Old School Checks, New School Fraud: Why Paper Still Poses Digital-Age Risks

While check usage has decreased in recent years, nearly two-thirds of organizations have experienced some kind of check fraud activity, according to a report by the Association of Financial Professionals (AFP). Suspicious activity reports for check fraud at depository institutions more than tripled between 2018 and 2022 despite the declining prevalence of checks.

In the corporate setting, check and payment tampering is the most costly asset misappropriation scheme, costing a median loss of $155,000. With all that evidence that checks are risky, 75% of organizations surveyed by AFP do not plan to discontinue using checks. As such, compliance and risk management professionals must institute firm internal controls to protect their companies from check-related fraud.

The criminal appeal of checks

Paper checks have several vulnerabilities that allow fraudsters to exploit them.

• Physical nature: Criminals can easily steal and manipulate paper checks. FinCEN recently issued an alert about a surge in mail theft-related check fraud schemes. Thieves pilfer checks from mailboxes and postal collection boxes, then “wash” them to remove the ink, create counterfeit checks or even sell the documents online.
• Lack of advanced security features: Checks lack the security features of electronic payments, including encryption, advanced authentication methods and real-time verification. While digital transactions undergo intense scrutiny, financial entities accept paper checks now and ask questions later.
• Processing time: The intricate banking system means processing and clearing checks can take days. Fraudsters exploit this time to cash out and disappear before the bank detects fraud.
• Insufficient details: Checks leave no digital money trail, making these payments hard to track. Additionally, corresponding bank statement entries omit crucial details, such as the source and final recipient of funds. Businesses cannot verify the destination of funds or ascertain the purpose of the payment solely by examining the statement.
• Limited oversight: Businesses process large volumes of transactions, and aligning checks and deposit slips with the appropriate statement is arduous and time-consuming. As a result, many lack controls for reconciling checks with accounting records. Weak oversight allows fraudsters to misdirect funds without being detected.

How to detect check fraud

The Association of Certified Fraud Examiners (ACFE) “Occupational Fraud 2024: Report to the Nations” found that check and payment tampering schemes last an average of 18 months before being uncovered, but proactive detection methods can significantly reduce the duration and accrued losses. The following controls have demonstrated success in fraud monitoring.

• Reporting mechanisms: Tips were the most common fraud discovery tool, alerting business leaders to 43% of all cases. While employees accounted for about half of those tips, one-third came from external sources. To encourage tips, business leaders should provide and publicize reporting mechanisms, including hotlines, email and web portals.
• Internal audits and management review: Examining financial records, procedures and controls allows auditors and managers to identify irregularities that may indicate fraudulent activity, such as large check amounts or frequent checks written to an unknown recipient. According to the ACFE report, surprise audits reduced losses by 63%.
• Account reconciliation: While this endeavor can be labor-intensive, regular account reconciliation allows organizations to uncover discrepancies promptly to limit losses.

Ethics

TD’s Ethical Deficit: Banking on Consumer Apathy in the Culture War Era

by Evie Wentink

October 21, 2024

Scandal underscores need for renewed focus on ethics education

Read more

Fraud investigation challenges

Detecting potential fraud is one thing — proving it is another. Compliance teams lead the response to suspicious activity, which usually involves a detailed and time-intensive investigation.

Before investigators and forensic accountants can delve into the analysis, they must sort, enter, verify and reconcile data from hundreds or thousands of financial documents from multiple institutions, accounts and time periods. Checks and deposit slips are particularly difficult to prepare because they are separate from corresponding bank statements. The statement transactions and checks need to be transcribed and matched. The challenge intensifies when a single deposit slip corresponds to multiple checks, creating a one-to-many relationship. Traditional spreadsheet-based methods struggle to efficiently handle these situations.

Teams spend up to 90% of their allotted investigation time preparing and managing the significant volume of intricate evidence, which can take weeks or even months. Companies often continue to sustain fraud losses during this time, and the extended investigation timeline and associated expenses force companies to pursue only the most obvious and costly cases.

Forensic investigations generate extensive documentation, including detailed reports, spreadsheets, transaction logs and audit trails. Compliance professionals must review and understand this dense and technical dataset to determine how the fraud occurred and then translate the investigation’s findings into policy and process improvements.

Because the prolonged data preparation stage effectively precludes a thorough examination of each individual transaction, compliance teams may not be able to identify all failure points, preventing them from mitigating all risks.

Additional controls to prevent fraud

The ideal scenario is to prevent fraud entirely. In addition to the strategies mentioned above, the following internal controls help compliance and risk management teams inhibit check schemes.

• Separation of duties: No single individual should control all aspects of the check process. Dividing responsibilities increases oversight, and prevents any one person from exploiting checks’ vulnerabilities.
• Authorizations: Instituting additional steps in check approval processes — such as requiring multiple signatures — adds another layer of security.
• Regular risk assessments: Compliance teams should regularly evaluate their internal controls for effectiveness, adjusting them as technology and organizational processes change.
• Routine and surprise audits: Conducting audits catches irregularities in financial records but also deters fraud by increasing the threat of discovery.
• Education: Train employees on the signs of check fraud and the importance of adhering to internal controls. Educated employees are more likely to follow protocols and report suspicious activities.
• Positive pay system: In this system, the bank honors only checks that match a list of checks issued by the company, including check numbers, amounts and payee names, helping detect and reject unauthorized or altered checks.
• Automated transaction monitoring: Less than half of organizations currently employ proactive monitoring and analysis, but real-time monitoring will become a more accessible and effective method of detecting unusual activities.

While check usage is declining, the world is a long way from becoming a paperless financial system. As security around other transaction methods advances, physical checks will grow more attractive to fraudsters. Unfortunately, it doesn’t take a criminal mastermind to exploit them. Organizations must enhance and enforce internal fraud and compliance controls to counter this threat.