Fraud is always a risk, even for eChecks

The weakest point in securing a paper check is the signature. Easy to forge, and often ignored by busy bank tellers, it’s supposed to be the key authenticator on a document that may authorize the transfer of thousands and sometimes even millions of dollars. At a time when you can’t open a smartphone without giving a fingerprint or log into a Tinder account without a password, it’s a remarkably outdated way of proving that the check has been authorized by the account holder.

It’s also one of the key reasons that paper checks remain the most frequently targeted payment method chosen by fraudsters. According a report by the Association for Financial Professionals, 71 percent of companies that experienced attempted or actual payments fraud in 2015 were victims of check fraud. That represents a fall from 77 percent the year before but only because businesses have continued to move away from the use of paper checks. For fraudsters, checks are common, they’re familiar and they don’t always require a great deal of ingenuity to use. Although some methods may be quite sophisticated and require technical equipment, it’s easy enough to steal a check and forge a signature to cash in on paper check fraud.

Digital checks have made forging signatures a great deal harder through the use of digital signatures. These work in a number of different ways but they’re always more than a scrawled name on a piece of paper — or even on a screen. They use asymmetric cryptography and typically employ three algorithms:

  • One algorithm to choose a private key at random from a set of possible private keys and to generate a corresponding public key.
  • One algorithm to generate a signature.
  • One algorithm to take the message, the public key and the signature, and confirm the signature’s authenticity.

The algorithm can identify if the signature has been altered and it’s impossible to forge or to steal.

Signature fraud is a real problem for businesses and individuals that use paper checks, but for users of eChecks, it’s not a realistic risk at all.

The same is true of other parts of a check that can be forged. Altering the amount on a check or changing the name of the recipient all rely on the eye of a teller to spot the alteration — and tellers have so little time that it doesn’t take too much more than courage (and audacity) for a fraudster to be able to push through an altered check. In 2013, “Lisa,” a reader of the consumer magazine Consumerist, found that her bank had processed no fewer than thirty checks, each for just over a thousand dollars each. The payments had emptied more than $32,000 from her account, placing her more than $30,000 overdrawn.

The checks were clearly fake. They had used Lisa’s name and her account number but they did not show her partner’s name on the address information. Despite that missing data, the bank honored each one of the thirty checks.

The bank reimbursed Lisa for her losses and she opened a new account… and was once again the victim of fraud. This time though, the method wasn’t a fraudulent paper check but an eCheck for $180.33 sent to Sprint.

Again, the bank repaid her, but that fraud is worth noting. One advantage that eChecks have over paper checks is that they can’t be altered or stolen or forged or copied. But the information used to create an eCheck can be taken. Like a paper check, an eCheck requires knowledge of the customer’s name and bank account details, both of which can be easily accessed. So while the risk of forgery is much lower for eChecks than it is for paper checks, the risk isn’t zero.

Even businesses that only accept eChecks and not paper checks will need to keep an eye on their accounts and try to spot any unauthorized payments.