Blog

Shotgunning Bad Checks: How Banks Can Protect Themselves

Post by:
Mary Ann Miller
February 24, 2022
Post by:
No items found.
February 24, 2022
Shotgunning Bad Checks: How Banks Can Protect Themselves

Fans of the hit 2002 film Catch Me If You Can will remember the extraordinary lengths that Frank Abagnale, played masterfully by Leonardo DiCaprio, went to forge checks while on the run from the FBI. Much to the delight of audiences, the film elevates the act of forging checks and defrauding banks to a high art form involving charm, craftsmanship, and an extensive – almost superhuman – knowledge of the US financial system.


In the real world, however, defrauding banks via ‘bad’ or ‘hot’ checks is less of an art form and more of a numbers game. Here’s how “shotgunning” checks works in the real world:

The History

It all began in 1987 when Congress passed the Expedited Funds Availability Act, spurring the Federal Reserve to draft Regulation CC. The goal of Regulation CC is to ensure that banks process checks promptly so people can access their money in a reasonable amount of time. Regulation CC is the reason why most consumers today can cash a check in an ATM or on their phone and withdraw either all of the money or at least $200 (depending on various circumstances) almost instantly.


While Regulation CC helps legitimate consumers by requiring financial institutions to disclose to account holders when deposited funds will be available to withdraw, it also creates a dangerous loophole for fraudsters.

How the Scheme Works

In order to stay anonymous and lay the groundwork for shotgunning checks, many criminals will create hundreds of phony bank accounts. They can do this using the stolen identity information from a real person or creating a whole new fictional identity by combining the stolen identity information from multiple people. Either way, this step is easy due to the vast amount of personal data available for sale on the dark web. 


After the fraudster creates checking accounts under assumed identities, they purchase checks via the dark web or pilfer them via mail theft


The rest is simple—the fraudster addresses their newly purchased or stolen checks to the many fake identities they created, drives to the ATM of their choice, and deposits the checks. For each check they deposit, the criminal then withdraws about $200 (the amount of money that banks typically make immediately available under Regulation CC) right away. In the matter of a few minutes, a criminal can overwhelm a bank by depositing dozens and dozens of checks to fake accounts in short succession and come out thousands of dollars richer. It’s not until days later, when the checks bounce, that the bank learns they were defrauded. By then, the cash is gone, and it’s too late.

The Solution

Today, some banks are adopting a ‘sledgehammer’ approach to tackling this fraud vector by targeting all new account holders; while customers who have accounts that have been on the books longer can cash their checks quickly, new customers are forced to wait longer. Unfortunately, extending hold times to process new customers' checks for up to a week is not exactly a great first impression. Fortunately, there are more sophisticated ways to prevent remote deposit fraud than this one-size-fits-all approach.


In order to stop criminals from stealing thousands of dollars in just a few minutes while providing legitimate customers with the speedy processing of checks that they have grown accustomed to, banks must make identity theft much more difficult.


Only a few decades ago, verifying someone's identity was as simple as asking for their social security number. Today, however, it’s safe to assume that your social security number has already been exposed and is currently being bought and sold on the dark web. Because of this new reality, banks should adopt a more secure and accurate way to verify identity: the mobile phone. 


After asking a customer to enter their phone number during the onboarding process, banks can leverage phone-centric identity to prevent identity spoofing in three simple steps.

  1. Possession answers the question: Is this customer in possession of the phone? Knowing that someone is in possession of a phone at the precise moment of a potential transaction helps identify someone regardless of the transaction channel and helps ensure the customer is indeed on the other end of an interaction.
  2. Reputation answers the question: Are there risky changes or suspicious behaviors associated with the phone number? Typically, people have had the same phone number for a long time and upgrade phones only every few years. Compare that to a burner phone or a phone that underwent a SIM swap or a phone number that was just registered. These activities lower the reputation of the phone itself, which allows companies to flag the phone regardless of the customer activity.
  3. Ownership answers the question: Is the customer associated with the phone number? It is crucial to associate a phone number with a person when confirming that the customer is in possession of the phone. Otherwise, the wrong person may be verified. This means knowing when a customer truly gets a new phone number or knowing that phone number is still associated with a person even if they switch carriers.

By verifying a user’s identity using the PRO method, banks can stop multiple types of fraud, including Brute Force Remote Deposit Fraud, at its source while ensuring a speedy and convenient process for legitimate customers. 

To learn how your company can leverage phone-centric identity to boost revenue and prevent fraud, contact us through the form below.

Create secure frictionless customer experiences using modern identity solutions

Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.

Keep Reading...Read our latest white-paper on this subject!

Tap the button below to read our latest white-paper on the subject as industry leaders.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.

Create frictionless customer experiences

Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.

Schedule a demo

Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.

Schedule a demo

Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.

Interested in more information about Prove Pre-Fill?

Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.

Interested in more information about MFA?

Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.