In this data rich climate, many criminals are on the lookout for any person that has left their information exposed. Data is power and money, and all of your personally identifiable information or PII is data that is valuable for thieves. Your PII can include a variety of personal information from your date of birth to your social security number, but all a criminal really needs to get started is the information that can be found on the common personal check, your name, home address, telephone number, accounting number, and routing numbers. Check information exposure can lead to stolen money, identity theft, generation of counterfeit checks, and creation of false bank loans.
So why even use checks if they leave you open to exposing such valuable information? There is more than one advantage to using a check, and there are ways that you can protect yourself that will go a long way in avoiding check fraud. One benefit of using checks for payment is it does not typically come with additional fees, where companies may charge you a processing fee for credit card payments. Another thing to consider is that many small businesses and independent contractors may not accept credit cards, and only accept checks or cash. In situations like this a check is preferable over cash payments because it gives proof of the transaction where cash does not.
In general, some of the biggest risks in using checks as payment are mail theft, hacking, scams, and improper check disposal. If the wrong person gets a hold of your personal information from a check, they may be able to use it to create counterfeit checks or make purchases online by using an electronic check payment method. They also may be able to use the account routing numbers to transfer money through person-to-person (P2P) payment apps that allow bank accounts to be connected with only an account and routing number. This is something major to consider when mailing checks to pay bills.
Mail theft is prominent enough that the U.S. Postal Service has issued tips on how to protect yourself from this risk. Some of the main ones that will protect you especially from check fraud are:
- Pickup your mail immediately, and try not to leave it in your mailbox for an extended period of time. Imagine getting your fresh new pack of checks with all your sensitive information, and someone scoops it up because you left it sitting in your mailbox overnight. Another scenario could be as simple as a returned check. It is imperative to be aware of when you may have incoming sensitive mail.
- Deposit mail close to when the pickup time is to avoid criminal collection of mail from USPS collection boxes. It’s a good practice to deposit mail close to pickup times even if you are using a collection box within a post office.
- Follow-up on valuable mail that you are expecting to be delivered if it becomes overdue.
- When sending checks in the mail, it is a great idea to add Request Signature Confirmation to your order. This will allow you to know the check absolutely reached who it was meant to reach.
- Consider using hold for pickup, and ask the recipient to pick up the sensitive mail directly from their local post office.
- If you are away, make sure to arrange a hold for pickup for yourself to ensure no mail is sitting in your mailbox while you are away.
Some other suggestions to mitigate the risks of sending checks via mail are to avoid sending checks by clipping envelopes to your mailbox or placing inside the mailbox for postal service pickup. Instead, mail checks from your local post office. Use a security envelope that will have features in place to block being able to see what is inside, or simply place the check in between two other pieces of paper to block view. Always include the actual name of the person or business that you wish to be able to cash your check. Writing “cash” or leaving the “pay to the order of” space blank will allow anyone to cash the check. Store your checkbooks in a physically secure location, and once you mail checks, track your shipment. In addition to the postal service’s suggestions, also be sure to monitor your bank accounts frequently. Daily is best to be able to quickly spot anything out of place. Many banks with mobile banking will allow automatic alerts to be set up and sent to you in case of out of the ordinary logins or transactions. In some cases, you can even set up very specific alerts for example, alert me for any withdrawals over $100.
The other part of sending a check in the mail, is the recipient on the other end. It is important to know what they are ultimately doing with the check and to follow-up on proper disposal. If the check recipient is making a deposit at the bank, the bank should have procedures in place to properly destroy and dispose of the check although checks may also be kept for a time for reference. This would also include checks that are deposited through ATMs. However, in many cases checks are also able to be deposited through mobile deposits which only require a photo of the front and back of a check. In this case, it is up to the recipient to destroy the check, and many may not know the danger to the sender if the check is not properly destroyed. A data thief will willingly sift through residential garbage looking for documents or checks that reveal sensitive information.
This is where one of the major drawbacks to using checks comes into play. The reporting process for stolen money with the bank info from checks can be more complicated than say with credit cards. It is common for banks to require stolen money to be reported within two days to avoid being responsible for up to $500 of the missing funds. Furthermore, fraudulent transactions failed to be reported within 60 days could make you responsible for the total amount. It is important when signing up with a bank to take note of its policy on checking account fraud, and ensure you are agreeable with its terms. If you have been compromised, take the extra time to find out exactly how it happened. It could have been in a way that you never would have thought of, but knowing will allow you to protect yourself better in the future.
Businesses receiving checks also have a responsibility to secure your checks as the recipients. There are a few measures businesses can take to help provide secure data privacy. First, know how your business is receiving checks, whether it's by mail, in-person, or online echecks. Take note of how this customer’s payment information is stored, manually, cloud computing service, central computer databases, etc., and for how long. Also be aware of who in your company has access. If checks do not need to be stored, then don’t, and always make sure to shred checks if deposited electronically. Stored checks should be physically secure in a locked space. Check information stored electronically should be encrypted, password-protected, and follow federal guidelines. Proper firewalls should be installed for devices that can access databases of sensitive information, and this includes digital copiers that store data about the documents it processes.
A great solution to the risks of mail theft and improper check disposal is to simply pay online via an electronic check or echeck. This could include using a peer-to-peer (P2P) payment app as well. However, making payments online leaves you susceptible to hacking, and there are some precautions you should take to add security to your transactions and online payment activity. For one, make sure sites are HTTPS and not just HTTP, and that you personally trust the site before entering payment information. HTTPS sites indicate that encryption is being used to secure the communication connection between browser and server. This can be found at the beginning of the web address. Research unknown vendors before purchasing to see if anyone has reported fraud after transactions with that particular vendor. Clear your cache out regularly, including cookies and web history. Cookies are used to collect data from you by advertisers.
In general, do not make payments through unsecured wifi. While in most cases this means public wifi or hotspots, make sure your home network is secured with a lengthy password that includes some combination of capitalization, numbers, and special characters. Your home computer should have antivirus software installed. The main operating systems do have it built in such as Windows Defender for Microsoft Windows. However, the quality does not compare to the best third-party solutions, so it is best to purchase a well-reviewed antivirus software package. Certain browser plugins can also offer a level of defense by helping with strengthening encryptions, creating tracking transparency, or even blocking tracking.
Besides hacking your data, some will outright attempt to scam you for your check information. Be aware of anyone requesting you to send a photo of your check via email. While they may claim this is to collect bank or routing information, and may even say you can write void for peace of mind, sending photos of checks via email is still not a secure way to send sensitive information. It is best practice to give these numbers in-person or over the phone.
If it's a case where you absolutely must send it over email, be sure to encrypt your emails and require a password to access sensitive content.
On the other side of this, a scammer may attempt to scam you by sending you a counterfeit check. Their game is to send you a false check and get you to wire real money before your bank realizes it's a bad check. Be aware that after depositing a fake check, actual funds may show available in your account. This is because banks typically aim to make deposited funds available as quickly as possible. It could take a fake check days or even weeks before it is discovered to be counterfeit. Sweepstakes scams are often used to get someone to send in a check with their personal information. The scam may claim that you have won some prize and that all you must do to receive it is send a check to cover the amount of taxes, processing fees, or shipping and handling. This is a perfect way for the scammer to get your personal bank information and your money. A legitimate Sweepstakes will never ask for you to pay a fee for your prize.
Keep in mind as you use checks that when it comes to sensitive data, it is better to be as secure as possible. In a world where data has become infinitely valuable, data privacy has become a number one priority. It is worth it to take extra time to make sure you are being proactive in security as well as being informed on how to handle possible fraud.