The Fraud Blog with Tracy Kitten

Check Fraud: A Lingering Challenge

Why Banks, Credit Unions Can't Overcome Check Fraud
Check Fraud: A Lingering Challenge

While the banking industry is working overtime to catch up to new and emerging fraud trends, it has to remain diligent in its efforts to thwart some long-standing schemes, like check fraud.

See Also: Webinar | Key Trends in Payments Intelligence - Machine Learning for Fraud Prevention

According to results from our just released Faces of Fraud Survey, check fraud trails only debit fraud on the list of top threats for 2012.

This is why fraud is always interesting - people are creative and always coming up with new schemes. 

Seventy-six percent of our survey's respondents say they had suffered some form of check fraud over the last 12 months. By comparison, 84 percent say they had been hit by some form of credit or debit fraud.

Perhaps most concerning, however, is that only 45 percent say they feel adequately prepared to prevent and detect check fraud.

Check Fraud in the Headlines

This week, the spotlight was on check fraud once again after security researchers at Trusteer said they had uncovered a new scheme targeting corporate checking accounts in the United States, United Kingdom and China. (See Cyber Spin on Check Fraud?)

Amit Klein, chief technology officer at Trusteer, blogged about this check-hijacking scheme, which, through the use of phishing attacks and malware, accessed online accounts and then retrieved check details from images stored in online databases.

We've seen attacks exploiting check images that are housed online before. In 2010, we learned of a similar attack when federal investigators determined hackers out of Russia had breached an online check-image database and wound up cashing 3,000 counterfeit checks against more than 1,200 legitimate U.S. bank accounts.

The moral of the story is that criminals are crafty.

Ironically, the financial industry a decade ago began making strides toward imaged checks as a way to increase deposit and clearing times and eliminate fraud. The float period between when cash was deposited or cashed and when it cleared often offered fraudsters an opportunity to facilitate check fraud.

Cold checks or empty-envelope deposits at ATMs were often not detected for several days, depending upon a number of factors, including the days of the week when they were cashed or deposited.

We thought images would eliminate all that. But, invariably, they've created new challenges.

And we still have a number of questions to answer about check images. For instance, how long should they be stored? Is online storage really necessary? And what about the devices used to capture the images of the checks?

As Shirley Inscoe, a fraud analyst at Aite who previously worked for Wachovia, now part of Wells Fargo, so rightly points out, the scanners, mobile phones and other imaging equipment used to capture check images pose risk of their own hacks.

"Many of them have eliminated full account numbers on ATM receipts, online banking screens, statements, etc. But for image exchange and products that rely on check images, such as RDC (remote deposit capture), they can't really obscure the data on the image," Inscoe says. "This is why fraud is always interesting - people are creative and always coming up with new schemes."

Any device that retains the check image could potentially expose check or other account information.

Many banks and credit unions have stopped thinking about innovative investments in detection and prevention of check fraud. Because check volumes are declining, they feel compelled to focus on other things, like ACH fraud and skimming attacks. But in an age of more technology and increasing use of electronic payments forms, even the seemingly innocuous fraud threats can result in big losses.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.