Article

Rising Check Fraud Puts Credit Unions at Risk

close-up image of a blank bank check or cheque
Al Pascual Photo
Senior Principal & Enterprise Solutions Lead
TransUnion

5 minutes

Here’s a cost-effective response to fraudsters leveraging digital banking and the dark web.

If you don’t think the saying “Everything old is new again” applies to financial fraud, think again. Check fraud is on the rise again. While that might seem like stealing a horse and buggy in the digital age, criminals know when there is money to be made. They’re using modern tools to make old-school fraud work to their advantage.

New digital twists are making check fraud more effective and harmful to credit unions and their members. Here’s what’s happening and what credit unions can do about it.

Digital Convenience, Changes in Liability Compound Fraud Losses

When I was working in check fraud in the late 2000s, it was easier to spot the “tells” of a bad check—but so much has changed.

For all of the upsides of digital banking, it also means a check no longer has to pass through human hands. The physical review of a check was an opportunity to look for telltale signs of fraud, including missing security features—like the signature line, which on most checks is actually microscopic writing that fake checks often fail to replicate—as well as evidence that a check has been washed and rewritten.

It's not just how checks are deposited that is driving a resurgence in check fraud, but the ability of criminals to source a massive volume of real checks—many of which are tied to accounts with significant balances. Criminals are using various methods to steal real checks in transit through the Postal Service and re-sell them on the dark web. Sometimes, account statements accompany the check to show the amount of funds available, which increases the black-market value. Small businesses in particular have become valuable targets because their accounts are twice as valuable when compared to the average consumer’s.

The final piece of the puzzle is that criminals have discovered it is far easier to establish “drop accounts” at a credit union or bank than attempting to pass them at a check cashing business. To stay in line with digital-first challengers, credit unions have worked hard to make the account-opening process simple. As a result, the identity verification standards for new accounts can be somewhat low. Scammers can use remote deposit once the drop account is open, making it more difficult to detect altered or forged checks. Criminals never have to leave home to pull off a scalable check fraud scheme.

The bottom-line impact of check fraud has changed for credit unions too. In 2018, Regulation CC changed financial institution liability for bad checks. Responding to the growth of mobile remote deposit, the regulation shifted responsibility for verifying authenticity to the institution that accepts the remote deposit. Most credit unions aren’t fully prepared to manage the risk that shift in liability creates.

What Should Credit Unions Do?

Though credit unions will have to up their game to combat the new dimensions of modern check fraud, there is a bright side. A practical, cost-effective risk management approach can go a long way toward mitigating damage. Combining technology and pragmatic processes can be very effective at deterring criminals from making your credit union a target for fraudulent check-cashing aspirations.

1. Manage Account Opening Fraud

Fraud mitigation is always a delicate balance between maximizing member convenience, minimizing friction and managing costs. While increasing checking-account openings is a desirable goal, it is not the most profitable—so it’s understandable when a credit union doesn’t want to invest a lot of dollars in up-front fraud screening.

Credit unions can use low-cost, behind-the-scenes methods to gather risk signals during the account opening process. This information can determine, selectively, when more screening is warranted. This might include obtaining an identity risk score during the account opening process by leveraging a variety of low-cost data feeds that are predictive of potential future fraud, such as device and behavioral data. A credit union can then decide to ask for document verification or to engage in a manual review.

Cybercriminals look for low-hanging fruit. If they have to complete extra steps to open an account at your credit union, they’ll go elsewhere. The idea is to only create this friction when the need is demonstrated.

2. Implement Risk Management Processes

For new accounts, credit unions might consider imposing initial limits on remote deposits until trust has been established. For example, they might implement low remote deposit limits for new members at first that are raised over time with increased validation. These limits will most likely seem reasonable to the average new member but will be enough to discourage a criminal.

When checks are written against an account at the credit union, there are straightforward steps a credit union can take to protect their member’s account. Because business accounts have been a popular target for check fraud, credit unions can promote automated positive pay tools to business members to match issued checks against those presented for payment. Analyzing transactions presented for payment within the historical context of the account can also reveal suspicious activity. These steps will often help prevent the funding of particularly large fake checks.

Finally, there is a quick and time-tested method for determining the risk inherent in any newly deposited check. Over the course of decades, third-party processors have built successful businesses around detecting bad checks. Integrating their check verification technology into the credit union’s check deposit process can filter out a meaningful volume of fraudulent activity.  

While these three risk management steps are simple, they’re effective measures that can make a credit union and its members harder to target.

In the world of fraud prevention, there’s another old adage that rings true: You don’t need to run faster than the bear, just faster than the guy next to you. Credit unions can’t stop fraudsters from attempting to cash bad checks—but without any action, they will make the bear’s work too easy.

A few simple steps will give you a running head start and put a safer distance between risks and your credit union.

Al Pascual is SVP/enterprise solutions for TransUnion. Learn more at www.transunion.com.

Compass Subscription