What is Echeck Fraud?

Echeck fraud is a misdirection play on bank‑to‑bank debit rails. It abuses e‑check deposit and return processes, pushing unauthorized or manipulated electronic checks then cashing out before return notices arrive. Fraudsters use stolen routing/account numbers, counterfeit check images in RDC flows, synthetic identities to open “clean” accounts, and micro‑deposit verifications to dress up ownership. Watch for rapid first‑day funding, small exploratory debits, followed by larger pulls or refunds to different instruments. When Nacha return codes arrive—NSF, unauthorized, account closed—the money’s already somewhere else.

Tell‑tales: frequent debits from the same routing number across many “customers,” device fingerprints recycled through new payees, deposits and withdrawals clustered around cutoff times, and addresses or phones that never survive a second look. Friendly disputes are a growing vector too—buyers authorizing once, disputing later while goods or value stay put. Operations gets snowed; ratios tick up.

Control the float, control the risk: verify account ownership on first use; run velocity limits by routing/account corridor and device; hold funds until signals cool; and apply duplicate detection on RDC images. Score first‑time payees harder, and set cooling periods for large first transfers. Step up sensitive moves—new payees, payout edits—with rigorous identity verification (document authenticity, selfie match, liveness). Map program rules to a risk‑based AML compliance framework so alerts, investigations, and SAR decisions aren’t guesswork.

Log context you can defend: timestamps, device IDs, IP/ASN, bank response codes, and user acknowledgments. Echecks aren’t slow anymore. Treat funding like a credit product—limits, telemetry, staged trust—and the easy wins for fraudsters dry up fast.