In a world of electronic payments, paper check theft continues to evolve and has become another springboard for cybersecurity breaches. Why cybersecurity you ask, because paper checks are being stolen for key information and used to electronically defraud banks. Until the fraud is detected and the bankers shut down the breached account, many forged, and even electronic checks, can potentially be withdrawn stolen from your account.
Just a few months ago Capsicum Group (Capsicum) was made aware of a check stolen from a mailbox right outside of a Post Office. After several weeks in which the check did not clear its account, a stop payment request was made with the bank. The original check was never cashed. The bank noticed several atypical things with the account and reached out to confirm if questionable checks were legitimate. The atypical issues bankers were looking at included out of sequence check numbers, new payees, and check cashing geographies in areas we rarely, or never do business. Information being sought from the paper checks includes signatures, routing and account numbers, and address information.
Incidents like this one are growing at a staggering rate. Fraudsters are stealing envelopes containing paper checks from mailboxes and creating fraudulent checks using electronic software like Photoshop. These programs can copy and modify electronic documents and color laser printers with MICR encoding capabilities can duplicate checks and signatures.
The Financial Crimes Enforcement Network 2023 says it has been a record-breaking year for paper and electronic check fraud. Capsicum was also made aware of an individual who had an electrician come to their house in Florida, make a photocopy of a check which was on a desk, sent that check image to his cousin in Texas who then walked into a local branch and tried to cash a fake check. An astute teller at the branch asked for identification which did not match the check, called the proper owner of the account, and determined the check was fraudulent. Texas law enforcement was called, and the person trying to cash the bad check was apprehended.
In most cases, a checking account needs to be permanently closed and transferred to a new account when events like this occur. While the process is arduous, it allows the owner to have a fresh start after a breach. Stolen data is often found on the Dark Web and sold to those trying to defraud.
Even though electronic payments continue to grow, many still use paper checks. It could be for a gift, a payment to a vendor who does not take electronic payments, or just an “old-school” mentality. Are paper checks a thing of the past? As banks encounter substantial ever-growing losses and as their customers seem to be regularly breached, this may indeed come to pass.
It is strongly advised that your accounting and technology teams put their heads together and determine what is right for your business. Electronic payments aren’t without fraud, but they just might be safer for you than paper checks.
Will new technologies such as AI solve these issues? As long as there are bad actors, there will be fraud. Hopefully we can better protect and serve the banking community in the days to come.
At Capsicum we’ve been confronting cyber fraud by helping clients with proactive and reactive measures such as security assessments, incident response retainers, compliance audits, technology and systems design, forensic investigations, and much more. Capsicum helps organizations and individuals fortify their defenses, stay one step ahead of cybercriminals, and create a safer digital environment for all.