Three Emerging Check Fraud Trends to be Aware Of
When was the last time you wrote a check? We’ll wait…
You may not have written a check in a while, meaning you might not even realize your checkbook is missing. Businesses still rely on checks as one of their top forms of payment. Those accounts tend to have more money and/or higher limits than personal accounts. There is also usually more than one signee assigned to those accounts, making them more susceptible to fraud. Additionally, the access to new technology to create realistic counterfeit checks makes check fraud one of the largest forms of fraud in the world.
According to the ABA’s 2017 Deposit Account Fraud Survey Report, banks stopped $17 billion in fraudulent transactions in 2016, 35% of which were check fraud. (Financial institutions also stopped almost $6 billion of that $7 billion from getting paid out, so give yourselves a pat on the back!) The 2017 AFP Payments Fraud and Control Survey reported 75% of financial institutions experienced check fraud in 2016, up from previous years. Over 31% of those institutions said they experienced over 15 incidents of check fraud.
One would think as technology improves so would the safeguarding features around monetary transactions. Mobile depositing of checks, for example, has actually made check fraud easier. A growing fraud issue is duplicate deposits of those checks. Fraudsters cash the same check twice – once via mobile deposit, and once in the bank branch months later, making off with double the money if institutions aren’t vigilant. As mentioned before, these scammers are also using high-tech devices to their advantage, printing fraudulent checks from top-of-the-line printers making them look legit to the untrained eye.
Check fraud still appears in traditional forms, including basic counterfeit checks, forging checks, paperhanging (writing a check from a closed account) and check kiting (“floating” a check from one low- or no-balance account to another to cover payments). Yet, emerging check fraud trends are important for you and your staff to be aware of in order to protect both your financial institution and your customers.
Lottery/Sweepstake Winnings: Scammers send a letter saying you won a lottery or sweepstake with a check for a couple of thousand dollars. All you have to do is deposit the check into your account, keep a small part for yourself and wire the rest of the amount back. It’s a win-win, right? It would seem, but only until the check is marked as fraudulent and your account is overdrawn by a few thousand dollars.
How do you prevent this at your institution? If a customer comes in with a check like this, have your tellers/front of house start a conversation with him/her explaining the latest scams going around. They are especially susceptible to this type of scam if their account balance is normally well below the dollar amount on the check. Who doesn’t want to get rich quick? Also, pay attention to the physical check. Where is the origination address? Does this match the business on the front of the check? Are the routing numbers correct? Are there physical signs of alteration, including stains or discoloration? BAM+ fraud scenarios run over 30 scenarios to prevent lottery scams, including sudden check deposit activity, real-time deposited check fraud detection, and ACH credit amount spikes.
Business Email Compromise: According to AFP’s survey, 34% of all BEC scams targeted check fraud. Criminals send a fake or phishing email to a member of the finance team at a corporation either pretending to be a high-level executive or presenting a fake invoice. Often times the scammers will spend a few days “grooming” this employee to persuade him/her the claim is real. Eventually, the employee sends back secure financial information, allowing the criminal to forge a business check or process a wire transfer.
How do you prevent this? IT departments are becoming increasingly vigilant against these types of scams, but that doesn’t mean they stop 100% of them. Pay attention to business checks over a certain threshold amount or when there is a spike in the number of checks issued over a certain period. BAM+ fraud scenarios automatically check for both of these.
Check Overpayment Scams: A customer is selling his/her car online or in the local classifieds. They get a check in the mail from the buyer for $1,000 over the asking price. When he/she calls the buyer to alert them of the overpayment, they say it was an honest mistake and ask him/her to wire them back the extra $1,000. So your customer comes in with the check and starts a wire for the extra money. Then the check comes back as fraudulent, the scammer made a quick $1,000 and your customer depleted his/her account.
How do you prevent this? When a customer comes in to deposit a large check and make a wire payment, have your front of house strike up a conversation and see where the check came from. If it is over the CTR filing thresholds, you will have to file paperwork on it anyways, so the conversation is necessary. If it seems like this customer is a victim of an overpayment scam, suggest he/she return the check and ask for a new one with the correct amount.
These are just a few emerging fraud trends on a list that grows daily. As technology evolves so do the ways fraudsters conduct their illicit businesses and approach victims. Tellers can stop most check fraud at the teller line by spotting a counterfeit or fake check.
How do your tellers know what to look for?
When accepting a physical check, take a close look at the check. Pay attention to the check numbers. Most scammers use low numbers on personal checks (101-400) and higher numbers on business checks (1001-1500). Verify the customer’s address, look for signs of discoloration or stains from erasures or attempts at altering printed info. Visit FakeChecks.org for a fun way to test your staff’s knowledge of counterfeit checks.
When you’re ready to stop check fraud at a higher level at your institution, contact us for information on our BAM+ Fraud Scenarios. Together with our leading BSA/AML software, fraud solutions work to look for patterns through transactions that raise fraud red flags, including check fraud. Our scenarios scan for everything from sudden check activity to duplicate serial numbers to check amount thresholds, offering all this in real time monitoring. Our multi-dimensional technology combines institution-level risk thresholds and behavioral logic that identifies individual and peer deviations with typology pattern recognition. Our enterprise fraud case management system allows you to track and record fraud cases for your entire institution, giving you an all-encompassing view of the fraud at your organization.
At the end of the day, trust your intuition. If something feels off, take a second to investigate it a little deeper. Ask another question; take a harder look at the check. You may just save a customer a very real headache… and thousands of dollars.
October may be National Cybersecurity Awareness month, but the emphasis put on safeguarding customers’ digital data should be a top priority no matter the time of year. In 2017, nearly half of the population had their data exposed after the Equifax breach. By the mid-point of 2018, there were already 668 total security breaches and nearly 22.5 million records exposed. Community banks and credit unions are turning to technology to create a more efficient lending environment, as well as a more millennial-friendly digital experience. While technology can be an invaluable investment for a financial institution, it is also imperative to instill proper security controls and protocols for those technologies within the organization.
In 2005, there were fewer than 200 significant security breaches in the U.S., vs. in 2017, when the number of breaches topped 1,300. While the business and medical sectors are faced with substantially more security breaches than the financial services industry, the number of security breaches at financial companies is certainly on the rise in recent years. The financial services industry encountered 69 breaches in 2017; meanwhile, by the half-way point of 2018, there had already been 84 breaches. Creating a digital experience for your customers and members goes beyond a beautiful website display or new online capabilities – it also means ensuring their information is safeguarded.
To create a culture of cybersecurity awareness at your financial institution, there are critical educational and preventative measures for employees, board members, stakeholders, and vendors to acknowledge.
Cybersecurity is built in a proactive—not reactive—environment
One of the worst things an institution can do is to wait for something bad to happen before developing a robust cybersecurity system. Cybersecurity is not an occasional concern, but rather an everyday task that each employee at an institution should take seriously. Developing full buy-in from each employee at your institution is a critical first step to building a proactive culture of digital security. Emily Larkin, Chief Information Security Officer at Abrigo, suggests starting at the top with leadership and board members. “Get their attention by outlining the potential financial impact of a cybersecurity incident and breach,” Larkin said recently in a column for BAI Banking Strategies. “This is not a scare tactic, but a reality check and an education tool for those focused on growth and financials.”
Information security extends far beyond the IT team, and protective firewalls can only go so far. Larkin explains that employees at all levels should understand the financial implications of a breach, the reputational risk at stake, as well as the current vulnerabilities within an institution.
Align values with vendors
Purchasing software for an institution is a big undertaking, not only financially, but also from a due diligence perspective. Your customers and members expect your institution to keep their data safe and secure, and your institution should uphold those same standards for any third-party vendors it partners with. Be sure that your institution’s vendors hold the same cybersecurity standards as your bank or credit union. McKinsey & Company recommends scheduling regular conversations with vendors to state the levels of security required to protect your institution’s information. During these discussions, devise clear recovery and compensation plans and take the time to understand exactly how your institution’s data will be used. Banks are viewed as the most trusted provider of data security, but they also bear the largest obligation to accountability should a breach occur. Be sure to fully vet and choose third-party vendors that will continue to allow your institution to uphold customers’ trust and pass regulatory scrutiny.
Educate employees and customers on common scams
Education is a virtually free way to thwart a cybersecurity attack at your institution. Oftentimes, individuals can compromise information simply because they don’t know any better. The banking industry is one of the top targets of hackers using phishing attempts to breach security. Phishing scams can include spoofed emails or a spoofed website. To better prepare your employees for potential phishing attempts, Larkin suggests implementing phishing tests at your institution. Many tools allow institutions to send phishing emails, track those that open the email and click on links or other attachments, as well as teach users how they could have spotted common phishing tricks. Phishing tests also allow institutions to implement and exercise response plans to better prepare employees for reporting suspicious activity.
Perhaps attackers are disguising themselves as your bank or credit union. Will recipients be able to distinguish your email from an attacker’s? On your institution’s website, you can include resources to help educate customers and members on the ways to identify potential phishing attempts. Provide examples of frequent scam tactics, such as URLs or language, that attackers often use in their phishing attempts. Providing resources to your customers not only prevents customers from falling victim to phishing attempts, but it also strengthens your customers’ trust that your institution will keep their data secure.
There are many moving parts to developing a comprehensive strategy for cybersecurity awareness. Ensuring that every person who is part of your institution is committed to protecting its data and its customers’ data requires many different approaches. It’s important for financial institutions to understand that increasing cybersecurity doesn’t always mean purchasing more software. There are so many ways to bolster your security, simply by keeping employees, stakeholders, and vendors educated and informed with up-to-date best practices and preventative measures.
Webinar: Shaping the Borrower Experience
Whitepaper: Mitigating Top Member Business Lending Risks