woman sitting at desk working on computer

Check Fraud Has Spiked: Here’s What To Do

Are you still writing checks? Most businesses are. While cybercrime has been stealing headlines as well as cash, the use of checks in business-to-business payments is still a substantial thing. Close to 40 percent of business payments are still on those nifty paper devices we relied on for so long.

With that many checks still circulating, they remain a target of fraud perpetrators. Occupational fraudsters—those working within organizations–may represent the more significant part of check fraud. The ACFE defines occupational fraud as “the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets.”

But check fraud is not only an internal problem. Recently, check fraud has spiked, and much of it has involved mail theft. The USPS now discourages mailing checks! Thieves hold up mail carriers, stealing the keys to mail and transfer boxes. Or they break into mailboxes to get their hands on checks.

“Washed” checks—where chemicals erase the payee and amount—can be repurposed for the holder’s benefit or sold online on the dark web.

What To Do – Part I: Controls!

Companies and their accounts payable departments must continue to follow proven practices to guard against check fraud, including such controls as segregation of duties, security of check stock and regular reconciliation. Here are several proven practices for protecting check payments:

  • Use blank check stock rather than pre-printed checks.
  • Use check stock with fraud prevention features.
  • Maintain a log of access to check stock and signature plates.
  • Use Positive Pay, and review and respond daily to Positive Pay exceptions.
  • Reconcile accounts promptly.
  • Consider online reporting and reconciliation services.
  • Secure blank check stock and facsimile signature plates in separate locations and under dual control.
  • Make frequent but irregular and unannounced audits of your check stock.
  • Centralize check writing for better control.
  • Immediately notify your bank of changes in signature authorization.
  • Segregate check writing and account reconciliation functions.
  • Set up a separate account for large-dollar checks.
  • Set up a separate account for manual checks with a maximum dollar limit.
  • Implement reporting that provides daily reports of checks above a given dollar threshold and out-of-sequence check numbers.

What To Do – Part II: Eliminate “The Check Is in the Mail”

Ultimately, you may want to accelerate the conversion of payments to ACH or other electronic methods. You might even find vendors ready to accelerate. Vendors are increasingly aware of and interested in real-time payments, which provides an additional impetus for them to accept electronic payments.

Checks have worked well for a very long time. But the risks associated with them have not diminished. The opportunities the dark web offers to sell checks provide new incentives to the bad guys.

Meanwhile, the announcement by the USPS warning against putting checks in the mail is extraordinary. For years, the USPS warned against sending cash, an admission that its security only goes so far. But to add checks to the warning goes against a century of practice and trust.

Consumers are way ahead of businesses because of the availability, speed and ease of use of alternative payment methods, from credit and debit cards to ACH and various payment apps. Consumers make only two percent of payments by check. Many younger generations don’t have checks or know how to write a check.

Businesses have lagged, though this continues to change. Of course, companies must not remove or skip check safeguards until there are no more checks to guard.

What To Do – Part III: Eliminate Email

Of course, the digital world is not free from fraud perpetrators either. As money has moved to cyberspace, criminals have followed, and companies have also had to develop security practices there.

A primary defense is to guard against system compromise. And while companies can secure systems, there is a weak link: users. The most common entry point for cybercriminals is through email. Business email compromise (BEC) and vendor email compromise (VEC) are serious threats. The criminals find great success using social engineering to exploit our susceptibilities. Consequently, cybercriminals breach companies regularly.

Controls are especially critical around email. Business email compromise is more costly than ransomeware according to the FBI. Of course in most companies, AP staff will review and independently confirm payment instructions or account changes that come via email, but that is a tedious process. It can be difficult to reach the vendor by phone, and how do they know who is calling them? Email is not a secure way to transmit sensitive data and by itself is insufficient for instructions and confirmations; furthermore, the manual confirmation work is inefficient. Employing a secure portal for vendor information transfers and communication is much safer and more efficient.

Meanwhile, the traditional control process of verifying a vendor’s bank account information has never been more vital. However, because of the tedious difficulties of manual verification, bank account verification automation is a tremendous asset to ensure that every vendor account is checked and verified.

Internal and external, in paper and digital environments, fraud threats abound. Organizations must keep abreast of old and new threats as they evolve their processes. In payments, eliminating paper checks, avoiding reliance on email for sensitive information and automating vital processes like bank account verification are significant steps to guard your organization’s cash.

To learn how VendorInfo can help, contact us.

Lets Talk!

Vendor Inquiries

— Simplified

Please enable JavaScript in your browser to complete this form.