My husband’s insurance agent called as we prepared to drive out of town a week before Christmas. The premium had not been paid on his liability policy, and the policy was about to be canceled. My husband went to his online banking app (yes, he uses a bank!) and saw that the check had been cleared 10 days prior. As he began to berate the insurance agent for their lack of controls, the agent calmly asked who had endorsed the check. It turns out a “Floyd Lloyd” (really) had cashed the check. The agent then calmly responded that no such person worked at their agency. My husband handed me the phone, and I gave the agent a credit card to secure the premium while we were driving to our destination. My husband then called his banker and reported the fraudulent check, saying he would be in after the holiday to file the police report. The stolen amount was about $6,000 at this point.

Unfortunately, the banker made a mistake that would expose my husband’s business to thousands of dollars of additional fraud: The banker left the compromised account open.

Despite my almost 20 years in BSA/AML compliance work, my husband’s business was defrauded. Now, one reason might be that he doesn’t listen to me and my experience – what husband listens to his wife – but he was actually the victim of a widespread and, in my opinion, under-reported problem: stolen U.S. mail.

You're invited to the next ACAMS Central Ohio Chapter virtual event

10 Recommendations for an Effective BSA/AML/OFAC Risk Assessment
Date: February 10
Time: 5:00 p.m. - 7:00 p.m. ET
Cost: Free


Register Now

Discovering the scope of the problem

Back home after Christmas, my husband was driving by the suburban post office that he typically uses. He saw that the mailboxes out front were tied up in caution tape and marked “out of order.” He went into the branch and asked what was going on. It turned out that the mailboxes had been broken into and mail was stolen. Ah ha! The missing insurance check wasn’t the agency’s fault after all. And the scope of the problem quickly became much bigger. Within a day or two, more checks were now being passed on my husband’s business account. These checks included those mailed at the same time as the insurance payment that were payable to other businesses along with more sophisticated duplication, and of checks with different check numbers and “washing” the payee line (inserting other payees). The checks were being deposited as far as two states away, and the toll was mounting up to nearly $30,000.

Another police report was filed with the bank. This time, a hold was placed on the account and another account opened. The financial institution employed reverse positive pay, which meant my husband verified every check presented for clearing since there were still several bona fide checks issued that needed to be cleared, especially with the holiday-shortened mail and banking calendar.

Other than the stolen U.S. mail, the reasons for my husband’s business fraud are numerous:

  • Still using checks/share drafts. Despite long-standing efforts to eliminate checks/share drafts from the financial system, the reality is that many small businesses and entrepreneurs are not sophisticated enough to accept ACH or even have a website for processing payments. Small businesses often cannot afford the interchange paid for credit-card processing, including fintech services like Square. These are the kinds of “mom and pop” businesses my husband uses.
  • Not using his financial institution’s “bill pay” to set up payments, including checks. My husband’s issue is that he uses several one-time vendors, and the time and effort used to set up a vendor for payment is not worth the stamp and security. And then, one must deal with a long list of vendors available to pay, setting up the possibility of erroneously paying the wrong vendor. His time is worth more, according to him. (Of course, now that he has been defrauded, one could say, “I told you so.”)
  • Not performing adequate due diligence. Small businesses notoriously lack staff and “time” to conduct due diligence on their bank/credit union accounts. Thus, they are ripe targets for fraudsters. Many do not even balance their monthly statements.

In notifying our local area of the nearby post office breach using the Next-Door app, those who responded reported a significant number of similar incidents at several other mailboxes within 10 miles of our home over the past four months. It appears that this problem is significant and widespread in Central Ohio. One local television station even reported a story on stolen mail about 90 days prior, followed by another station reporting on the issue around the time my husband’s mail was likely stolen.

Action steps to take once fraud is identified

First, put an immediate hold on the account when any fraudulent check is identified. My husband’s banker failed to do so, leading to tens of thousands of additional fraudulent checks. It takes at least 30 days for the fraud to be reimbursed. Often longer, depending on the institution. Many small businesses cannot afford this scope of loss. Fraud will stop when the account runs out of money.

Second, provide positive pay or reverse positive pay for your business members. Positive pay involves the business sharing its list of issued share drafts with the financial institution when they are issued; it would not prevent this type of endorsement fraud. Reverse positive pay is where a list of share drafts presented for payment each day is sent to the member for review and approval. In the case of fraud, reverse positive pay allows for the orderly unwinding of outstanding legitimate share drafts. With fraud so rampant, sophisticated businesses will soon demand these products. Larger businesses already require them. Check with your processing system provider on availability if you serve many business members.

Third, work with and report fraud to local, state, or federal law enforcement as soon as it is identified; and then, file the Suspicious Activity Report (SAR) by the deadline. In this column, I often espouse a partnership with local law enforcement that must be cultivated. Many of these fraud incidents are criminal enterprises or “rings.” More reports help law enforcement in terms of identifying the criminal(s), as there are multiple victims of the same “rings.” As soon as a “hold” is placed on the account, the fraudulent activity shuts down, reducing the dollars lost. The fraudster likely moves on, but there is evidence found in the production of the fraud items, how and where the items are attempted, and the dates of the mail and items clearing. Any possibility of collusion with financial institution staff must be quickly investigated, as well.

Fourth, train your members. My husband immediately assumed (and you know what happens when you assume) that because the share draft had cleared that the payment was properly posted by the payee business. He failed to look at the endorsements when he balanced his account each month. Train your members to review the endorsements of their share drafts, especially when paying small businesses. If you fail to pay your credit card, the statement the following month will show you, but small businesses often do not have a sophisticated invoicing system. Train your member to report an unusual endorsement; in this case, the question to ask would be “why would an individual sign a business check without an endorsement by the business, too?” And/or “why would any business attempt to cash a business share draft?”

That question leads me to the last point: Training your staff is key. If an individual wishes to “cash” a share draft payable to a business, does your staff know to question this? It is extremely rare for an insurance agency to attempt to cash a share draft payable to the business with a single endorsement by an individual at a branch. In fact, I can think of no reason except the SAR-reportable crime of tax evasion.

Looking ahead, solutions and recommendations for your credit union

What solutions are in your toolbox to help your credit union and/or your members thwart the threat of fraudulent share drafts? For example, Corporate One’s corporate draft solution features Positive Pay, a complimentary application available to our members who use our share-drafts service, which allows you to reconcile corporate checking accounts. With Positive Pay, credit unions can:

  • Detect fraudulent checks at the point of presentment and prevent them from being paid.
  • Validate paid items once entered or uploaded into TranzCapture.
  • Identify any research items, including exceptions/forgeries.

In addition, if you would like to share experiences related to incidents of fraud your credit union has seen, feel free to email me at; and I will be happy to write a follow-up article sharing your examples and recommendations. Just make sure your victims are anonymous, and do not share SAR-reported information. As we all work together to combat the threat of fraud, here’s to a safe and prosperous New Year.

Jennifer Morrison
VP, Senior Risk Manager

plus background image bottom right