Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

FinCEN’s check fraud alert: Ten red flags you should know

Terri Luttrell, CAMS-Audit, CFCS
March 3, 2023
Read Time: 0 min

Ten red flags to help you identify check fraud

A financial institution's guide to identifying mail-related check fraud.

You might also like this webinar, "Proactive measures to protect against check fraud and fraud loss."



Check fraud is alive and well

As we think about the evolution of banking and the innovative ways to move money, writing checks does not come to mind as a frequent transfer method. However, for fraudsters, checks are still one of the more common sources for stealing funds from consumers and businesses. According to the Federal Bureau of Investigation (FBI), losses from check fraud total $18 billion annually. That staggering statistic represents approximately 500 million checks, more than a million daily. Sometimes traditional crimes persist, and in the case of check fraud, continue in a big way.

On February 27, 2023, the Financial Crimes Enforcement Network (FinCEN) issued an alert to financial institutions on a nationwide surge in check fraud schemes targeting the U.S. mail.  Fraud, including check fraud, is the largest source of illicit proceeds in the United States and is one of the anti-money laundering/countering the financing of terrorism (AML/CFT) National Priorities.

The FinCEN alert was issued as criminals have increasingly committed fraud by targeting the U.S. Mail since the COVID-19 pandemic. Fraudsters will steal personal checks, business checks, tax refund checks, and checks related to government assistance programs, such as social security payments and unemployment benefits. In addition to financial gains from this fraudulent activity, criminals may continue to exploit their victims by using the personal identifiable information found in the stolen mail for future fraud schemes, such as credit card fraud or synthetic identity fraud. These fraud schemes are perpetrated by both individuals and organized criminal enterprises. 

Why is check fraud still so prevalent when most consumers have moved away from check writing? The increase in government assistance checks during the pandemic no doubt played a role in the rise. The ease of physical entry into mailboxes, including the USPS blue collection boxes, makes this an evergreen crime for all experience levels. A recent check fraud case involved the conviction of a former bank employee for fraudulently opening bank accounts from the proceeds of stolen checks from the mail of churches and religious institutions. The banker and his co-conspirators opened approximately 412 fraudulent bank accounts with these stolen checks, to the tune of almost $2 million. The convicted banker faces a maximum sentence of 30 years in federal prison for each of conspiracy to commit bank fraud; bank fraud; making false entries in bank records; and receipt of a bribe or reward by a bank employee.


Check fraud and money laundering

Once fraud has occurred, money laundering is almost always the next phase to get the illicit proceeds into the hands of the criminals as clean money. Here are two of the typologies that fraudsters use in check fraud schemes:

Check Washing

Check washing is the use of a chemical process to “wash” the ink off of a check to be replaced with a new payee and possibly a new amount. Sometimes the check amounts are increased by hundreds or thousands of dollars by simply adding zeros. Once the checks are deposited, the illicit actors often rapidly withdraw the funds through ATMs or wire them to other accounts before the fraudulent check is discovered.


Photocopying seems too easy to be effective, but it is quite successful. The mass duplication of checks through sophisticated photocopying allows many checks to be cashed at different financial institutions. Money mules are often used to obtain illicit funds from this activity quickly.

Red flags for mail-related check fraud

FinCEN and the United States Postal Inspection Service (USPIS) have identified red flags to help financial institutions detect, prevent, and report suspicious activity connected to mail-related check fraud.

  1. Non-characteristic large withdrawals on a customer’s account via check to a new payee
  2. Customer complains of a check or checks stolen from the mail and then deposited into an unknown account
  3. Customer complains that the intended recipient never received a check they mailed
  4. Checks used to withdraw funds from a customer’s account appear to be of a noticeably different check stock than used by the issuing bank
  5. Existing customer with no history of check deposits has new sudden check deposits and withdrawal or transfer of funds
  6. Non-characteristic, sudden, abnormal deposit of checks, often electronically, followed by rapid withdrawal or transfer of funds.
  7. Examination of suspect checks reveals faded handwriting underneath darker handwriting, making the original writing appear overwritten.
  8. Suspect accounts may have indicators of other suspicious activity, such as pandemic-related fraud
  9. New customer opens an account seemingly used only for depositing checks, followed by frequent withdrawals and transfer of funds
  10. A non-customer that is attempting to cash a large check or multiple checks in person and, when questioned by the financial institution, provides an explanation that is suspicious or potentially indicative of money mule activity


Remain Cautious

Remain Cautious

Financial institutions should remain diligent about old-school fraud techniques like check fraud and the more complex innovative schemes used by illicit actors.  As mentioned, fraud is one of the eight FinCEN National Priorities and should be included in your financial institution’s AML/CFT risk assessment. Fraud detection software can assist in check fraud protection and help reduce hard dollar losses and should be incorporated into your AML program.

When check fraud is detected and a SAR is warranted, FinCEN requests that financial institutions reference the new alert in SAR field 2 (Filing Institution Note to FinCEN) and the SAR narrative by including the key term “FIN-2023-MAILTHEFT”. Be sure also to mark the check box for check fraud (SAR Field 34(d)).

In addition to filing a SAR, financial institutions should refer customers who may be victims of mail theft-related check fraud to the USPIS at 1-877-876-2455 or https://www. to report the incident.

Stay up to date on AML/CFT and fraud trends with more professional development.


We can help you navigate changing AML/CFT and fraud regulations. Abrigo's BSA and AML software can help you manage customer or member relationships and stay compliant. Talk to a specialist to learn more.
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.