How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss

Financial institutions face a surging threat from check fraud, exacerbated by the pandemic and economic impact payments. Criminals increasingly steal physical checks from US mail systems using stolen USPS arrow keys, then alter them via chemical washing or digital cooking. These fraudulent instruments are sold on illicit online marketplaces and dark web forums, often monetized through cryptocurrency or ATM withdrawals. In 2022, US banks filed 680,000 suspicious activity reports, nearly double the previous year. To combat this, organizations must leverage threat intelligence to monitor illicit communities on platforms like Telegram and the dark web. Actionable intelligence provides visibility into stolen check transactions and alteration services. Mitigation requires focusing on four key elements: visibility into illicit channels, timely alerting, understanding actor methodologies, and proactive disruption. This intelligence-led approach helps prevent significant financial loss and reputational damage associated with legacy payment vulnerabilities.

Criminals increasingly steal checks and sell them on illicit online marketplaces, where check fraud-related services are common. Intelligence is helping the financial sector fight back The post How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss appeared first on Flashpoint .

Financial institutions face a surging threat from check fraud, exacerbated by the pandemic and economic impact payments. Criminals increasingly steal physical checks from US mail systems using stolen USPS arrow keys, then alter them via chemical washing or digital cooking. These fraudulent instruments are sold on illicit online marketplaces and dark web forums, often monetized through cryptocurrency or ATM withdrawals. In 2022, US banks filed 680,000 suspicious activity reports, nearly double the previous year. To combat this, organizations must leverage threat intelligence to monitor illicit communities on platforms like Telegram and the dark web. Actionable intelligence provides visibility into stolen check transactions and alteration services. Mitigation requires focusing on four key elements: visibility into illicit channels, timely alerting, understanding actor methodologies, and proactive disruption. This intelligence-led approach helps prevent significant financial loss and reputational damage associated with legacy payment vulnerabilities. Criminals increasingly steal checks and sell them on illicit online marketplaces, where check fraud-related services are common. Intelligence is helping the financial sector fight back The post How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss appeared first on Flashpoint . Blogs Blog How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss Criminals increasingly steal checks and sell them on illicit online marketplaces, where check fraud-related services are common. Intelligence is helping the financial sector fight back SHARE THIS: Flashpoint May 18, 2023 Table Of Contents Table of Contents Stolen checks and Covid-19 Check fraud: A mini use case Four key elements of actionable check fraud intelligence Combat check fraud More subscribe to our newsletter Stolen checks and the impact of Covid-19 Checks are one of the most vulnerable legacy payment methods. Check fraud can actively affect the bottom lines (and reputations) of banks, financial services organizations, government entities, and many other organizations that utilize checks. According to the Financial Crimes Enforcement Network (FinCEN), fraud—including check fraud—is “the largest source of illicit proceeds in the US” as well as “one of the most significant money laundering threats to the United States.” Targeting the mail Criminals target the US mail system to steal a variety of checks. In fact, there is a nationwide surge in check fraud schemes targeting the US mail and shipping system, as threat actors continue to steal, alter, and sell checks through illicit means and channels. This includes personal checks and tax refund checks to government or government assistance-related checks (Social Security payments, e.g.). Business checks are also a primary target because they are often written for larger amounts and may take longer for the victim to identify fraudulent activity . In 2022 alone, US banks filed 680,000 check fraud-related suspicious activity reports (SARs). This represents a nearly two-fold increase from 2021 (which itself represents a 23 percent YoY increase from 2020). This surge in check fraud has been exacerbated by Covid-19 Economic Impact Payments (EIPs) under the CARES Act, which presented threat actors with a new avenue to attempt to commit fraud. Related Reading This Is What Covid Fraud Looks Like: Targeting Government Relief Funding Read now Check fraud: A mini use case In order to mitigate and ultimately prevent check-fraud-related risks, it’s crucial for financial intelligence and fraud teams to understand what threat actors seek, how they work, and where they operate. This begins, as we detail below, with intelligence into the communities, forums, and marketplaces where check fraud occurs as well as the tools that enable deep understandings, timely insights, and measurable action. Below is an intelligence narrative, in three acts, that tells the story of how transactions involving some of the above examples could play out. Act I: Obtain Threat actors are known to remove mail from individuals’ mailboxes and parcel lockers using blue box “arrow” master keys. These arrow keys are often stolen from USPS employees, which has led to numerous incidents of harassment, threats, and even violence. Generally, arrow keys are sold within illicit community chats and/or the deep and dark web, often fetching upwards of $3,000 per key. In general, when it comes to check fraud, threat actors may sell or seek: Mailbox keys Stolen checks Check alteration services (physical and digital) Synthetic identity provisioning Drop account sharing Counterfeit check creation Writing a check with insufficient funds behind it Insider access A screenshot of Flashpoint’s Ignite platform, showing the results of an OCR-driven search for stolen checks. Act II: Alter Check alteration comes in two forms: “washing” and “cooking.” Washing refers to the process of altering a...