Checks written by both businesses and consumers are targets for fraud — 73% of businesses that responded to a Fed survey said they used checks in the last 12 months, and in another Fed survey, 35% of consumers said they used checks in the last 30 days (they averaged 1.2 checks per month). FIs may be less exposed to check-related losses than for card payments (consumer electronic funds transfer protections don’t apply), but they face expenses related to fraud investigation and voluntarily paying claims. The important thing is ensuring that fraud losses are in line with the bank’s tolerance limits.

Some solutions to check fraud overlap: A natural way to reduce check fraud is to reduce the volume of checks written, for example, by not offering paper checks with certain accounts; the corollary is to offer attractive alternatives like electronic P2P payments. Customer migration to real-time payments, which are by design incompatible with paper checks, may also help resolve the issue.

Additionally, banks can implement more sophisticated systems that increase the reliability of straight-through check processing and expedite fraud analysts’ ability to make decisions that a machine can’t within an FI’s risk tolerance. Given federal rules on check processing and funds availability, faster detection and response to check fraud is crucial. This may include continuous investment in modern resources, rather than relying on outdated check-fraud systems.

Importantly, none of these options should exist in isolation; they must come together under a cohesive fraud management strategy. That strategy should extend beyond any one kind of fraud, especially as activity will inevitably shift as institutions more effectively combat check fraud and payment volumes rise on other rails. Bank accounts are vulnerable to ACH pull-payment fraud (due to stolen account information), unauthorized push payment fraud (due to stolen credentials), and authorized push payment fraud (due to social engineering).

As such, it is important to think holistically about how to keep fraud under control on different fronts, so that institutions don’t end up playing whack-a-mole. That requires staying vigilant, keeping up with threats, and regularly revisiting the weakness and protections inherent in their payment offerings and supporting technology.