The check (fraud) is in the mail. Are stronger mailboxes the solution?

Row of mailboxes
The U.S. Postal Service reported tens of thousands of mail theft incidents last year from mail receptacles including USPS collection boxes.
Adobe Stock

Those battling alarming rates of check fraud applauded the U.S. Postal Service's latest initiatives to make it more secure to mail checks. But experts say stamping out check fraud will take time, due to multiple contributing factors. 

The USPS will add 12,000 new high-security mail collection boxes across the nation and install electronic locks on 49,000 existing collection boxes, in an effort to block crooks from stealing checks from outbound mail, the USPS announced last week.

The plan includes phasing out the universal "arrow" keys postal workers have used to access mail in collection boxes, which some criminals now control. New change-of-address processes will also go into effect this month, helping limit criminals' ability to monetize stolen checks and credit cards.

One of the toughest challenges in battling soaring check fraud is the fact that many of the stolen checks wreaking havoc on the U.S. banking system are for amounts under $1,000, meaning that they often slip undetected through banks' systems, fraud experts say. Larger checks created through sophisticated counterfeit check schemes also can get past bank filters.

"Attacks are coming from many fronts — mail theft, application fraud that turns into deposit fraud and counterfeit check creation," said Julie Conroy, head of risk insight and advisory at Aite-Novarica.

The scale of the problem is difficult to accurately measure because banks typically decline to discuss specific check-fraud issues. The Federal Reserve Bank of Richmond recently said banks filed 459,891 suspicious activity reports (SARS) required for check fraud last year, up more than 80% from 249,812 in 2021.

One driver of the recent check fraud surge was the successful adoption of EMV-enabled chip cards, which wiped out a significant amount of counterfeit card fraud, forcing fraudsters to revert to checks at a time when many banks had stopped modernizing their check-fraud control frameworks in anticipation of faster payments, Conroy said.

"Fraudsters have realized that deposit fraud represents a soft underbelly for most North American financial institutions and they're taking full advantage," she said.

Low-value checks constitute a huge chunk of new fraud in the last few years, according to Rodney Drake, chief strategy officer at Fort Worth, Texas-based Valid Systems, which provides technology banks use to reduce fraud risk. 

"Bank policies vary, but checks for under $1,000 often fall below a bank's threshold for launching a specific fraud investigation," Drake said. "But the number of smaller-size fraudulent checks is escalating, which can add up to steep losses pretty fast."

ATMs are another major vector of check fraud for banks, because ATM check deposit rules are looser and there are fewer limits on the values of checks users may deposit, he said.

Valid uses machine learning and behavioral analytics to analyze a bank's batch check-processing data and compares it with individual customers' typical transaction behaviors to spot unusual patterns that suggest check fraud, generating a risk score, Drake said.

But spotting irregular customer patterns can only go so far, because check fraud has become so complex and varied, according to Jennifer Zatkos, a New York state-based bank fraud detection expert who has worked at Lake Shore Savings Bank in Dunkirk and previously served more than 14 years at M&T Bank in Buffalo.

Among the most common check-fraud types Zatkos routinely handles, counterfeit checks created by hand are easier to detect because the signature and handwriting deviate from prior cleared checks; the check's serial number may not match the pattern or the amount is odd.

But for checks stolen from the mail for routine payments such as bills, banks struggle to see anything out of the ordinary until the payer disputes a transaction — often much later, according to Zatkos.

"If a customer writes a check for $242.67 to the gas company and a thief intercepts and cashes it, no one recognizes the problem until the gas company notes an unpaid bill later on," Zatkos said. 

The most insidious recent check-fraud scheme involves counterfeit checks using a stolen check image as a roadmap, she said. 

"Many times these counterfeit checks are remarkably strong, with security features that match, and although the amount may be a bit larger than normal, the signature plus handwriting and serial number all look normal," Zatkos said. 

Checks issued as donations are also magnets for fraud, where criminals take incoming checks intended for a church or other organization directly from recipients' mailboxes, which are often unguarded.

"The fraudster drives by a mailbox every day and steals most of the envelopes, depositing them via mobile deposit to their bank without altering the payee, and the amount is often so low the bank doesn't even review the transaction," Zatkos said.

The spread of identity theft and more recent rise of synthetic identities also makes it increasingly difficult to track stolen checks to their source because fraudsters are opening "mule" accounts with stolen or fabricated personal information, she said.

"Fraudsters know that if same-day mobile check deposits at an institution cut off at 10 p.m., they'll deposit at 9:55 p.m., hoping the bank won't find the fraud before the midnight-to-5 a.m. window when the deposit posts," Zatkos said. 

Earlier this year, smaller banks asked federal regulators to help stem the expansion of check fraud. But those battling check fraud inside banks say many institutions are disinterested in investing in new check-detection tools because check use overall continues declining as part of the recent rise of faster payments, according to Zatkos.

"It's very hard for fraud departments to get executive-team support to invest in protective measures for checks, when newer payment methods have rules and accountability baked in," she said.

Amid cutbacks in recent years in the USPS' federal funding — which led to lower postal police protection and surveillance — regional postal offices continue to urge consumers to put outgoing mail into secure mailboxes. 

There were 412 robberies of USPS letter carriers during the agency's 2022 fiscal year, and the rate accelerated during the first half of this fiscal year to reach 305 letter-carrier robberies, USPS said in its recent press release. In addition, last year there were 38,500 incidents of mail theft from outgoing mail receptacles, including from USPS collection boxes.

The USPS said it's recently introduced a new "dual authentication" requirement for people changing their addresses online. Consumers will now receive a validation letter at their old address and an activation letter at their new address, and third parties are no longer allowed to submit change-of-address requests. The USPS has also developed an enhanced change-of-address form that will be available at post offices at the end of this month. 

For reprint and licensing requests for this article, click here.
Payments
MORE FROM AMERICAN BANKER