Compliance Blog

Mar 01, 2023
Categories: BSA

The Check is in the Mail – Unless It’s Been Stolen

Last Spring, my wife and I finally made the switch from renting to actually owning our first home. We moved ourselves, our two young children, and our cat into our new home and promptly discovered that we had a sewer line problem. Welcome to homeownership! Our house had been built in the 1960s, and the sewer line that runs under our front lawn was an old cast iron pipe that had worn down and broken over the decades and needed to be replaced. We hired a plumbing company to replace the pipe – it was an expensive job (to put it mildly). Here’s a picture of the work:

An excavator digs a trench across my front yard.

For some reason, the plumbing crew left without taking our check. When I called the next day to ask how we should get the check to them, they suggested that I mail it. Luckily, I work in credit union compliance and had become aware of the fact that credit unions were seeing a major rise in incidents of checks being stolen out of the mail. Placing a check for such a large amount in the U.S. mail seemed like playing Russian Roulette, so eventually we reached a compromise where an employee of the plumbing company came back to our home to collect it in person.

Unfortunately, other U.S. consumers have not been so lucky, and have mailed checks that were subsequently stolen. NAFCU has heard from many credit unions about stolen checks, and at least one case where the entire postal mailbox (i.e. the big “blue collection box” installed on a sidewalk) had been stolen. NAFCU had also heard that stolen checks were often deposited at certain large banks, possibly because those banks were less proactive in detecting fraud. This week FinCEN finally addressed this issue by publishing an alert on the topic, in “close collaboration” with the United States Postal Inspection Service (USPIS).

The alert notes that there has been “a nationwide surge in check fraud schemes targeting the U.S. Mail,” and that fraud – including check fraud – is the largest source of illicit proceeds in the U.S. FinCEN also makes it clear that this problem has indeed escalated in recent years, stating that the first year of the COVID-19 pandemic saw a 161 percent increase in mail theft complaints received by USPIS, and the number of SARs relating to check fraud more than doubled from 2021 to 2022.

The alert paints an interesting picture of modern mail-theft related check fraud. First, the alert states that basically any type of check is a suitable target for fraudsters – personal checks, business checks, government benefit checks, and more. Secondly, the alert describes some of the methods in which the checks are stolen, such as use of makeshift fishing devices with an adhesive substance to “fish” checks out of blue collection boxes. The alert notes that criminals are increasingly using USPS “arrow keys,” either by stealing them from postal carriers or creating counterfeit versions of the arrow keys. Those keys are master keys to open blue collection boxes or other types of mailboxes. Third, once the checks have been stolen, the alert discusses how fraudsters will engage in “check washing,” which typically involves using chemicals to “remove the original ink on a check to replace the payee and often the dollar amount.” Fourth, the criminals will deposit the washed checks through ATMs, remote deposit (usually using an account created with fraudulent information specifically for the purpose of deposited washed checks) or may even use a “money mule” who will deposit the checks into their own legitimate account at the criminal’s direction. Finally, the criminal will quickly withdraw or transfer the funds. The alert also notes that the criminals sometimes will continue to victimize consumers by using the stolen check to create fraudulent checks using the consumer’s information, or will use information gained from the consumer’s mail to commit other types of fraud, such as opening fraudulent credit cards or other accounts.

So, what can credit unions do to combat this scourge of mail-theft related check fraud? Here are a few things:

File SARs. The alert encourages credit unions to file SARs when mail-theft related check fraud is suspected, and instructs credit unions to use the key term “FIN-2023-MAILTHEFT” in SAR field 2 and the SAR narrative.

Refer victims of mail-theft related check fraud to USPIS. The alert states that credit unions should refer their members who may be victims to USPIS at 1-877-876-2455 or https://www.

Watch for red flags. The alert provides a list of red flags which, while not determinative, could point towards possible mail-theft related check fraud. The red flags are:  

  • Non-characteristic large withdrawals on a customer’s account via check to a new payee.
  • Customer complains of a check or checks stolen from the mail and then deposited into an unknown account.
  • Customer complains that a check they mailed was never received by the intended recipient.
  • Checks used to withdraw funds from a customer’s account appear to be of a noticeably different check stock than check stock used by the issuing bank and check stock used for known, legitimate transactions.
  • Existing customer with no history of check deposits has new sudden check deposits and withdrawal or transfer of funds.
  • Non-characteristic, sudden, abnormal deposit of checks, often electronically, followed by rapid withdrawal or transfer of funds.
  • Examination of suspect checks reveals faded handwriting underneath darker handwriting, giving the appearance that the original handwriting has been overwritten.
  • Suspect accounts may have indicators of other suspicious activity, such as pandemic-related fraud.
  • New customer opens an account that is seemingly used only for the deposit of checks followed by frequent withdrawals and transfer of funds.
  • A non-customer that is attempting to cash a large check or multiple large checks in-person and, when questioned by the financial institution, provides an explanation that is suspicious or potentially indicative of money mule activity.

Credit unions may also want to educate their members on the risk of mailing checks and possible indications that checks drawn on their account may be stolen or counterfeit.

Finally, this article in NAFCU’s Compliance Monitor (members only) may be useful for credit unions that want more information on which parties bear the risk of loss when check fraud occurs. For example, the article discusses how when a credit union is presented with an altered check for payment, the credit union can return the check by the “midnight deadline” to avoid incurring a loss.


BSA School: Discover new ways to identify and stop money laundering and earn your NAFCU Certified Bank Secrecy Officer (NCBSO) credential. Save $200.00 for a limited time with the code BSASAVINGS. August 15 – 17, 2023 | Louisville, KY 

About the Author

Nick St. John, NCCO, NCBSO, Director of Regulatory Compliance, NAFCU

Nick St. John, Regulatory Compliance Counsel, NAFCUNick St. John, was named Director of Regulatory Compliance in August 2022. In this role, Nick helps credit unions with a variety of compliance issues.

Read full bio