreement, so when a vendor calls to say they haven’t received payment but, “the check is in the mail,” investigate the status of the check promptly.
Internal client fraud
Guarding against internal check fraud is a concern for organizations. This type of fraud typically occurs gradually and involves multiple checks. A fraudster could be someone who works for the client, such as an assistant who has visibility into an organization's accounting practices, or a vendor who has access to checks. Working undetected, they may issue company checks to themselves or other associates to cash.
The criminal could also be an employee within the billing department who is well-trusted and handles multiple transactions. Watch for suspicious activity, such as a payments employee who doesn’t take time off from work or won’t accept help on payroll or other accounting tasks. Clients should conduct a random review of checks each month to ensure the check issued matches the invoice amount. Implementing a “clean desk” policy, especially among accounting or finance employees, will help secure checks and other important financial documents to guard against employee theft or a cleaning crew that serves your building.
Criminals use technology as an advantage after stealing a check. Once a fraudster learns the organization's account and routing numbers as well as the name and signature style of the authorized signer, they use inexpensive, high-quality printers and desktop publishing software to create counterfeit checks that look legitimate. Positive Pay and Reverse Positive Pay are services that help identify and prevent payment of such items.
Mobile deposit fraud
The convenience of depositing checks using mobile devices has enabled the newest—and rapidly growing—form of check fraud. In this scenario, a business issues a check to an individual who remotely captures the front and back of the check using their smartphone. After the deposit is made into their bank account, the fraudster takes the physical check to another bank or check cashing store and receives payment.
The imaged item will likely be paid by the issuer's bank, so when the paper item is presented for payment a few days later, that bank will dishonor the paper item as a suspected duplicate. The dishonored item will ultimately be returned to the party that took it from the fraudster. That party will then likely try to enforce the paper check against the company who issued it. The company’s recourse will be to make a claim against its check payee, who is the fraudster, or against the fraudster's bank that took the image for deposit.
This cycle is time-consuming and expensive to resolve. It can be avoided by making electronic payments directly to payees—if they will accept payments in that fashion.
Remember: Commercial Banking clients who experience check fraud are responsible for the losses that would have been preventable using available fraud protection products like Positive Pay and Reverse Positive Pay. Reconcile your check transactions daily and report any irregularities to your financial institution immediately. Contact your banking team to discuss our fraud protection services.