9 Check-Tampering Schemes

Check-Tampering Schemes

A CHECK IS A CONTRACT TO PAY THE HOLDER of the check to be negotiated through a financial institution. It is the instrument by which the payor provides directions to the financial institution to provide the funds to the payee. In the event that the financial institution does not make the payment for any reason such as insufficient funds in the account or due to an error on the check, the check continues to be acknowledgment of the obligation of debt by the payor.

Even with today’s technology, with more and more payments being made electronically online, the physical hardcopy checks will remain as the business currency for some time to come. The sheer volume of business payments still made by check today will maintain this as the preferred method of payment. The traditional check-tampering fraud schemes will continue to exist as long as check payments exist. Electronic-payment systems open the door to new types of fraud that must be guarded against. Many organizations use both traditional checks and electronic transfer payments. It is not unusual that an organization would use electronic direct deposits for their payroll and checks as payments for everything else. It is also not unusual for a business to use a hybrid system for receiving payments. Checks sent into the organization are scanned and then deposited electronically into their account. The original checks are maintained for a period of time pursuant to the agreement with their financial institution before being destroyed.

In the United States, the Automated Clearing House (ACH) electronic network clears electronic payments between financial institutions. The Electronic Payments Association (NACHA) manages ACH’s governance, development, and administration.

In Canada, the Canadian Payments Association (CPA) operates the clearing and settlement of both electronic payments and checks.

Payments made electronically by organizations require access to the system that requires a user identification and password. Some systems include a security or authentication token—a hardware device used to log into payment systems. A secret personal identification number (PIN) must first be entered into the token. If the PIN is correct, then the token displays a number that allows the user to access the system. The number changes frequently and the token must be used for each log-in.

In order to manipulate payments, the fraudster needs to gain access to the payment system. Once this difficulty is overcome, the fraudster does not have to be concerned with some aspects that are associated with traditional check-tampering schemes that may necessitate producing counterfeit or altered checks, gaining access to physical checks, forging or obtaining authorizing signatures, and the endorsement of the checks.

The fraudster may have authorized access to the payment system so, while making legitimate payments, they can also make electronic payments to their own benefit. Passwords may also be obtained by coworkers who spy (“shoulder surf”) by watching an authorized user enter their password. If an authorized user leaves his computer momentarily while still logged into the payment system, a coworker may seize the opportunity to make payments or changes.

Outsiders may target an authorized employee with a spear-phishing e-mail. Spear phishing is the sending of a spoofed e-mail that appears to come from a trusted source. The message content seems reasonable and logical when it instructs the recipient to click on the embedded link. The link downloads spyware or a key logger that later captures the target’s login information. A less sophisticated version of the spoofed e-mail asks the target to log into a bogus website that requires the employee’s user name and password.

Once that information is available to the fraudster they have unfettered access and the payment system is compromised.


The opportunities for fraud with electronic payments can be mitigated if procedures and internal controls are in place and adhered to. Some of these prevention methods are listed here.

  • Institute a dual-control system where one employee initiates payments while a different employee has to approve and release the payments.
  • Do not permit the sharing of banking log-in access.
  • Do not permit offsite log-in access.
  • Ensure that the organization has a firewall installed along with up-to-date antispyware and antivirus software.
  • Log off the payment system when not in use. This should be done even if it is just for a short break.
  • Never open attachments or click on links in unsolicited e-mails.
  • Do not use a link to access the payment system even if it is included in e-mails that appear to be from the financial institution.
  • Organizations should use a separate computer for accessing the payment system. Both e-mail and other web browsers should be disabled on it.
  • Employ options available from the financial institution to help detect and prevent fraud, such as blocks and filters.
  • Review and reconcile accounts regularly for unauthorized payments.

When one avenue for fraud is closed off, the fraudster may move on to other areas. Typically, it would be in an area that they are familiar with. This move can be from the more traditional payment schemes to electronic-payment fraud. Alternatively, it can be from electronic payments to check-tampering fraud.


In order to perpetrate this fraud, a check is needed along with an authorized signature that can be cashed or converted by the fraudster. To continue with the fraud, previous frauds may need to be concealed.

Obtaining Checks

Checks are needed before check tampering can occur. Checks can be obtained in many ways, including: