FinCEN analyzed 15,000 check fraud cases. Here's what they found.

An analysis published Monday by the Financial Crimes Enforcement Network shines a light on the preferred methods criminals use to commit check fraud, finding that they prefer simplistic methods that avoid contact with human tellers but still involve some check manipulation.

The report comes a year and a half after the network, a bureau of the U.S. Department of the Treasury, issued an alert about the connection between mail theft and check fraud. In that alert, FinCEN requested that financial institutions, and other companies that submit Suspicious Activity Reports related to check fraud, flag cases where mail theft appeared to be involved.

In the six months following that alert, FinCEN received 15,417 reports of mail theft-related check fraud, from 841 financial institutions, amounting to $688 million in reported suspicious activity.

These schemes tended to involve large amounts of money; the average amount involved in a report of mail theft-related check fraud was $44,774, and the median was $14,215. Only a small percentage of reports — less than 0.1% — involved $0, $1 or an unreported amount of money.

According to the analysis, "numerous" filings reported the entire check amount even though no transaction occurred. It is therefore unclear how much money in total was stolen from banks and consumers in mail theft-related check fraud schemes during the six-month period.

In 44% of cases analyzed, scammers altered a stolen check, then deposited or cashed it, according to the FinCEN analysis, making this the most common outcome after a check was stolen from the mail. In 26% of cases, stolen checks were used as templates to create counterfeit checks, and in 20% of cases, stolen checks were fraudulently signed and deposited.

The analysis lists a range of check-manipulation methodologies, varying in their level of sophistication. The most basic methods involve fraudulently endorsing a check without modifying any information on it. This involved someone signing their name on the back of the stolen check and attempting to deposit it.

Unsophisticated methods also include attempts by fraudsters to make it appear as though the intended payee had signed the check over to them, an arrangement known as third-party payment or negotiating the check. Another unsophisticated method is altering the payee or dollar amount without washing the check, either by crossing out the original information or using white out.

Moderately sophisticated methods include washing the check with chemicals that remove ink, selling information from a stolen check online, using compromised checks to create counterfeits, and stealing newly ordered blank checks from the mail.

The analysis listed three sophisticated methodologies. The first was new account fraud, which involves opening a new account, typically online, specifically designed to negotiate stolen checks. This most often occurred when stolen checks were made out to businesses, according to the analysis. Scammers opened accounts in the name of the payee or a name that is nearly identical. These accounts might use fake addresses, stolen identity information, or synthetic identities.

The second kind of sophisticated methodology is mail theft-related check fraud as part of a larger scam, mostly romance and employment scams. In these cases, fraudsters persuaded victims to negotiate a check then send the funds elsewhere, turning their victims into money mules.

The third kind of sophisticated scheme involved enlisting insider assistance at financial institutions or the U.S. Postal Service. In one case, federal prosecutors charged a Postal Service employee last year with stealing nearly $1.7 million in checks from the mail, altering the checks and depositing them into his own account.

Unsurprisingly, the analysis indicates that criminals try to avoid interaction with bank personnel, preferring to deposit stolen or fraudulent checks at ATMs or via remote deposit capture. The finding adds context to research released last year that found fraudsters recruiting so-called check walkers on messaging app Telegram to deposit checks inside bank branches, suggesting that such schemes are not a preferred method for scammers.

Pursuant to the Bank Secrecy Act, a financial institution must file an SAR when it "knows, suspects, or has reason to suspect" a transaction involved illegal activity, according to FinCEN. As such, the network's Financial Trend Analysis of the 15,000 reports represents some of the most comprehensive data on mail theft-driven check fraud publicly released to date.

"The FTA demonstrates the severity of mail theft-related check fraud and why fraud is a high priority, while also highlighting the important role that financial institutions play in reporting information pursuant to the Bank Secrecy Act to assist in bringing fraudsters to justice," Chief Postal Inspector Gary R. Barksdale said in a press release.

Victims of check fraud include the individuals whose checks are stolen and cashed, but according to the Office of the Comptroller of the Currency, these individuals are only liable in cases where "the customer's failure to exercise ordinary care substantially contributed to an alteration or forgery." Even in these cases, the individual's bank might still be required to reimburse the customer if the bank "failed to exercise ordinary care in handling the check," the OCC said.

Because of these consumer protections, banks are often left to fight each other over reimbursing losses suffered by check fraud and to accuse each other of lax check-fraud controls.

In a case where check fraud is detected after the check clears, the bank that receives the fraudulent check (the bank of first deposit) will notify a clearing house, the Federal Reserve, or the payor bank directly to facilitate a transfer from the payor's bank.

If the fraud is detected only after the inter-bank transfer, the payor's bank will often reimburse the payor. However, recovering those funds from the bank of first deposit can take months, leaving the payor's bank in the red in the meantime.

Filing an SAR when check fraud occurs helps investigators resolve these conflicts, according to Barksdale, who oversees the U.S. Postal Inspection Service, the Postal Service's law enforcement arm.

"Suspicious Activity Reports are a valuable tool utilized by Postal Inspectors for not only targeting criminal networks and their illegally derived assets, but they also aid in the identification of victims," Barksdale said. "Postal Inspectors are committed to helping financial crime victims using all available resources and aim to ultimately make these victims whole through restitution."