When it comes to fraud prevention, business email compromise (BEC) and ransomware attacks may be top of mind for businesses. But checks are the payment method most vulnerable to fraud, according to the 2023 AFP Payments Fraud and Control Survey Report. In fact, 63% of survey respondents report that their organizations faced some kind of check fraud activity, attempted or actual.
“Companies often think that when it comes to writing checks, low frequency equals low exposure—but it only takes one large check to incur a significant loss,” said John Geronimo, Fraud Strategy Director for Commercial Banking.
That’s why check fraud prevention is critical. “It’s important that every organization validates and authenticates payment requests before releasing funds, and that they understand the risks inherent in checks and use the available fraud protection tools on each of their accounts,” he said.
Learn how to prevent different types of check fraud.
Once fraudsters have an organization’s account and routing number—and the name and signature style of the authorized signer—they can use software and printers to create counterfeit checks. Fraud protection services, such as Check Positive Pay or Check Positive Pay with Payee Name Verification, can help clients identify and prevent payment of counterfeit checks.
Check Positive Pay is an automated system many banks offer that helps them detect check fraud by comparing a company’s issued checks with checks presented for payment.
Before depositing the check, the bad actor alters the name or payment amount on the check. Check Positive Pay with Payee Name Verification can help confirm that a check’s details—including account number, serial number, dollar amount, issue date and payee name—match the business’ records. But Check Positive Pay alone may not always detect fraudulent changes. If organizations don’t use all the features of Check Positive Pay, they may be liable for preventable losses resulting from an altered item.
Bad actors may take one of several approaches when it comes to endorsements. They could forge the endorsement on the back of a check, then deposit it at a financial institution. Alternatively, they may not endorse the check at all. Or one party may improperly endorse a check payable to two parties. Unlike altered or counterfeit checks, fraud protection products can’t detect missing or improper endorsements.
To help prevent this type of check fraud, organizations can require electronic payment methods for transactions above a certain threshold. If the business must send a check, it should consider using a courier service or other guaranteed delivery method to help prevent check theft during transit. Organizations can also proactively confirm receipt of high-value checks with intended recipients.
With mobile deposit fraud, a business issues a check to an individual. The individual then scans the check, remotely depositing it into their bank account. Then, the individual—or a fraudster who obtains the same physical check—brings it to a check-cashing location and receives payment. The check-cashing facility then presents the check to the bank for payment.
At that point, the payment is flagged and returned as a duplicate. The duplicate dishonored check is returned to the bank or financial institution that cashed it, which could begin a time-consuming and expensive claims process. The institution holding the physical check could bring a legal claim against the company that wrote the check. The mobile deposit fraud scheme can be avoided by making electronic payments directly to payees in lieu of checks.
While ACH debit fraud doesn’t involve physical checks, it’s closely related. By using the routing and account numbers found on a check, fraudsters can initiate ACH debits from a company’s accounts. To prevent this type of fraud, companies can use ACH transaction blocking or filtering products to block unintended ACH debits from an account. Organizations can also reconcile transactions daily and quickly return any unauthorized ACH debits.
Preventing internal check fraud is a concern for all types of organizations. Typically, this type of fraud occurs gradually and involves multiple checks over an extended time period. The bad actor could have access to a company’s financial operations in a variety of ways. They could be an assistant with visibility into the organization’s accounting practices or a billing department employee who handles multiple transactions. Working undetected, this individual may issue company checks to themselves or other associates to cash.
Watch for suspicious activity, such as an employee who doesn’t take time off from work or won’t accept help on payroll or other accounting tasks. Businesses should implement procedures to prevent internal client fraud, which may include securing physical checks, segregating duties among employees, restricting access to checks and data, and reconciling payments and bank records. Implementing a “clean desk” policy—especially among accounting or finance employees—can help keep checks and other important financial documents secure and help guard against internal and external theft risks.
Remember: If you notice fraudulent check activity, it’s important to act quickly and contact your banking team.
Visit our Trust & Safety page to learn more about check fraud prevention and other fraud solutions, insights and tools.