As a group, fraudsters can never be accused of failing to innovate. That’s a big reason why check fraud — despite being one of the oldest forms of payment fraud — remains a serious risk to companies.
Because criminals are constantly changing their tactics, businesses need to keep apprised of current check fraud scams and developments, as well as the most effective protection strategies. Here are some threat trends we’re seeing and how we suggest you address them:
Business ID theft
In this increasingly common scam, a fraudster intercepts a check mailed from one business to another. Let’s say the fraudster steals a check issued to vendor ABC Co. The criminal opens up a bank account, typically in a different state, using a name that closely mirrors the beneficiary’s — in this case, maybe ABC Co. LLC. He forges the endorsement, deposits the stolen check into the new account, and once funds are available drains the account.
Eventually, maybe a few weeks later, the legitimate ABC Co. contacts the payer and asks about the check that never arrived. But by then the fraudster is long gone.
How to mitigate this risk: Pay vendors using the Automated Clearing House (ACH) network or, if it’s a particularly large payment, possibly by wire transfer. An electronic payment eliminates the risk of a paper document being stolen and fraudulently deposited.
A new twist on business email compromise
In a typical business email compromise (BEC) scam, a fraudster poses as a senior corporate executive — the CEO or CFO, for instance — and directs a lower-level treasury employee by email to send an ACH or wire transfer of company funds to a certain account. To perpetrate the crime, the fraudster hacks into the company’s email system and sets up an email address that mimics the executive’s address.
The new twist we’ve seen recently is that, instead of ordering the eager-to-please employee to issue an ACH or wire, in the email the fraudster directs the employee to mail a check to a particular individual at a designated address.
To avoid falling for this scam: Just as when combating a traditional BEC scam, the way to protect your company is to train employees to confirm these out-of-the-ordinary payment orders directly with the executive, either by phone or face-to-face.
Better counterfeiting through technology
One of the oldest forms of check fraud, counterfeiting, has received a big boost recently from software programs that enable fraudsters to produce more authentic-looking forgeries. Advances in technology allow fraudsters to better replicate both the signatures on checks and various elements of a company’s check stock.
How can you respond to this rise in counterfeiting activity? The best defense is a fraud-fighting reconciliation service offered by most banks, positive pay. Each day that it issues checks, a company on positive pay electronically delivers to its bank a file with information such as the serial numbers and dollar amounts of the checks it has recently issued. The bank compares the issuance file to checks the company has had presented for payment and reports back to the company through its online banking platform any checks that don’t match. The client reviews these suspect items and directs the bank whether to pay or return them.
Some additional check-fraud mitigation strategies — which we reviewed in greater detail in an article last year — include daily account reconciliation, placing “post no checks” restrictions on certain accounts, requiring dual signature authorization for high-dollar checks, and implementing policies and procedures to reduce internal fraud.
And here’s another best practice: Close any of your company’s bank accounts that have been previously targeted for check fraud. Fraudsters have been known to hit an account with a counterfeit check, hold on to the routing number and account number, and target the exposed account again a year or more later.