How to Navigate Treasury Check Fraud

This article is an adapted transcript of this webinar.

Abhi Puranam: We are here to talk about a problem that's present across the country. We're here to talk about check fraud in 2025, specifically Treasury check fraud, and how can we mitigate it as a part of the financial ecosystem?

My name is Abhi Puranam. I'm on the product team here at SentiLink. Been in a number of industries, and it's been awesome to work in fraud these last 6 months. I'm really excited to introduce my 2 fraud experts that are joining me. David, do you want to go ahead and introduce yourself first? 

David Maimon: Sure! Good to be with you, Abhi, today and and with you, Jen. I'm David Maimon. I'm the Head of Fraud Insights in SentiLink, and I've been studying fraud during the last 12 years or so.

Abhi Puranam: Amazing. And, Jen, do you want to introduce yourself?

Jen Martin: Sure, hey! I'm Jen Martin, and I am the Head of Fraud and Disputes at Citizens Bank, but have about 8 years in leading fraud programs at various institutions.

Treasury check fraud: the problem in a nutshell

David Maimon:  We just wanted to provide some context for the issue we're experiencing right now in the U.S., right, with respect to the stolen forged Department of Treasury checks and sort of try to figure out why we're seeing what we're seeing at this point, which is a dramatic increase in the volume of forged and stolen Department of Treasury checks. So you know, I've been very vocal about the fact that checks have been stolen from our mail, starting in 2021, a lot of personal checks that we've seen out there starting that time period. A lot of business checks, some department of Treasury checks at the time. 

But then the industry, and by industry I mean the banks, the government, along with the fintech industry, has gotten better and better in sort of taming the issue of personal and business checks. I mean, now we have ways to sort of deal with this issue. You know, banks take more time to clear checks. And so at some point, Telegram is also trying to be more effective in shutting down markets where a lot of the stolen checks are being offered for sale, and so at some point, criminals realize that maybe they want to shift gears and work on checks which at the end of the day will give them more, right? I mean they'll be able to use more and get more benefits than the personal and business checks which they're still intercepting, and they're still working with, but to a lesser degree to what we've seen in 2022, 2023, and 2024 to a degree.

And so in 2024, I would say, we started to see, at least from where I sit, a shift from just using personal checks and business checks when you know they try to intercept them and sort of deposit them in drop accounts that they create using and forging Department of Treasury checks. And so they obtain the checks. Usually in the same way they get the personal and business checks by,  you know, taking over USPS collection boxes, residential boxes. They simply steal the checks from the mailboxes. Mid-2023, I would say, we're seeing more and more evidence for insiders within USPS harvesting those checks. And the picture to our left is a testimony for that. 

We have a lot of videos showing insiders showing and demonstrating their access to the mail. And that's unfortunate. But you know, to make a long story short, folks are stealing those checks from collection boxes, from residential collection boxes from within the USPS. And then offering those checks up for sale on Telegram and other online platforms. 

In the past folks were washing the checks in order to work with the checks. You need to sort of change the content of the check, and we'll talk a little bit about what you can do with the stolen Department of Treasury checks, but you know, in the past folks tried to or focused more on washing the checks, using chemicals. But at some point in 2024, I would say mid-2023, early 2024. We started seeing folks moving into cooking those checks. 

How fraudsters "cook" checks

Cooking is essentially manufacturing forged checks. And we've seen that going on in the context of personal checks. Of course, where folks essentially scanned the personal check into their computers, worked with the signatures and manufactured those fake checks in the context of Department of Treasury checks. The templates are out there.

So folks are using Photoshop in order to cook those checks. And if we go to the next slide you will see that at this point, in addition to the software, they also have all the relevant hardware which allows them to print those checks. They have the right paper. They have the UV marks, they have the watermarks and so at the end of the day, they just create those replicas of the checks. And when they do that they use the website that the Department of Treasury has put for us, for the financial industry, to verify the legitimacy of a check. So oftentimes what we will see is when a vendor tries to sort of assert trustworthiness, and sort of convey that the checks they are producing are spot on, they will upload an image like we see to our left, where they will see the check, Photoshopped, along with the Department of Treasury website, where the information on the check and Department of Treasury website will match, and that is essentially what we see in the two images to our right.

Granted - and this is something I assume - we all know at this point, while some of the information on the Department of Treasury checks will match with the information, the Department of Treasury website will have one of the key elements on the check, and that is the name, missing from the website. And so the criminals are taking advantage of this, of course, and they cook the check in such a way that they will have the symbol, the number of the check on the forged checks. But the name will be different, sort of speaking. So at the end of the day, once they're done, if we go to the next slide, you'll be able to get it if you purchase the check from them, or, if you want to steal the check and cook it yourself. You will have a very good quality replica like we're seeing in the video here. Obviously here we don't have the first and last name as well as the address, but you know the quality of the check will be very good, and this is the type of check that financial institutions will see on their doors once folks are trying to sort of deposit the checks and cash them. 

Why Treasury checks are valuable – and vulnerable

David Maimon: Now we'll try to sort of understand and answer why Department of Treasury checks are so valuable at this point. So, as I indicated earlier, starting mid-2023 with the banks’ attention, the financial industry’s attention to the issue of check fraud, folks shifted gears, sort of speaking, to work with Department of Treasury checks. Because, and this is my opinion on this, because while personal and business checks now take more time to clear the available balance, on Department of Treasury checks it needs to be available. I mean, it's not the available balance. It's at least the first $5,525 on the check needs to be available to the client 24 hours after the check has been deposited, and that is a really interesting regulation that plays to the fraudster's advantage, right? Because sometimes the bank will have questions about the check. They will try to get some information from the relevant

parties in the IRS or other parties, and you know, if they get no answer, they will have to clear the check, and they will take the loss of at least the first $5,525.

Jen has shared with us that this limit will increase to close to $7,000 starting in July of 2025. So you know, to me that that is why these checks are so vulnerable. 

Jen Martin: Yeah, I mean, it is - it is exactly what you say, right? Like there's just an increased sense of legitimacy on these. There's a carve out. And regulation that says make these funds available faster because they're government issued, and they're more kind of - more secure and and so you know, that does bring more risk to these items.

David Maimon: Yeah, so yeah, I mean, so those checks are vulnerable. It's fairly easy to cook those checks. And so once you have a cooked check at hand, what fraudsters will do is they will try to cash them or deposit them in their bank accounts, and, if you go to the next slide, we will see some of the images that we often see in many of the online fraud platforms or the online fraud markets which are hosted by a lot of social media platforms out there which essentially facilitate opportunities for the fraudsters to advertise what they do.

Treasury checks in the online fraud marketplace

So oftentimes, what we will see is, we will see fraudsters presenting the forged or stolen checks along with debit cards, indicating that those checks essentially will be deposited in the bank account. We will see screenshots of folks’ smartphones after depositing those checks showing evidence that the checks could be deposited easily. We're seeing a lot of criminals sharing ATM deposit slips with images of the checks on them, like we see in the image to our right.

And if we go to the next slide, we will see them bragging about their ability to actually deposit the checks and get confirmation for the deposit. And you know, oftentimes 24 hours after other checks have been deposited flashing and spreading cash which they claim come from that specific deposit. So oftentimes the M.O. that we're seeing, the mode of operandi that we're seeing with those stolen checks involve criminals stealing folks’ identities, or using their own identities in order to deposit those checks. So you know, in many cases, and we're in the process of really trying to quantify how much of it is actually happening, folks will take the identities of the checks - simply steal them. They will try to gather information about the identity on the check and try to create a drop account, stealing the legitimate check owner's identity from the check, so they will take the identity. They will go to the online fraud ecosystem, try to get some interesting information and important information which will complement the PII that they have in their hands, so they will need a social security number. They will need a date of birth. They will go to the bank. They will try to open a drop account using that name, and then they will groom the account for a period of time. Then they will deposit the check and try to run away with the money. 

Other times, we've seen a lot of this happening, sharing some information with our partners, and the information we share with them is essentially ATM deposit slips with indications that Department of Treasury checks have been deposited in their account. What we've seen is first party fraudsters, so individuals who essentially took the check removed the name on the check and then deposited the check in their own bank accounts after they added their own name on the account, and you know, the stories and the cases we worked on are really interesting. 

We've seen 18-year-old folks depositing $2,500 in their own bank account, using Department of Treasury checks as the vehicle for that. We've seen like first timers doing that. We've seen professional fraudsters doing that with higher balances. We have a lot of evidence suggesting that unfortunately, adolescents and youth are getting more and more involved in that, because they think they can run away with $5,000, not really understanding the repercussions for the future for their own identity, if they engage in this type of activity. But we see a lot of that in the context of business checks that we see. And this is a really interesting development. We're seeing folks lifting business identities and stealing business identities, opening bank accounts for those businesses and then running away with millions of dollars.

We have a really interesting case we worked on a couple of months ago. These two checks that you guys are seeing on the screen right now are checks our team was able to find in 2023. These two checks belong to the same company. And you know, once we've seen the balance on the checks, you've seen we're talking about hundreds of thousands of dollars. We reached out to the owner of the company and we alerted him to this issue. The owner of the company thanked us and asked us to find three more checks he was missing. I was able to find another check, couldn't find the other two, sent it over to him, and then, the morning after I sent the third check, I got a phone call from him, explaining to me what happened. So essentially what the criminals did was they took the company name, they added an “s” at the end of the company name, and then they opened a bank account for the business, stealing the owner's identity. And after they've done that, they deposited the give checks, amounting to the amount of two million dollars, and ran away.

It was a really interesting story, and so we wanted to sort of validate and see whether we can find some of the breadcrumbs, both in open source information as well as in our own database. So one of the things I've done was I ran the company name in Open Corporates and the State Department. I was able to find the original company incorporation date, and you see it on the screen right now: October 5th, 2022.  And then I was able to find the newly created company name as well, and you see that the company was created on January 9th, 2023. Unfortunately, I can't share the names and show how similar the names are. But you're gonna have to trust me that the names are very similar, and that there's only an “s” and sort of the company name, which is composed out of three words, is just condensed into one word.

In addition to that, going to SentiLink, our databases, we were able to find. If you go back to the slide we just showed. Yeah, I mean, you see, the incorporation date of this company is January 9th, 2023, when we started looking for the identity of the owner of the company in our database. We saw that someone - if you go to the next slide you will see it - someone had used the identity to try and create an account with a telecommunication company in February of 2023, which is again really mind boggling, I mean, you actually see the breadcrumbs and the address folks were using is a historical address that this person had on on his historical address. Summary: so we are seeing more and more of this happening.

How fraudsters get specialized equipment for check fraud

Abhi Puranam: David, Nadine was asking, how do fraudsters get the special ink and the paper, and the ability to make the holographs? Like, aren't these things proprietary? Protected by the Treasury Department?

David Maimon: You would think so, right?  I mean, I've seen folks getting some of the same hardware on Amazon, so…

Abhi Puranam: Surprising.

David Maimon: Yeah, I mean, and so, to tell the truth, I mean, after talking to a lot of DMV Commissioners during the last 3 years or so, one of the DMV Commissioners I'm very close with you know, we talk a lot about the issue of driver licenses and fake driver licenses, and how you know good the quality of fake driver licenses we are seeing today, when you sort of compare them to the original driver licenses. So this particular DMV Commissioner told me that when he went out to sort of purchase the machines that produce the driver licenses, he was promised that this specific vendor will sell the machine to that specific DMV only, right? I mean, nobody else will sort of be able to purchase it.

But then a year later, this specific DMV Commissioner told me he was able to find other people getting those machines as well. So you know, vendors are trying to make money. Unfortunately, unfortunately, unfortunately, right. But at the end of the day I mean, folks are trying to make money, and they will sell their commodities all over. So some of the hardware you can actually get on on Amazon.

Abhi Puranam: That's surprising. And then several people chimed in seeing the similar business M.O., Jen, I know you've seen similar things as well on the business side.

Jen Martin: Yes, yeah, absolutely. And you know, again, I always go back to: even our fraud friends have an ROI, right? And so like that bit of an investment too once you've got that item, that's 3,500 or whatever you know, it's worth their investment in their time to go through all these extra steps, right? And so like, I think that's a like next level of sophistication and investment into these schemes just to make sure that they can make it go through. 

So I think it's been like an evolution which I think is interesting in this space. Like a couple of years ago, Treasury check fraud looked like one thing. And now it's a lot of stolen identity. The corporation identity stealing and that really the struggle with that, like in the case that David raised as a financial institution, we may not know that until we get the reclamation. So funds are long gone. You know that fraudsters moved on, probably closed their accounts right? And then we'll hear from the victim sometime later through the IRS to say, “Hey, we want to reclaim those funds.” And then you just start to get these large dollar reclamations coming through your processes. And that's when you realize that that was not the true party on those items. 

So you know, I think, another benefit that the fraudsters see in the product is that a lot of the time the victim won't know that they didn't get their items in the mail, or that they're lost, or just a way that I would get back in touch with Treasury and say, “Hey, I think my item's been stolen. Can you stop payment and reissue?” Right, like those processes are a little bit harder. And so you know, even once the your victim realizes that they're not going to get that item like it takes a while to get the bank notified, and then the IRS, like the Treasury, just comes in and takes the funds back. So you know it's it, you know it favors the bad actor in a lot of different ways.

Abhi Puranam: Definitely.

Trends in check fraud

David Maimon: I think the interesting thing, just going back to the trends and just making sure that we're on the same page with respect to what we're seeing, Jen and I talk a lot about trends and and some of the things that I'm seeing and whether I mean she gives me hints with respect to whether she's seeing the same thing, sort of speaking. So you know, one of the interesting things that I can sort of break here that we're seeing: we're seeing a dramatic decrease in the volume of stolen checks, well stolen and forged personal and business checks out there.

But unfortunately, we have it documented right? I mean, so essentially, we've been collecting data systematically from 84 telegram markets starting in 2019 pretty much. And so we're- I can say that last month we were at a point where we were in August of 2021, where we sort of first saw this dramatic increase. But we're not talking about tens of thousands of checks, we're talking about maybe 2,000 checks in the month of April we're able to find on those platforms. But what had changed is the proportion of Department of Treasury checks we're seeing there. So in the past, we're seeing more personal and business checks out there. Now we're seeing more and more Department of Treasury checks out there. 

This is a diagram. And this is this figure essentially present. Official data coming from Fincen and disclosing the number of stolen forged Department of Treasury checks which were reported to Fincen between January and November of 2024. The 2025 data is still not available, so we're going to have to do with this one. You guys see that the volume of reports relevant to the Department of Treasury checks is still very high, and it's kind of going in line with what we are seeing. 

So if we go to the next slide, Abhi, you'll be able to see the trend that we observed on Telegram in our 84 Telegram markets that we are observing systematically. So the interesting thing that we are seeing is that between May and December of 2023 and 2024, there's consistently a decrease in the volume of Department of Treasury checks we've seen.

But if you look at the volume of checks we're able to find in 2024, and compare it to the volume of checks we're able to find in 2023, you'll see that the numbers are dramatically different. We do see a significant increase in the volume of Department of Treasury checks that we're documenting on a monthly basis, unfortunately. And so this speaks volume to the fact that this issue is still around, and we definitely need to address it.

How will the recent executive order about Treasury checks impact this issue?

Abhi Puranam: So, in March the Administration issued an executive order to start phasing out these paper checks, citing, among other things, the sort of fraud and waste that comes that we're discussing here, and they're targeting a date of September 30th. Now whether we'll be able to meet that date or delays may occur remains to be seen. But change is needed. Jen, you had an interesting thought about how fraudsters will sort of adapt after you know this sort of phase out occurs.

Jen Martin: Yeah. So also interesting, last week, on our end, the Treasury issued an RFI kind of around some thought leadership of like, hey how do we? I mean, one of the reasons checks are still produced is you have a large, unbanked, or underbanked population, people that just cannot accept electronic payments. And so what are other means that we can get payments out if you are not able to have it direct-deposited into an account. And you know, in that list was like prepaid debit cards again. And so we all think back to the pandemic, and when States had to release lots of unemployment funds out to consumers. Right? What we saw was this big surge in drop accounts and stolen identities to get those funds electronically distributed, and a lot of those came out on prepaid cards and some of these other means. 

And so you know, the fraud will not go away. It will pivot, and I expect it, like we'll see that heightened increase in identity theft and you know, opening drop accounts to take in ACH payments. You know, any kind of prepaid card that's issued will have risk and so like it will, it will change. Like this vector will improve. But you know, like, as we know in fraud, it's like always squeezing the balloon. And so we're gonna we're, gonna you know, squeeze one part of the balloon. It's just, it's gonna come to another place, because, like there's real money to be had in these accounts, in these checks. And so you know, they're always going to be an incentive to pursue these funds. 

So I think, as the Treasury thinks about what replaces checks, like identity verification is going to become critical to make sure that funds are going to the right party, and then you know how that will be tracked through the ecosystem. And then I think it's really a lot of your existing electronic payments. Control is where folks will want them to focus.

Do fraudsters "double-dip" with stolen checks?

Abhi Puranam: Absolutely, thanks Jen! One question coming up that I'd like to address for both David and Jen: is there any risk of somebody double dipping where they might report, like deposit a check reported as stolen, or you know that like was stolen under identity theft, and then getting like a reissue back from the IRS. Do we see any of that M.O. out there, David? From what you're seeing, or Jen at Citizens. Do you suspect any of that?

David Maimon: I'll defer to Jen on this one.

Jen Martin: Yes, yeah, I mean, not as much volume. But there's definitely first party fraud. And I think if, as it pivots more to electronic payments, it'll probably actually make that even a little bit easier.

How to verify Treasury checks

Abhi Puranam: Definitely, awesome. So you know, I saw a couple of people mentioning the new TCVS functionality. I want to just talk a little bit about a SentiLink TCVS, which we built based on the V2 of the Treasury check API, which was released last winter in 2024, which expands the verification of Treasury checks from the original set of information. They had the amount, the serial number, the symbol number to include the payee name. And really it's a huge benefit for everybody, because it just narrows how a fraudster can extract funds, right? A first party fraudster can't just wash a check into their name anymore. If you're using this or you can't wash it into an identity that you control that might be stolen and has to match the original check. 

And we're offering this through the dashboard through the API. What we heard from a lot of banks and financial institutions is that they're strapped for technical resources to be able to integrate this and turn it into a desktop app. I'm glad to hear that some banks have been able to create this internally, as well as the Treasury Department itself, being overwhelmed with the amount of requests for an API. So we've built a dashboard and our own version of the API. We're releasing it free for all financial institutions. You just have to contact us, and we'll get you set up. And you know we already have more than 50 financial institutions verifying treasury checks through us. We verified more than 1,000 checks, and have more than a thousand weekly users in the dashboard version.

Now I'm gonna quickly just demo the dashboard version for you guys. So you guys can see it, but you know, breaking down the anatomy of a check. So you'll see this sort of required information is the simple number, the serial number, the amount. You'll need the sort of payee name or beneficiary name as well as the bank routing number.

Cool. I'll switch over and just quickly show you know the SentiLink portal. Yeah, so here we are. So this is how it looks like in the dashboard. I have some sample data here to show you. So we put in the sample information, and then I'll use my own name. And it's really that straightforward, you know. You can have a teller or anybody else do this and put it in, and it'll come back. If the name entered doesn't match the name in Treasury's records it'll return back as a mismatch. 

Now you layer in more fraudulent activity, and say, this is somebody you know, trying to both change the name and the amounts that'll verify as well. And so then you'll see the mismatch of the check amount being 1,100, as well as James McCoy instead of Jacob McCoy trying to deposit this check.

You can get access to this you know, by just requesting a demo on sentilink.com, and we'll get back to you to get access. We don't have a public version that anybody can access like the TCVS. That's just some security constraints on our side. But this is totally free for financial institutions. We will get you set up with an account if you request it.

Now, just going back to the presentation.

Jen Martin: While you're doing that I'll say we were excited to be early trial candidates for the tool, and you know the payee name is a big leap forward. I think we were all using TCVS, but without really validating the name on the item, that was a gap and it's twofold. I've seen a lot in the chain about reasonable cause or reasonable doubt, like you need to have a reasonable standard. If you're gonna place a hold on that item, you know it just, it's more to have the payee match or not match. If you can now go back and demonstrate. Hey? This failed on all 3 components or 2 of the 3 right? That really helps make your case. Why, there's a reasonableness to place an extended hold on those funds. And that item, and then but on the other side, too, what we were able to do is clear a lot of items, too. 

So before, where we were making our best-guessed effort, and so that feels suspicious. New account, that amount doesn't seem right like, and we were having to kind of create that narrative in our mind of trying to make the right decision. You know, in many cases all those components would validate and it wasn't fraud. And so it helped us also clear a false positive. And so you know, we use - I know we're gonna get into my section here in a minute - but like we we have several different use cases from for the tool, and you know, the team was on site when we first started to use it, and it was really cool just to take some of our work like kind of right off the desk and and see you know how it performs.

Fighting check fraud throughout the account lifecycle

Abhi Puranam: Yeah, amazing. Yeah, so we are going to get into it, Jen, so let's talk about it. And I think you wanted to start with account opening, and how you're really trying to fight this throughout the lifecycle. Right?

Jen Martin: Right, yeah. And I think this again, like I said, it's going to become increasingly important even after like checks have been out of the ecosystem and now you're working with electronic payments. You want to make sure that you're not enabling those drop accounts to be created to have the right controls at origination. DDA, origination around synthetic ID, stolen identity, all of those different attributes like the stolen business. Right? As you're opening this small business account, is that incorporated yesterday out of an apartment or that address is associated with a field and not an actual business address right? So you know, in many cases having an account is step one of being able to deposit the item or or take it in electronically. 

So I think the heart of mitigation starts at account origination. I always say that to my team when we see these things like my team knows, like my first question is, gonna be, how is that originated? What do we know about the origination? How did it score? How did - why did we open that account? What verification did we do? What could we do on a day to see when, then, how did that account perform? Was it like 0 balance, and then $1 a couple of days? Did they cure it for 90 days, and then put in this large item? So I'd say, you know the items. One thing that's the fraud that happened. But in any of these cases I would always go kind of up channel from that and see what were all the steps that the fraudster took to get that item deposited, and then get the availability and move the funds out. So there's usually a lot of opportunities. You know, ahead of the actual fraud event to see that you're heading in that direction. 

And so we've been really focused there. And if it becomes all electronic payments, and you're gonna want to be even more discerning as it'll be easier to kind of steal identities and reroute payments. So I would say, that's first like to scan for: is that a good account that you should be opening? And then once the, then once you're being presented with the item, it's that you're looking for those red flags. Right? And we are implementing the real time API currently as well. But ahead of that we wanted to get tools out quickly. So our branch teammates are using it, and I think we may hold the record of the most users of the tool. But that's good cause we want to empower folks to just do that extra due diligence to check the various components of the item. No matter where we're taking those, and whether that's over the counter or through an ATM, or in a variety of different places. And our detection staff uses it as well. 

But it's always just part of an investigation that you're still looking at other red flags like: is the average daily balance really low? And now, all of a sudden, these large items coming in, does it align with your account type, or the demographic or characteristics of other payments of that consumer or business? Is there really anything anomalous? And then really looking at the item as well, as David mentioned right, it keeps pivoting. And so what used to be like back like when this first started, those alterations really pretty obvious, you could see where it was just like buffed out, and then maybe some of the line was missing, and a new name was on top. I mean, like, gone are the days where it's good, like where a human eye can really detect the difference, like comments earlier, like, there it's going to have the hologram. It's going to be on the special paper. By the human eye, it's going to look identical. Let alone, if it's a mobile deposit or ATM, like it's going to look identical to an actual Treasury item. 

So putting that item in in concert with other signals, and even doing that in your deposit strategy, so you know, including as many signals as you can in your tools that are scoring your deposits is beneficial as well. And then we just have broad use of the dashboard. You know, we enable our team to use that to validate these items for a variety of different use cases and especially like over the counter. In real time, it has been really beneficial.

Audience Q&A

The cost of verifying Treasury checks

Abhi Puranam: Well, you know I would love to open it up for more Q&A. I know there are some questions we haven't been able to get to in the chat. So I'm going to go through and harvest those. But if you want to use the Q&A tool at the bottom to submit those that'll be great! 

A couple of questions about what's the cost of sending TCVS. SentiLink TCVS is totally free for all financial institutions. We're doing this as a token of goodwill for all our partners and all the financial institutions out there, we know you guys are strapped for resources. We know the Treasury Department's trying their best to get you guys access. We wanted to just help out. That's our philosophy here. And so it's totally free to use both on the API side and our dashboard. 

So just to look, will your Treasury check verifier also be able to catch the electronic fraud when the checks go electronic? We don't know what that looks like in the future, but we're going to stay on top of it and continue to help fight fraud. We love - we geek out on fraud, and we'll stay on top of the latest M.O.s and figure out how we can stop it.

Jen Martin: I also think, as the Treasury has the RFI out, I think that's got to be part of their solutioning and thought leadership as they make the pivot, is what controls, what new controls will need to be in place now as the fraud will pivot, and could actually be worse or more pervasive depending on some of the controls that then will exist. once those paper items are out. So hopefully comparable solutions will come with the new methodologies as well.

Abhi Puranam: Yeah, we're hoping so as well. And you know, I think a lot of our systems could use modernization. And hopefully, we're headed towards that era. With this change I'm hoping! 

Somebody asked, hey, what's the benefit of using SentiLink TCVS versus the Treasury, provided API key from an API perspective. Relatively little. We've like made the schema, you know pretty much the same. Made it slightly easier to use and then from a dashboard perspective, we built it for you, right? And so that's what we were hearing is, “hey, we want to give our frontline people access. But you know we can't put together the development resources to do so.” So that's the real benefit there.

Jen Martin: Yeah, I would add to that, just the real benefit from a business perspective is that it's a real time API call that you can put in your decisioning at the time of your deposit strategy. Right? So that's why you want to have those details in line with your deposit. Strategy rules, too, like that's the treatment. Because then it's kind of hands off. You're not manually looking these up on a dashboard, but it's actually in your existing deposit strategies. Sorry I didn't mean to cut you off, so excited to talk!

Abhi Puranam: Yeah, of course. Yeah, yeah. Just you know, in terms of the API, we're now providing versus directly with the Treasury - it's like equivalent functionality really. 

One question here is, how do you determine if a check fraud is first or third party, how can you sort of tell the difference there?

Jen Martin: You know a lot of times you want to be looking at your account origination, I think if you know, if you go back and you look at that account origination and that, like all indications, is that was the true party that then like altered that item or or like then created a counterfeit in their name. That would be more first party, if it's signs of identity theft, right. So I have stolen an identity. And then what? Maybe more third party, or had some kind of account takeover scenario. But it - you really won't. You won't always know. Intent is hard, right like first party requires some assessment of what was that? Consumer’s intent? And it's a hard call, but it's usually like, how good you feel about who you are working with when you open that account? If it was the actual person, or if it was a stolen identity.

David Maimon: Yeah, in the context of first party. And unfortunately, and as we talked about earlier, we see a lot of kids becoming mules of these types of scams. So you know, we see a lot of runners out there offering these guys easy bucks sort of speaking. All they have to do is just deposit the check in their account and then provide the runner with the percentages of that. And the kids don't know better. So they do that. I mean, they don't really understand the potential repercussions of what they're doing. I mean they think that at the end of the day the worst that can happen is that their bank account will get blocked, not understanding the potential ramification in the future. So I think this is something that we should definitely talk more about and make sure folks are aware of the fact that this is indeed first party fraud.

What information does the Treasury department provide to verify checks?

Abhi Puranam: Definitely have a couple of questions here about the information the Treasury Department is providing. One is why can it the tools not show the payee name once the check has been processed and another is why do they only verify outstanding checks and not processed checks? And this is just a limitation on the Treasury Department side. We've told our and asked our contact at the Treasury Department the same thing, I think. You know again, as we continue to modernize and work in partnership with the Treasury Department, hopefully, they'll listen, and and you know, give us more tools and more information for longer, because some of the the timing of that can be a little tight. I don't know, Jen if Citizens has a perspective there.

Jen Martin: No same I think it's a constant maturity of the tools.

Abhi Puranam: Is the info shared with the Treasury Department when we flag a mismatch? No, that info is just for you, but sort of relating to another question. Jen, how do you, are you - do you have a contact at the IRS or the Treasury Department that you escalate when you identify a mismatch? You know some people have been dropping names, or how would you note change if that was something you do.

Jen Martin: Not on a mismatch. Obviously, we've got contacts there when we need to investigate an item, or we've taken an item, or we're in review, but not necessarily on every mismatch, because we're finding them.

How Citizens approaches check fraud

Abhi Puranam: One question I'm seeing, Jen: just how are you approaching this? You know you talked about staying up to date on things like your fraud strategy and how do you do that? Right, like, what's your cadence here for how often do you review? What are you looking for? Any sort of triggers to say we need new tools? Do we need to adapt? How does that work for you and Citizens.

Jen Martin: We've put some significant investment in our monitoring program. I'm a big fan that fraud is going to happen. There's always a little bit of a reactionary process to fraud. You have to wait for some of these trends to pivot. How quickly can you identify that new anomalous patterns are starting to evolve that are seeping through your tools? And they will, right? Like that's the way that the game plays. Right? You put in new controls and they circumvent the controls, and you constantly are evolving. 

And so, I'd say, just have really good monitoring. Know as close to those events we we really enforce with our teams if you see something, say something, and that's from our fraud customer service center all the way through our detection analysts. We had a recent pivot, that we saw in fraud trends, and that was really from our detection analyst, saying, hey, I think I'm seeing a new flavor of something. You know. Go look at it. And it was a new kind of you know, a fraud typology, or you know theme that was starting to emerge, that we were able to put in so many strategies on. 

So I'd say you want a really fast oversight of emerging trends. So as often as you can, look. Whether that's daily, weekly. I think gone are the days it used to be back in the day. You kind of would wait for charge off. And so a lot of people didn't realize that they had a fraud event until the losses come in, which could be 60 to 90 days after the actual fraud event. And so you want to be pulled up as close to that, hey? As soon as that account goes overdraft, or that item returns. You want to understand. Why did that happen? Why did we miss, you know? Was it a missing strategy? Was it a miss in an analyst? What do we want to do to pivot, to capture more of those in the future? And the thing about the Treasury is, it's got a season. All of us go like, oh, it's Treasury season, because it's like tax season when I can see there's more of those items, and so some of these also have a seasonality as well.

Abhi Puranam: Makes sense.

David Maimon: I think it's a great question. I think there's a lot going on right now in the fraud ecosystem, in the fraud prevention ecosystem, where folks put a lot of really useful information out there for folks to consume and sort of understand what the criminals are talking about, and how they're taking advantage of vulnerabilities. So you know, I strongly recommend folks to find those resources and simply get them, right, because we put a lot out there. With respect to new M.O.s, we find I know there are other parties that are doing that as well. Those are, in my mind, extremely important for folks to do prevention like talent prevention. So Jen mentioned there's seasonality of things, seasonality for fraud. The Department of Treasury checks are part of it. But now it's the season for student loans, so we see a lot of that. And so folks should be aware of that and do their best to prevent it.

Abhi Puranam: Great! We'll wrap up here. I posted the link again to get in touch with SentiLink. If you have questions about our Treasury check verification service or anything, go ahead, fill out that form. Our team will be in touch. We're more than happy to help you get any of your questions answered. Get you set up, if the fit makes sense. But thank you all for your attention, your time, and thank you, Jen and David, as well.

David Maimon: Thank you.

Jen Martin: Thanks, everyone.

Abhi Puranam: Thanks.