Checks: The Oldest Payment Method and Its Modern Fraud Risks

Introduction: Reports of Its Death Have Been Greatly Exaggerated

Every few years, the payments industry announces that the check is finally dying. The data tells a more complicated story.

Checks have declined as a share of total payment volume — that much is true. But in dollar terms, and particularly in business-to-business payment contexts, checks remain a significant component of the disbursement mix at many organizations. The Association for Financial Professionals' 2024 Payments Fraud and Control Survey found that checks were still used by a majority of organizations for at least some vendor payments. In certain industries — construction, healthcare, professional services, real estate — check usage remains deeply embedded in vendor expectations and contractual practice.

The persistence of check usage would be unremarkable if checks were a low-risk payment method. They are not. Check fraud is the single most reported form of payment fraud in the United States by volume, and losses have increased sharply in recent years rather than declining alongside usage. The American Bankers Association's 2023 Deposit Account Fraud Survey Report estimated annual check fraud losses at more than $26 billion. FinCEN's 2023 analysis of Suspicious Activity Reports found that check fraud SARs had more than doubled in a two-year period, driven substantially by organized mail theft and check washing operations.

The paradox of check fraud is that an instrument most organizations regard as old-fashioned and low-tech has become the target of some of the most aggressive and well-organized fraud activity in the payment landscape. Understanding why requires understanding both the physical characteristics of the check as an instrument and the specific vulnerabilities those characteristics create.

How Checks Work: The Physical Instrument as the Control Point

A check is a written, signed order directing a bank to pay a specified sum from the drawer's account to the payee named on the instrument. Its key attributes — all of which are relevant to its fraud profile — are that it is a physical document, that it is negotiable, that it travels through a physical and electronic clearing chain before settlement, and that payment is not final at the moment of issuance.

When an organization issues a check, the instrument passes through a sequence of handling points: physical preparation and signing, mailing or hand delivery, receipt by the payee, deposit at the payee's bank, presentment to the paying bank (either physically or via check image under Check 21 legislation), and finally settlement and posting to the drawer's account. Each of these handling points is a potential fraud intercept.

The clearing cycle — typically one to two business days for most checks under current banking practice — creates a float window between issuance and posting. This window, once exploited primarily for cash management purposes, is now exploited routinely by fraud actors who understand that the paying bank does not know, at the moment of deposit, whether the instrument is genuine.

Unlike ACH or wire transfers, checks are negotiable instruments governed by Article 3 of the Uniform Commercial Code. This legal framework creates specific rules about who bears loss when a check is fraudulently altered or negotiated — rules that are not uniformly favorable to the issuing organization and that depend heavily on whether the organization maintained reasonable controls over its check issuance process.

The Modern Check Fraud Landscape

Check fraud in 2025 and 2026 is not the check kiting and forgery of prior decades — or rather, it is not only those things. The fraud landscape has expanded and professionalized substantially, driven by three developments: the explosion of mail theft targeting USPS collection boxes and postal carriers, the industrial-scale adoption of check washing and counterfeiting techniques, and the emergence of organized fraud networks that treat check fraud as a scalable criminal enterprise.

Mail Theft and Intercepted Checks

The most significant driver of the recent surge in check fraud losses is mail theft. Beginning in approximately 2021 and accelerating sharply through 2023 and 2024, organized criminal networks began systematically targeting USPS collection boxes and mail carriers — in many cases using stolen or duplicated postal master keys to access collection boxes and extract entire batches of outgoing mail.

Checks intercepted through mail theft are the raw material for subsequent fraud schemes. An intercepted check reveals the issuing organization's bank name, account number, routing number, and check number — information sufficient to create counterfeit checks drawn on the same account. It also provides a physical instrument that can be chemically altered to change the payee name or the dollar amount, leaving the MICR line, signature, and bank information intact.

FinCEN's February 2023 Financial Trend Analysis found that check fraud SARs increased 84 percent between 2021 and 2022 alone — a rate of increase that reflects the scaling of organized mail theft operations rather than any change in the underlying vulnerability of the check as an instrument. The vulnerability was always there. What changed was the industrial organization of the criminal activity exploiting it.

Check Washing

Check washing is the chemical alteration of a genuine check to change the payee name, the dollar amount, or both. The technique uses solvents — acetone, bleach and other chemicals available at retail — to remove ink from the check's paper surface while leaving the MICR line encoding and the authorized signature intact. The altered check is then re-presented with a fraudulent payee name and, typically, an inflated dollar amount.

A washed check is dangerous precisely because it is, in most respects, genuine. The MICR line is accurate. The signature is authentic. The check number is real. Standard bank verification procedures — which focus on MICR data and signature comparison — will not reliably detect chemical alteration. Unless the paying bank has Positive Pay controls in place that flag discrepancies between the presented check and the issued check record, a washed check will often post without challenge.

Checks printed on standard paper stock with standard office laser printers are particularly vulnerable to washing. Checks printed on chemically sensitized paper — which discolors visibly when solvents are applied — are substantially more resistant, though not immune.

Check Counterfeiting

Check counterfeiting differs from washing in that it involves the creation of a wholly fabricated check rather than the alteration of a genuine one. A counterfeit check reproduces the issuing organization's account number, routing number, bank name and check format — information readily available from any genuine check that has passed through the target organization's hands — and presents it as a new, authorized disbursement.

The quality of counterfeit checks has increased dramatically with the accessibility of high-resolution scanning, image editing software and high-quality printing equipment. Counterfeit checks that would have been immediately identifiable to a trained bank teller a decade ago are now routinely passing through automated check processing with no manual review.

Counterfeiting attacks typically produce multiple fraudulent checks drawn on the same account — a fraud pattern that may not be detected until the organization reconciles its bank statement and discovers disbursements it never authorized. By that point, the counterfeit checks have cleared, and the fraudsters have moved on.

Payee Name Manipulation

A subset of check fraud involves manipulation of the payee name on a legitimate check, either through washing or through alteration during the clearing process. Checks made payable to common vendor names — particularly names that include generic terms such as "Services," "Supply," or "Management" — are more easily altered to a similar name controlled by the fraudster than checks payable to highly specific, unique entity names.

This vulnerability is compounded by the check's negotiability under Article 3 of the UCC. A check payable to "ABC Services LLC" that is altered to read "ARC Services LLC" and deposited into an account held by a fraudulent entity named "ARC Services LLC" has, under the legal framework governing negotiable instruments, been negotiated — and the loss allocation question becomes considerably more complex.

Forged and Unauthorized Signatures

Signature forgery — using the authorized signer's signature without authorization — remains a component of the check fraud landscape, though it has become less central as check processing has moved away from manual signature review. Most high-volume check clearing is now image-based and largely automated, with human signature review reserved for checks above defined dollar thresholds. This creates a practical reality: forged signatures on checks below the signature review threshold frequently pass without scrutiny.

The insider dimension of signature fraud is significant. Employees with access to blank check stock and signature authority — or access to a signature stamp or digital signature file — can issue unauthorized checks with technically authentic signatures. This form of occupational fraud exploits both physical access and the absence of controls over blank check stock.

Fictitious Payee Schemes

Fictitious payee fraud is a form of occupational fraud in which an employee with accounts payable authority creates a fictitious vendor and issues checks to that vendor, which the employee then negotiates personally. The check is, from the issuing organization's perspective, a payment to a vendor on record. The vendor does not exist. The check is cashed by the fraudulent employee.

This scheme requires access to both the vendor master file and the check issuance process — a combination that a segregation-of-duties control is specifically designed to prevent. The ACFE's research consistently shows that fictitious vendor schemes are among the most costly and longest-lived forms of AP fraud, with median losses in the hundreds of thousands of dollars and median duration of nearly two years before detection.

Check Kiting

Check kiting exploits float — the time between check issuance and clearing — to create the illusion of funds that do not exist. A kiter moves funds between multiple accounts at multiple banks, drawing checks against uncollected balances and depositing them at other institutions before the drawing institution discovers the insufficiency. Modern kiting is constrained by the acceleration of check clearing under Check 21 and same-day availability policies, but it has not been eliminated — particularly in cases involving banks with different clearing speeds or accounts in different geographic regions.

The Cost Dimension: What Check Fraud Actually Costs

The $26 billion annual loss figure cited by the American Bankers Association is a system-wide estimate that includes consumer and business accounts across all check fraud types. It understates the organizational cost of check fraud in one important respect: it captures direct financial losses but not the operational costs of fraud response, which are substantial.

When a check fraud incident is identified, the organizational response typically involves:

• bank notification and stop-payment filings,

• account review and potential account closure and re-establishment,

• coordination with law enforcement,

• reconciliation of the extent of the fraud across multiple check numbers and clearing cycles,

• management of vendor relationships disrupted by payment failures, and

• in cases of occupational fraud, HR and legal processes associated with the implicated employee.

These costs are real and significant. Industry estimates suggest that the operational response to a check fraud incident costs organizations between two and five times the direct financial loss in staff time, professional fees and remediation expense. For mid-market organizations without dedicated fraud response resources, that ratio can be higher.

The loss allocation framework under the UCC adds a legal complexity that is unique to check fraud. When a check is fraudulently altered or counterfeited, the question of who bears the loss — the issuing organization or the bank — is governed by UCC Article 3 and Article 4 provisions that specifically address the duty of organizations to maintain reasonable check issuance controls and to review bank statements promptly. An organization that fails to maintain reasonable controls, or that fails to identify and report check fraud within defined timeframes, may find that its bank's liability is limited or eliminated under the applicable UCC provisions.

This legal framework makes the absence of check controls a direct financial liability, not merely an operational vulnerability.

The Occupational Fraud Dimension

Check fraud committed by insiders deserves separate attention because its risk profile differs materially from external check fraud. External fraud requires the attacker to obtain physical access to a check or to account information. Insider fraud begins with access that already exists.

Employees in AP functions typically have access to:

• the vendor master file,

• the check printing system or blank check stock, and in some cases,

• signatory authority or access to signature stamps.

An employee with combinations of these access rights has the tools to execute fictitious vendor schemes, unauthorized check issuance, and check stock theft without requiring any external compromise.

The ACFE's 2024 Report to the Nations found that billing and check tampering schemes — both of which typically involve check payments — were among the most costly categories of occupational fraud, with median losses of $150,000 and $114,000 respectively. Critically, the median duration before detection was 18 months for billing schemes — meaning that the average scheme ran for a year and a half before anyone noticed.

The controls that are most effective against insider check fraud — segregation of duties between vendor master access and check release, independent reconciliation, surprise audits of check stock and review of voided and spoiled checks — are also among the most frequently absent in organizations that have not made AP control a deliberate priority.

Why Check Fraud Persists Despite Declining Usage

A reasonable question is why check fraud losses are increasing even as check usage declines. The answer has two components.

First, the checks that remain in circulation are disproportionately high value. As routine, low-value transactions have migrated to ACH and card payments, the checks that persist are more often large vendor payments, real estate transactions and inter-company disbursements. Higher average check values mean that a single fraudulent check has a larger expected loss than it would have a decade ago.

The criminal infrastructure targeting checks has scaled and professionalized faster than organizational controls have responded.

Second, the criminal infrastructure targeting checks has scaled and professionalized faster than organizational controls have responded. Mail theft operations, check washing operations and counterfeit check networks are now organized enterprises with defined roles, geographic distribution and, in some documented cases, online marketplaces for stolen and altered checks. The sophistication of the threat has outpaced the awareness — and the control investment — of many of the organizations being targeted.

Conclusion: An Old Instrument with an Evolving Threat

The check is not a dying payment method in the sense that matters most to the CFO or controller assessing risk exposure: it remains, wherever it is used, one of the most fraud-vulnerable instruments in the disbursement mix. The threat is not theoretical — it is documented, quantified, organized and growing.

An organization's decision to continue using checks is not inherently wrong. Many legitimate operational and vendor relationship reasons sustain their use. But that decision should be made with a clear understanding of the fraud exposure it carries, and with a control framework — covering physical check security, mail handling, account monitoring, and reconciliation — commensurate with that exposure.

The organizations most at risk from check fraud are not those that use checks — they are those that use checks without recognizing that doing so requires a deliberate, maintained, and current control posture.