So, you are saying printed checks are an absolute liability to the account owner and there is nothing to do to stop others from stealing your money beyond possibly paying the bank more money to try to stop this?
I wasn’t worried before because I have no debit card on my main checking account, but I am now. What the fuck?
Highly, highly doubtful. If it were that easy, it would have been done a couple of quadrillion times.
Which part of my post are you addressing? Not pushing back, just trying to make sure we’re on the same page.
I mean, I have first hand experience. I’ve had checks clear my account that had my business name/address and my account info at the bottom, but other than that, it wasn’t even the same checks that we use. That is, they didn’t wash our checks and reuse them, they made new ones.
How else would they have done this? Here’s a blank business check. If you had my checking account info, typed it across the bottom with a MICR* font, filled in the rest of the info (our business name, bank name etc), printed it out and deposited it with your phone, what’s going to stop it from going through? The app will think it’s real and a human isn’t going to see it until it hits my account.
I’m not trying to be snarky, but this has happened to me and I can’t think of another way it would have happened.
*If one were so inclined, you can buy MICR ink for an inkjet printer so the physical checks would work as well.
A scammer just needs to take a digital photo of a stolen check and then use commercially available software to alter it to make counterfeit checks.
What is Check Baking?
Check baking repurposes portions of checks (account numbers, signatures, etc.) and pieces them together to generate check images using photo editing software. Those images are deposited through any remote deposit capture systems that accepts images of checks.
Check baking is an effective tactic for fraudsters due to its inherent differences from checkwashing. Traditional checkwashing allows for the alteration of only one check at a time, necessitating the procurement of multiple checks to execute more fraudulent transactions. In contrast, check baking enables fraudsters to effortlessly produce numerous counterfeit checks and deposit them into various drop accounts (fake or temporary accounts set up specifically for fraudulent activities).
Correct, you’ve identified how it could be done and how it was probably done in the OP, as well as to you and your business. These techniques are more sophisticated and complicated than what can be done by a casual user. And as you state, the bad guy would need your account info as well.
Back to the OP, I’m wondering if somebody took a picture/copy of the check BEFORE it was presented to the OP’s wife, then used the method described in your first link.
I believe you have confirmed that a photo of a check is all that is needed to steal money (or, the routing and account number from the bottom of a check). I’m still curious who is liable for money stolen in that fashion? If someone steals money using stolen credit card info, I believe it is on the CC company. What about if my routing and account number get out? Can I ask my bank to not process any checks on an account? A ton of people have handled my routing and account number over the years and they never change unlike my CC info.
That’s almost literally the exact topic I’ve been meaning to start forever and just never got around to it. If you or someone else wants to start it, I’m interested. I go through each and every check that hits our bank every single morning, Monday-Saturday, so I was able to catch and report these within an hour of the bank opening. The bank told me that makes it a lot easier for them since the money hasn’t actually left their possession yet and it’s easier to not transfer it than to try and claw it back. The check that was deposited and not caught until much later (because the actual check that I actually wrote, with no changes, was deposited by an unknown 3rd party, so it looked fine on my end), is 2ish months in the process of trying to get it back.
In any case, I am curious about this as well. Presumably the account holder has no responsibility here. I don’t see why they would either. All they did was use a check as intended (mailing it). In the end, it’s likely my bank’s responsibility since, ultimately, they’re the ones that are supposed to be safeguarding my money against exactly this.
In fact, after I pulled all my business accounts out of the bank that allowed all the fake (not washed, fake) checks, I still had some lingering personal accounts there. A few months later one of those accounts had it’s debit card used. I reported it, they said ‘nope, it was totally you’, even after I tried to explain that this card would never, ever have been used at that store (and on Easter Sunday), they wouldn’t refund it. After that, I closed out my 3 remaining personal accounts. And while talking to the banker, I made it clear that one of my reasons for leaving the bank, and I don’t think this was an exaggeration, was that my money is, very clearly, not safe here. They’ve proven time and time again that they’ll just hand it out to anyone that asks.
It’s generally on the CC company, but in some circumstances that liability shifts to the merchant. That seems to be less and less the case (at least IME) as we’ve moved away from swiping your card and signing on a piece of paper.
I’m not sure, but it’s a good question. One of my concerns would be that checks (or eChecks) are intertwined into the ACH system and that could cause problems. I have no idea if that’s a valid concern though.
Up until the last few years, your CC number and month of the expiration date were likely static. That’s generally all that’s needed to get the card to go through. I have keyed in thousands of credit card numbers over the years. Keeping in mind these were all transactions for customers I personally knew, no fraud involved, and I always made sure to get the updated info the next time I talked to them. I could generally work around a missing or wrong CVV or zip code and if the card was expired, using the same month and moving the year a few years into the future worked more often than it didn’t.
But with that (or simultaneously to that), that changing credit card info is usually pushed to businesses that keep it on file (not locally, with their processor). I rarely have to update cards I have on file. When was the last time you got a new card and had to update Netflix or Amazon? It’s convenient, but it also means that business that you used once or twice 5 years ago may still have your current CC info. For a number of reasons, I’d often prefer if that info stopped working after a while.
If it was done by printing a photo of a check, I would think that the account holder would realize the fake check in his hand was different than the checks in his checkbook. I would image that the feel of the paper would be different, the security pattern would be blurry, and other physical aspects would be different. I can see how the bank would accept a forged check, but it seems like it would be obvious that the check was a copy if you could compare it to the real checks.
And I wouldn’t think the forger would have any reason to print a check from a photo or try to create an exact photocopy. All that’s needed is the routing/account numbers. They could just print their own checks with those numbers and they can write as many checks as they like.
The person who deposited it (may or may not have) used a picture to create a physical check, but the account owner probably just had an image from the bank on their phone or printout of it.
Just wondering; is MICR ink even needed any longer? Aren’t checks processed by being scanned nowadays?
Correct, but I believe you would still need a MICR font, which are easily obtained, as @Joey_P has mentioned.
His credit union should make him whole on the fraud. It’s their responsibility to ensure that documents presented for payment are true and correct.
It’s not his responsibility to go around and investigate with his vendors and payees of checks and implying they are responsible.
This, exactly. If he has a copy of the fraudulent check (presumably from his statement), he should have a copy of the valid check as well. Presenting both of those copies to somebody in the CU should convince them that they are at fault.
There are typically* four parties to an ACH, much like a check; however, unlike a check there may be two directions, debit & credits. The origininator - the party who initiates the ACH, the ODFI (Originating Depository Financial Institution, aka, the originator’s bank), the RDFI (Receiving Depository Financial Institution), & the receiver.
If you, Joe Consumer, initiate a txn via your bank’s bill pay system to pay your utility bill you are the originator, your bank is the ODFI, the utility company’s bank is the RDFI, & utility('s payments acct) is the receiver. In this case you are initiating a credit. However, if you give your utility authorization to deduct funds from your acct, either one time or recurring, then they are the initiator, their bank is the ODFI, your bank is the RDFI & you are the receiver & they are initiating a debit to your acct.
Consumer accounts can typically can only initiate credits, meaning you can send someone else money but you can’t take it from them. Corporate accts, OTOH, can sign up to issue both debits & credits. The utility initiates debits to their customers but credits to their employees (direct deposit) on payday.
Every day there are ACH returns, there’s something like 80 separate & unique return codes/reasons. Some are kind of obvious based on what information is sent, & yes, there is some technical hair splitting between some of the codes. Codes include:
R01 - NSF
R02 - Acct closed
R03 - No acct / unable to locate, which is slightly different than
R04 - Invalid Account Number
R07 - Authorization Revoked by Customer
R10 - Customer Advises Not Authorized
Anyone who can initiate debits can take funds from your acct. If you notice an unauthorized debit, you can go to your bank (or possibly their website or app) & initiate a dispute for the item(s) in question. Your bank may give you provisional credit but they also go back to the ODFI who goes back to their originator & says, “prove it”. If they don’t have proper documetation / recordings of you allowing them to debit you the ODFI takes back the credit given to the originator & puts a black mark in their file; if the originator gets enough black marks (as a percentage, by reg it’s ½% but many banks make it much lower than that) & they will be banned by their bank from initiating any more ACHs & quite possibly have their accts closed so they wouldn’t get away with it / away with it for very long if they tried.
.* There can be three parties if you both the originator & receiver happen to bank at the same institution, then the bank is both the ODFI & RDFI & typically treat it as an ‘on-us’ transaction typically processed internally but everything else is still the same.
No idea. The only reason I’m even aware of is because I had been entertaining the thought (about 15 years ago) of printing my own checks and I ran across it. If you search for it on Amazon, it appears to still be selling, so someone’s using it.
I’m still using it to print checks with software that ties into Quicken. I run the system on an elderly Windows XP computer no longer connected to the Internet, just to its dedicated little inkjet printer.
