Check Fraud in the Modern Payments Landscape

Anurag Mohapatra, Senior Product Manager, Fraud & Authentication, NICE Actimize
Check Fraud in the Modern Payments Landscape

Examining Trends, Risks, and Relevance

Even in the face of the ongoing evolution toward digital alternatives, the enduring significance of checks within the financial routines of countless Americans remains evident. Federal Reserve data has established that checks continue to be integral, with more than 3.4 billion checks written in 2022, each bearing an average value surpassing $2,500—a testament to their enduring relevance.1 However, this continued utility is accompanied by the shadow of check fraud.

Between 2019 and 2022, reported instances of check fraud surged by 140%, resulting in a substantial 680,000 Suspicious Activity Reports (SARs) being filed.2 The persistence of this trend is evidenced by over 360,084 SARs filed for checks in 2023.3 The NICE Actimize Fraud Insights Report underscores this issue, indicating a 171% increase in attempted dollar amounts for check fraud in 2022.4

Check Fraud—Whose Problem is it?

Everyone, from Tier 1 Banks to regional banks and credit unions, feels the impact of check fraud. Fraud executives at some Tier 1 banks NICE Actimize works with noted daily losses from check fraud are significant compared to historical pasts. The losses include deposit fraud, counterfeit checks and altered in-clearing items. While some larger banks are better equipped to combat these challenges, the situation is much worse for smaller credit unions, with an estimated $94 million in losses for 2022.

Fraudsters’ methods further compound the complexity. Criminals deposit fraudulently altered checks with funds drawn from the customers’ accounts in community banks at some of the largest banks. The larger banks then clear those checks, leading to a protracted process to determine the liability and reimbursement for the losses.

A survey by the CBAI revealed a disconcerting pattern among credit unions with assets under $10 billion, as over 60% of community banks encountered obstacles while seeking reimbursement for fraudulent returns, amounting to a collective toll of approximately $65 million.5

Why the Sudden Uptick in Check Fraud?

According to the Federal Reserve, while the number of checks in circulation has decreased in 2022, the fraud rate indicated by the number of SARs filed has increased by over 400%. There are several factors contributing to check fraud’s resurgence:

  1. Mail Theft—2022 witnessed a surge in reported mail theft incidents, reaching 38,500 cases. This figure has already surpassed 25,000 in the current year, showcasing the persistence of this criminal activity. [i]Exploiting vulnerabilities, fraudsters target mail carriers and procure “Arrow Keys,” affording them access to all mail receptacles within designated zip codes. The trove of pilfered personal and business checks and documents containing Personally Identifiable Information (PII) is substantial. These stolen checks undergo manipulation and alteration where fraudsters change details like the Payee Name and legal amounts to be deposited into their own accounts for cash out.
  2. Dark Web—The evolution of the dark web marketplace has fortified fraudsters’ operations, facilitating the exchange of stolen checks and mailbox keys among their extensive networks. Counterfeit checks are marketed as “Glass,” indicating a guarantee that they will clear and can be purchased for a base fee representing a percentage of the value of the check. A stolen or counterfeit check is only useful if it’s deposited. Fraudsters use witting mules termed “walkers or runners,” who typically are recruited from vulnerable groups, such as elderly, disabled, or homeless people. These walkers and runners make deposits or cash fraudulent checks in person. Telegram channels are used to recruit witting money mules and are also used by fraud operators to advertise walkers or runners.
  3. Identity Theft and Mule accounts—Fraudsters capitalize on data extracted from stolen mail, online breaches, or illicit online purchases, crafting fraudulent identities. These false identities facilitate the creation of mule/drop accounts to deposit stolen and counterfeit checks. Fraudsters use remote deposits or ATMs to deposit these checks into the mule accounts and withdraw funds. The NICE Actimize Fraud Insights Report underscores the prevalence of mule activity and first-party fraud characteristics—59% of new accounts exhibit such traits.

What can be Done to Mitigate risk of Check Fraud?

Regulatory agencies and the Postal Service wield considerable influence in mitigating the risks emanating from mail theft and check fraud.

  1. A notable precedent was set with a recent advisory issued by FINCEN, emphasizing avoiding mailing personal checks as a preventive measure without explicitly branding checks as unsafe. Encouraging consumers to avoid mailing personal checks could substantially curtail their circulation, serving as a potent deterrent against potential theft
  2. Furthermore, disseminating information regarding compromised mailboxes and high-risk zip codes empowers customers to make informed decisions, bolstering vigilance and minimizing potential losses
  3. Additionally, affording the Postal Police Officers Association the authority to enhance mailbox security and conduct routine patrols in areas experiencing high mail theft incidents can offer a proactive strategy to suppress criminal activities

In their pivotal role, banks can harness advanced technology and robust strategies to effectively manage and mitigate the intricate risks tied to check fraud.

  1. Increasing friction – While we generally try to decrease customer friction, having a customer go through extra validation can help reduce the attempted fraud rate in the case of check deposits. An example of such friction was implemented by the Reserve Bank of India, requiring customers to indicate the details of the check they wrote through net/mobile banking or a physical visit to the branch. Implementing such a method would increase the friction for both customers and fraudsters, potentially making a dent in their attempts.
  2. Implement targeted fraud strategies that incorporate data including but not limited to customer reference data, third-party enrichments, and dark web sources. A few examples of such strategies include:

  3. a. Using name matching techniques to compare the name of the account versus payee name to weed out attempts at depositing stolen checks

    b. A typical pattern in many of the stolen business checks was to update the payee’s name and deposit these stolen checks into newly created mule accounts. In many cases, these checks were TCVS verified. Still, when carefully examined, we noticed the check issue date was prior to the account opening/date of incorporation on some accounts. Simple strategies like this that leverage customer reference data, including tenure and non-monetary history, can improve fraud detection rates

    c. Fraud prevention teams can collaborate with cybersecurity teams that monitor dark web activity or engage third-party vendors that source and catalog compromised accounts and checks sold on the dark web. Incorporating such data into fraud strategies can proactively flag risky activity.

  4. Image Analytics – Check Image analytics provides valuable insights in spotting fraud and reducing operational overhead. By leveraging advanced machine learning algorithms, image analytics models can identify signature and handwriting patterns and spot discrepancies in the check stock images.
  5. Money Mule detection strategies – A critical component in the check fraud scheme involves leveraging mule accounts to deposit stolen checks. However, banks can employ several analytical and fraud strategies to combat money mules. As noted in the Fraud Insights Report, 69% of new accounts exhibit mule characteristics. Using a robust account opening strategy powered by identity proofing signals and AI-enabled identity profiling models to detect stolen and synthetic identities can stop mule activity at the front door. In addition to identifying mule accounts during the application and opening stages, banks must stop mules across the account’s life cycle by leveraging techniques like early account monitoring and network analytics to uncover mule rings.

To learn more about how NICE Actimize prevents check fraud and protects our partner institutions, click here.


1 AP: Cases of Check Fraud Escalate Dramatically, with Americans Warned not to Mail Checks if Possible (2023)

2 U.S. Treasury: FinCEN Alert on Nationwide Surge in Mail Theft-Related Check Fraud Schemes Targeting the U.S. Mail (2023)

3 Thomson Reuters Institute: Suspicious Activity Reports Surge: 2023 Filings Expected to Set Another Record (2023)

4 NICE Actimize: 2023 Fraud Insights Report (2023)

5 CBAI: CBAI’s Compensation Survey (2023)

6Tips to Avoid Mail Theft and Check Fraud ( 


Speak to an Expert