Shostack + Friends Blog Archive


Check images increase forgery and ID theft risks?

The October 26 on-line edition of American Banker (gotta pay to see it, so no link from me) discusses new technologies as possible enablers of check forging, in an article by Daniel Wolfe, “The Tech Scene: Check Images A New Frontier For Forgery?”
The overall point is that since banks store check images and provide them to customers (thanks in part to Check 21), bad guys can also get their hands on them, increasing the chances of forgery.

Avivah Litan, a vice president and research director at the Stamford,
Conn., market research company Gartner Inc., said that an online archive
of check images can be a treasure trove for criminals – potentially more
valuable than a checkbook or a few cancelled checks. Criminals can see a
months-long spending history that could help them use forgeries to emulate
a person’s spending habits or estimate what check number a victim would be
using at a specific time, she said.
Banks have underestimated the potential of digital images as a forgery
tool, Ms. Litan said. Banks are more focused on preventing criminals from
using online payment services, such as wire transfers and bill payments,
to steal money from a customer’s account.
“They just haven’t realized that online criminals would resort to check
forgery,” she said. “Crooks come in to look at your imaged checks to see
what your signature’s like. They study the checks, and then they copy the

Maybe I’m not sufficiently old-school, but I’m more concerned about identity theft being facilitated here. After all, these images often contain exactly the kind of identity-related info crooks want, such as driver’s license numbers, since these are often added to the checks by merchants at the time of purchase. Something tells me that these images aren’t all encrypted as stored, so from a Bank’s point of view there’s the reputational hit from having to send out breach notices.