It has been almost 25 years since Harold Kushner published his best selling book When Bad Things Happen to Good People. Even in our businesses and in our own daily lives, this adage remains true. Just ask someone who works or used to work at Delta Air Lines!

While most of the companies and individuals in the transaction processing industry are honest, hard working folks, unfortunately, bad things still happen to good people. All it takes is for one or two bad apples to cast a negative shadow on all of us. As cases in point, just look at the stories concerning ChoicePoint and CardSystems Solutions that we have chronicled here in TPAtlanta in recent issues.

Perhaps you know someone who has been the victim of identity theft or fraud. I know all too personally the pain and aggravation that can result from having a wallet stolen. Today, that kind of petty crime is taking on a new twist - it is one that does not require the perpetrator to be anywhere near the target.

To learn more about a new type of fraud, click here. It is a form of electronic larceny that is so simple in its execution that it boggles the mind of its potential consequences.

This new form of fraud that I am referring to involves the use of "demand drafts" or "remotely created checks", a type of check often used to allow purchases from telemarketers. It requires no handwritten signature endorsement to deposit. Instead, a statement on the check says that the customer authorized the check, or the check may have the customer's printed or typed name on it.

A crook easily can create these checks using the account number and information that is typically printed on any written check. All it takes is a computer, a printer, and the right software. Once someone deposits the demand draft, the checking account is debited. It may go unnoticed until you get your monthly statement, by which time it could be too late. A bank generally is required to return an unauthorized check by midnight of the banking day after the check is presented for payment.

With credit cards, a person has the right to dispute a fraudulent charge and likely can get it credited back to their account. But with a debit from a bank account, that person does not have those same rights. At least, not yet - not until legislation catches up with the technology of these criminals, who are usually several steps ahead of the industry and its regulators.

Demand drafts are covered by the Uniform Commercial Code and a patchwork quilt of state regulations. A person is not supposed to be liable for unauthorized checks against their account. The problem is proving fraud -- especially with no signature -- if the bank does not respond to a person's request or if it does not believe their allegations. FDIC insurance coverage is limited to bank failures and does not cover fraud to personal accounts.

The only thing to do is tell the bank, "I did not authorize this transaction. It was forged. I never got a phone call. Or, "I did get a call from a telemarketer, but I said no. I never gave my account information out." As foreboding as this may sound, I cannot emphasize enough that people should examine their monthly bank account statements with an eagle eye these days. In fact, I encourage everyone to use online banking and monitor the activity on their accounts on a daily basis.

Fraudulent demand drafts often are issued in small enough increments to attract little attention, say $200 to $500. Take a current case where there were 1,500 demand-draft debits made from various bank accounts nationwide for a total of $415,000. A Vermont check-processing company alerted authorities upon noticing that half of the drafts printed for two Canadian telemarketers were being returned due to insufficient funds or closed accounts. That almost never happens.

A community bank president here in Georgia said that his bank charged off $18,000 due to fraudulent demand drafts. "Someone who had an account at another bank got the account information out of one of my customers."

It is unclear right now just how widespread this type of fraud is because there is no single place to report it -- despite loads of federal and state bank regulators and law enforcement agencies. But it has attracted the attention of the Federal Reserve Board.

The Fed, which could act as early as this month, proposes to make the bank that accepts a fraudulent draft for deposit liable for the loss.

Demand-draft fraud prompted the FDIC earlier this year to issue a special alert about the online service, www.qchex.com. Qchex, a subsidiary of Neovi Data Corporation out of San Diego, lets users anywhere print checks or send demand drafts by e-mail to recipients who print them. Victims included Internet merchants, who sometimes got an overpayment with a request to wire-transfer back excess money.

"Qchex's management team met with the FDIC, as well as representatives from financial-institution trade associations, to discuss concerns," says FDIC spokesman Frank Gresock. "At these meetings, Qchex management explained plans to improve their means of authenticating users. Qchex told us it has added a new validation system, similar to that being used by PayPal."

Although there are other Internet companies, like Qchex, the FDIC says it has received no complaints about them. Others say it is only a matter of time.

The National Association of Attorneys General wants the Fed to eliminate demand drafts altogether. "I feel that demand-draft fraud is happening all the time," says Elliot Burg, Vermont assistant attorney general. Demand drafts may be useful in some instances, such as avoiding a late mortgage or credit-card payment or sending money to a child at college. They are fast and can be cheaper than other types of transactions, including electronic checks, says Steve Powell, president of Checks Only, based in Yucaipa, California, (www.checksonly.com), which offers demand drafts.

Powell says he terminated some users' access to his service after a few fraud complaints, and has implemented stronger safety features. He checks account numbers and routing numbers against an updated database.

As you go about doing your part for the transaction processing industry each day, please keep in mind that there are bad guys out there looking to take advantage of loopholes or soft spots in your company's business.

What is your company doing to shore up its defenses? And what kinds of fraudulent activities or attempted attacks are you aware of, either personally or corporately?

We at TPAtlanta invite you to write us and to tell us about your knowledge of these kinds of nefarious activities so that we can track and share the progress being made in the transaction processing industry to prevent future fraudulent activities and to make us all feel a little more secure.

Thank you!
Calvin D. Johnson, Publisher
publisher@tpatlanta.com
Trans Atlantic Systems, Inc.