When a young Russian computer expert appeared in a London court on Aug. 17 accused of electronically robbing Citibank, bankers were seriously spooked. By allegedly penetrating Citibank's corporate cash-management system from St. Petersburg, siphoning off $400,000, and trying to steal over $10 million more, Vladimir Levin and his cronies raised the specter of online fraud being perpetrated against banks by outside hackers anywhere in the world.
Online fraud could eventually become an enormous problem, far outdistancing other forms of fraud. Indeed, as banks rush to offer new electronic banking services, crooks "are moving ahead faster than the security can keep up," warns Barbara E. Hurst, editor of Bankers' Hotline, a newsletter on security and compliance. But for now, the old-fashioned kind of fraud, especially involving checks, is a far more serious problem, costing banks billions every year. "While on occasion you will have a [breach] in an electronic system, I think you'll find the incidence of a break will be far less than the incidence of check fraud," says Dan McGurl, president of Bottomline Technologies, a Portsmouth (N.H.) maker of software designed to detect check fraud.
Check fraud dwarfs other forms of bank fraud (table). With Americans writing some 60 billion checks a year and technology such as desktop publishing making fraud ever easier to commit, it is growing at an alarming pace. "The No.1 loss for banks today is checks," says Robert H. Rasor, deputy assistant director of the U.S. Secret Service. "That whole system is kind of up for compromise." The American Bankers Assn. says incidents of check fraud rose 136% between 1991 and 1993.
The amounts of money involved in check frauds are rising as well. Rasor tells the story of a case dubbed Operation Paper Dragon, in which a single Vietnamese gang would descend on a town, print fake payroll checks purporting to be from the biggest local employer, cash them at various places in town, and then leave in a matter of days. That gang took in close to $25 million and managed to operate for about seven months before being detected.
Technological advances are behind much of the rise in check fraud. Desktop publishing has made the manufacture of fraudulent checks extremely simple. Frank W. Abagnale, a document security expert and consultant who is himself a onetime forger, says that for less than $10,000, a would-be check counterfeiter can obtain the equipment necessary to produce fake checks in as little as 12 minutes.
SCAN SCAM. The procedure is simple, Abagnale says. First, to make the checks look legitimate, criminals scan in a company's logo as a background pattern for the paper. They can often obtain a company executive's signature from the annual report and scan that in as well. Then, to obtain bank account information to put on the checks, they call the company's accounts-receivable department, say they want to wire it money, and request the necessary bank account number. "Today, there isn't a company in America that you can't call and say, `I'm wiring you money and what are your wiring instructions?"' Abagnale says. Once the checks are printed, it's a simple matter to cash dozens of them quickly.
Banks are taking some steps to protect themselves and their customers. For example, many big banks now offer corporate customers a system known as positive pay, which allows a customer to transmit to its bank records of checks issued each day. That way, a bank can reconcile the customer's list with the checks presented for payment and spot any discrepancies. Don S. Tokunaga, director of security at First Interstate Bancorp, says a pilot program for banks operating in Arizona and New Mexico to fingerprint noncustomers trying to cash checks has dramatically reduced check fraud there.
For its part, Citibank says it is upgrading its internal security in the wake of Levin's alleged intrusion. A spokeswoman says the bank has added a security system that uses passwords that change every time they are used. But no matter how fast the banks and their regulators move to combat fraud, criminals are keeping pace. Regulators and banks are in an endless game of cat and mouse with criminals, even on old-fashioned fraud, and experts say that online fraud, while rare now, is sure to rise. "There is no bulletproof system," says Edward J. Hogan, senior vice-president of MasterCard. And thanks to increasingly sophisticated technologies, the bullets are getting more powerful every day.