Check Fraud Prevention Advice from ABA's Check Fraud Task Force
by Charles J. Bock, Jr., CFE and Bruce P. Brett
"Rapidity is the essence of War. Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
(The Art of War by Sun Tsu)
Sun Tzu's ancient advice has apparently been taken to heart by criminals; the bandits are striking banks quickly, with force and aiming for our weak spots. Ironically, many of the banking industry's weak spots are of our own devising. Those spots need to be strengthened.
ABA's Check Fraud Task Force was formed in 1991 primarily to educate, inform and prepare the banking industry for the wave of criminal attacks that have since become a scourge. Our mission is straightforward:
- To educate the banking industry on the type, source and trends of check fraud and to distribute information regarding new techniques in check fraud prevention.
- To conduct a biannual check fraud survey and make the results available to law enforcement, bank regulators and the banking industry.
- To represent the informed interest of the industry with the media, consumer groups and law-makers.
If you haven't had the experience of a Friday afternoon call by senior management to ask you what your security department is doing about check fraud, chances are good that you will soon. Such queries usually include discussion of:
- The amount of money the bank has lost to date from check fraud and the types of check fraud perpetrated.
- The methods currently in use to prevent and track check fraud losses.
- The types of technology you have examined and deployed to combat check fraud.
- Whether or not you have met with your Retail, Commercial, Check Operations, Audit and Human Resources departments to audit their procedures.
- What channels of communication you have opened outside your institution with retail merchants, law enforcement officials, check clearinghouses, other banks, etc., to prevent check fraud.
This article is intended as assistance in preparing bank managers for that call from senior management. It concentrates on defining, sizing and >
Defining Check Fraud
Check fraud includes altering a check, forging the maker's signature or the payee endorsement, counterfeiting, fraud connected to telemarketing and checks drawn on closed accounts. The key to distinguishing check fraud from an honest mistake is intention. There is a difference between a mistake and the intent to defraud.
People who commit these frauds believe there is minimal risk of apprehension. They often are confident, professional in their approach and intelligent. They prey on the weaknesses in our systems and have little sympathy for banks as victims. They do not view their acts as serious or dangerous crimes. A recent Justice Department study of forgery and fraud disclosed that most offenders were white, male and under the age of 28.
Studies also show check fraud is a serious and growing problem in banking. The 1992 American Bankers Association check fraud study's estimate of losses put the figure at about $568 million. The study assumed these loss estimates were very conservative due to underreporting. The 1994 survey estimates losses of $815 million.
This rapid rate of growth is an alarming trend. It can be attributed to:
- Regulatory Changes: Regulation CC from the Federal Reserve implemented the Expedited Funds Availability Act. The shortened time frames for clearing checks written into Reg CC are common knowledge among criminals, especially those engaged in new account fraud.
- Technology: Desktop publishing software, color copiers, and scanning devices are available to everyone today, and at low cost. The quality of today's counterfeits is very good.
- Sophistication of criminal organizations: Check fraud practitioners have be-come organized and have built "alliances on greed." In the late 1980s, one group alone was the direct cause of more than $10 million in losses to a group of large Clearing House banks.
- Competitiveness: Banks today are balancing safety and soundness against convenience for their customers. Cost containment adds the challenge of doing more with less money.
In order to know where to allocate prevention resources, bankers need to capture and >
Each bank needs to develop its own >
Let's consider > Counterfeits
By definition, a counterfeit is an imitation designed to deceive or defraud. In terms of loss, counterfeits usually represent the greatest per-incident risk. In the past, our industry's exposure to this kind of fraud was limited. However, the trend is changing, and many banks appear to have higher losses due to counterfeits.
The number of counterfeiting incidents may be low in volume compared to other types of fraud, but each incident can represent very high risk. Usually large amounts of money are involved, and they are paid through the exchanges. How-ever, certain parts of the country are experiencing high losses due to the counterfeiting of payroll checks. Hundreds of checks are counterfeited for small dollar amounts and then cashed within one or two days at many branches of a bank.
A good counterfeit can be extremely difficult to detect. Yet the technology to produce these counterfeits is low in cost and readily available. Color copiers increasingly are used. Desktop publishing software and scanners also are inexpensive and easy to purchase.
One bank tested how easy it was. The bank used a $250 scanner to prepare a check in about two hours, a check of high enough quality that any bank would pay against it. Today MICR is no longer the means of protection against replication as it has been tradi-tionally because now anyone can print MICR.
Kiting is the floating of worthless checks between accounts at two or more banks (See Agency Report). Account balances consist of checks drawn on other banks. Reg CC makes kiting more difficult to detect, by requiring rapid availability of funds. Whoever detects the kite scheme first is not held liable. If your bank isn't the first to discover a lute, it most likely is going to sustain a loss.
New Account Fraud
New account fraud consists of a simple, but lucrative scheme. Deposited checks are drawn on closed and worthless accounts. Funds then are withdrawn before the deposited checks are returned unpaid.
Forty-five percent of the banking industry's return items consist of closed accounts or stop-payment checks. Perpetra-tors know when checks will clear. They know the provisions of Reg CC, and they make inquiries at ATM machines to ensure funds are available. It appears that the current avail-ability schedule is shorter than the return item cycle of checks.
Thieves also know that larger banks simply cannot investigate every loss and, as a result, there are threshold amounts for investigation. Law enforcement agencies also have thresholds. In large cities such as Los Angeles and New York, the thresholds are very high.
New account fraud can be organized and sophisticated. There are "rings" of thieves that move very swiftly. They know our guards sometimes are down because of competition and our emphasis on customer service.
Forged signatures are the intentional replication, altering or signing of a check so that it appears to have been made by the person who has the authority to do so.
Signature verification is the first line of defense against this type of check fraud. However, it is sometimes an unreliable process. Many counterfeit signatures are very good.
Also, only a small percentage of checks are actually reviewed. As an industry, banks process about 60 billion checks a year. We cannot examine all of them. Also, signature verification is a manual process; we do not give signature verifiers much timethe normal review takes no more than 15 or 20 seconds.
This is the illegal practice of writing one's signature on the back of a check as evidence of legal transfer of its ownership in order to secure unlawful gain. Here we have the "trusted bookkeeper" scenario: the person who deposits checks made payable to his or her employer. Victim accounts are often used for good account, good signature fraud. Customer information is obtained through statements, trash, insiders (employees), pickpockets and a multitude of other sources. Spurious checks are then deposited to or cashed against the victim account.
Today, technology has an impact on customer confidentiality through a host of automated systems, such as mailing lists, marketing data bases and customer service. If you have a "bank-by-phone" service, you may have made it surprisingly easy for perpetrators to get account information.
Availability of information fuels another traditional type of check fraud: the account sweetener. This scheme has fooled unsuspecting tellers for many years. It involves simple check encashment.
There are two types: split deposit, in which a portion of the check is deposited while a significant portion goes to the person depositing the check as cash; or request for encashment, in which two checks are presented, one for encashment and the other for deposit. In both, the perpetrator seeks to gain the teller's acceptance and confidence.
These are the major types of check fraud and, of course, there are many variations. Whenever they occur, you need to >
Check Fraud Prevention
Due to the increase in check fraud losses, security practitioners must be more proactive. Delaying fraud prevention causes lost opportunities.
Traditionally, banks have spent much time, money, and effort investigating check fraud after it occurs. We must now spend at least the same resources W prevention.
A program to prevent check fraud should start with a strong organizational strategy, incorporating:
- Centralized reporting of potential losses to an area such as security, auditing or loss control.
- Proper monitoring, >Communication with senior management about significant areas of operating losses.
- Discussion of fraud concerns with business partners including auditing, security, legal and check processing departments.
- Assessment of operating policies and implementation of needed changes.
- Check fraud awareness training targeted to the type of fraud and areas in which it occurs.
- Involvement of security/ investigation professionals on new product teams from the beginning so that they can help identify unacceptable risks before new products are introduced.
- Award programs to create incentives for detecting fraud.
- Education of corporate and personal account customers, including statement stuffers, seminars and account officer discussions.
- Modification of traditional investigative objectives quantify, recover, identify and prosecute-to include analysis and prevention.
Remember Sun Tzu's warnings and be prepared to guard your weak spots.
Charles J. Bock is Vice President and Deputy director, Fraud Prevention & Investigation Department, Chemical Bank, New York.
Bruce Brett is Vice President of Signet Bank-Virginia, Vienna, VA. Bock is Vice Chairman and Brett is chairman of ABA's Check Fraud Task Force.
Copyright © 1994 Bank Security & Fraud Prevention. Originally appeared in Bank Security & Fraud Prevention, Vol. 1, No. 2, 10/94
First published on 10/01/1994