Treasury Check Fraud: Everything You Need to Know in 2025

U.S. Treasury checks cover Social Security, tax refunds, pensions, and other federal payments. For decades, they represented trust and guaranteed funds.

Yet, treasury check fraud is rising fast. Criminals exploit mail theft, washed payee lines, counterfeit alterations, and even AI tools to turn stolen checks into cash.

In FY 2024, the Treasury's Office of Payment Integrity used machine learning and other improved processes to prevent or recover over $4 billion in fraud and improper payments, up sharply from about $650 million the previous year.

The solution is not slower payments but smarter protection. This guide explains the 2025 threats, rules, and best practices every institution needs to know.

Key takeaways:

• Treasury check fraud is growing more complex: Fraudsters are no longer limited to simple check washing. They alter payee lines, counterfeit entire documents, and exploit stolen federal disbursements such as Social Security and tax refunds.
• Mail theft is the main fraud channel: Criminals intercept checks directly from USPS boxes, sorting facilities, or residential mailboxes. Once stolen, these items are either washed to change details or reproduced using templates, creating a steady flow of fraudulent deposits.
• AI is raising the stakes: Deepfake IDs, automated counterfeit generators, and digital overlays now make fraudulent checks appear authentic to both staff and automated systems.
• Banks face stricter accountability: Updated rules under 31 CFR Part 240 and Reg CC require banks to verify Treasury checks before releasing funds. Institutions that fail to use tools like TCVS and comply with hold timelines risk bearing direct losses from fraudulent or canceled checks.
• VALID Systems delivers the edge: VALID equips banks with tools that enable real-time anomaly detection, payee validation, and even loss coverage, turning treasury check fraud from an uncontrollable threat into a manageable risk.

What are treasury checks?

"Treasury checks" are paper checks drawn on the U.S. Treasury and issued by federal agencies. Common examples include Social Security and Medicare benefit checks, tax refund checks, federal salary or pension checks, stimulus payments, and other disbursements (debt relief, rental assistance, etc.).

The Bureau of the Fiscal Service manages these disbursements. Treasury checks are printed with unique security features (watermarks, microprinting, etc.) and cleared through Federal Reserve channels. The federal government spends a considerable amount, with ~1.4 billion payments totaling over $6.9 trillion, distributed to more than 100 million people annually.

Because they carry Treasury backing, these checks enjoyed prompt availability rules under Regulation CC (usually next-day availability for qualified deposits).

However, that very speed has become a vulnerability. Fraudsters exploit mailing and banking rules to their advantage, pressuring banks to release funds before the fraud is detected.

2025 fraud trends: Checks under siege

Check fraud remains one of the most pressing financial crime threats in the United States. Despite the steady decline in paper check usage, criminals continue to exploit them due to their accessibility, high dollar value, and the relative ease of alteration or counterfeiting.

Rising volumes of check fraud

In 2024, financial institutions filed 682,276 Suspicious Activity Reports (SARs) for check fraud, up from about 665,505 in 2023. Industry experts note that check-related activity continues to account for a disproportionate share of overall fraud.

According to the 2024 AFP/Fed Payments Fraud and Control Survey, 63% of organizations experienced attempted or actual check fraud. These numbers make checks the single most targeted payment method for businesses, outpacing ACH, wire transfers, and card transactions.

Mail theft as the primary threat vector

Mail theft remains the leading driver of treasury check fraud.

Criminals target USPS blue collection boxes, sorting facilities, and even residential mailboxes to intercept government disbursements, such as Social Security and tax refunds. Once in hand, checks are "washed" to change payee information, counterfeited using templates, or fraudulently endorsed and deposited.

A detailed FinCEN analysis of February through August 2023 (the most recent comprehensive study, released in 2024), revealed 15,417 reports of mail-theft-related check fraud filed by 841 financial institutions, representing over $688 million in suspicious transactions.

The same analysis showed how criminals used stolen checks:

• They altered 44% of them, typically by changing the payee or amount.
• They counterfeited 26% of the documents using stolen information.
• They fraudulently signed and deposited 20%.

The rise of AI-enabled fraud

Alongside traditional tactics, criminals are increasingly adopting digital tools. Regulators and industry surveys in late 2024 flagged AI-driven check fraud, including the use of:

• Deepfake IDs and signatures to bypass verification.
• Automated "check cooking" tools that generate convincing counterfeit checks in bulk.
• Criminals also use digital overlays that mimic authentic security features when scanned or deposited through mobile apps.

The OCC's 2024 Risk Report specifically warned that AI-enabled manipulation of documents is a growing threat, recommending that banks strengthen authentication and monitoring with machine learning and real-time scoring.

Treasury check fraud rules and regulations

Rising treasury check fraud has led to stricter rules for banks. 

Updates to 31 CFR Part 240, Regulation CC, and the Treasury Check Verification System (TCVS) shift liability to financial institutions and require stronger verification before releasing funds.

31 CFR Part 240 (effective Dec 1, 2023):

• Banks must wait for Treasury return or cancellation data before crediting funds.
• Paying a canceled Treasury check makes the bank liable unless it can show the cancellation notice did not arrive in time.
• Return data now flows within Reg CC deadlines, which makes TCVS integration essential.

Regulation CC (effective July 1, 2025)

• Inflation adjustments increase deposit thresholds for next-day availability.
• Banks must still release funds on schedule, unless the Treasury returns data showing cancellation.

Treasury Check Verification System (TCVS)

• Validates routing, serial, date, and amount of Treasury checks.
• A 2024 API enhancement now adds payee-name validation, closing a significant gap in fraud prevention.
• Best practice is to run every Treasury check through TCVS before releasing funds.

FinCEN Alerts (2023 and 2024)

• Banks should monitor mail-theft fraud patterns and file SARs as part of treasury check fraud prevention.
• Regulators are also reviewing further Reg CC reforms for counterfeit liability.

Bottom line: 

Banks must verify Treasury checks through return files and TCVS, follow Reg CC timelines, and act on FinCEN guidance. Failure to do so can leave institutions directly liable for losses resulting from treasury check fraud.

10 practical strategies to prevent treasury check fraud

Preventing treasury check fraud requires a layered defense model that integrates advanced technology, human oversight, and industry-wide intelligence.

Here are 10 detailed strategies any bank can implement today:

1. Deploy real-time decisioning at the deposit

Fraudsters often exploit the gap between deposit and review. Legacy batch systems may only evaluate items hours later, leaving banks vulnerable. Real-time decisioning shuts that window.

Action steps:

• Integrate a fraud engine that scores checks at the point of deposit across all channels.
• Configure automatic Reg CC exception holds when risk scores exceed thresholds.
• Set up escalation rules for medium-risk items to ensure manual review before release.
• Run pilot testing alongside batch processes to validate scoring accuracy before full rollout.

Result: The system intercepts suspicious Treasury checks instantly, reduces losses, and lets legitimate items flow quickly.

Pro tip - VALID's InteliFUNDS:

InteliFUNDS provides banks with a safety net for Treasury check deposits. Even when real-time decisioning clears items for accelerated availability, some high-risk checks will still prove fraudulent.

InteliFUNDS covers those charge-offs, removing the loss from the bank's balance sheet. At the same time, it allows up to 99% of safe Treasury checks to clear instantly, improving customer access to funds while keeping fraud risk contained.

2. Implement behavioral analytics to spot anomalies

Fraud rings thrive by making activity appear routine. Behavioral analytics cuts through that disguise by comparing each deposit to customer and industry baselines.

Action steps:

• Track depositor behavior, including frequency, timing, deposit size, and device usage.
• Monitor serial ranges to detect velocity bursts linked to counterfeit check runs.
• Incorporate device fingerprinting and geolocation tracking.

Example: An account that usually deposits a $300 paycheck suddenly presents three Treasury checks totaling $15,000 via mobile over two days. Analytics flags the shift and escalates for review.

3. Apply multi-factor scoring on every item

Fraudsters forge checks in ways that evade single-rule detection, but multi-factor scoring analyzes dozens of signals to reveal manipulation.

Key tactics:

• Verify MICR line structure, routing numbers, and serial sequencing.
• Run forensic image checks to spot washed payee lines or overwritten endorsements.
• Compare deposits across channels to catch duplicates.
• Assign cumulative risk scores that drive automatic approve/hold/deny decisions.

Pro tip - VALID CheckDetect:

VALID's CheckDetect combines hundreds of data points, achieving 95%+ detection accuracy while keeping false positives manageable. By ingesting hundreds of signals and leveraging consortium intelligence, CheckDetect identifies over 75% of potential check deposit charge-offs at the time of deposit.

4. Close the payee verification gap with TCVS

One of the most common fraud tactics is altering the payee name. Historically, banks had no means to validate the identity of payees on Treasury checks. The Treasury Check Verification Service (TCVS) API now fills this gap.

Implementation steps:

• Connect TCVS directly to deposit channels and validate every Treasury check at entry.
• Configure mismatched payee records to trigger automatic exception holds.
• Use TCVS in conjunction with positive-pay and reverse-positive-pay for redundancy.

Example: A $2,800 Treasury check altered from "Maria Lopez" to "Mark Lewis" is flagged by TCVS, preventing the fraud in real-time.

5. Unify cross-channel intelligence

Fraudsters exploit silos by depositing the same item in multiple ways. Without cross-channel visibility, banks risk paying out on duplicates.

What banks should do:

• Route all deposits through a centralized fraud hub.
• Apply duplicate detection across teller, ATM, mobile, and lockbox.
• Provide investigators with a 360-degree view of all customer activity.

Example: A customer cashes a $4,200 Treasury check at a branch drive-thru in the morning and then attempts to redeposit the same item through mobile banking later that day. Without cross-channel visibility, both transactions could post. A unified fraud hub compares activity across channels in real-time, flags duplicates, and stops the second deposit before funds are released.

6. Train staff and enforce audit discipline

Technology can only do so much if staff fail to enforce holds properly. Regulators also scrutinize documentation closely during exams.

Best practices:

• Train tellers to recognize Treasury check security features such as microprinting, watermarks, and color-shifting ink.
• Standardize Reg CC exception hold procedures to secure staff document reasons and timestamps.
• Run quarterly training refreshers and random audits.
• Use audit trails to demonstrate compliance during FDIC or OCC examinations.

7. Share consortium data for collective defense

Fraud rings often hit multiple banks simultaneously. Data sharing ensures one institution's discovery benefits the whole industry.

Steps to strengthen defenses:

• Join fraud-sharing networks such as ABA or Edge.
• Ingest fraud alerts directly into your risk models for automated scoring and analysis.
• File detailed SARs with FinCEN and review IC3 alerts regularly to adjust controls.

Example: Bank A detects a series of counterfeit Treasury checks with sequential serial numbers. That data is shared through the consortium, preventing Bank B and C from accepting identical items.

Pro tip: VALID Edge Data Consortium

With visibility into more than 450 million accounts and 4 trillion dollars in annual transactions, VALID's Edge Data Consortium provides banks with predictive insights to identify Treasury check fraud earlier.

By pooling data across institutions, the consortium highlights anomalies such as recycled serial ranges or unusual payee alterations before they appear in your own deposits, giving your fraud team a clear advantage.

8. Reinforce traditional controls with modern layers

Traditional defenses, such as positive-pay, still work, but they must be paired with new tools to catch today's sophisticated schemes.

How to improve controls:

• Use positive-pay to validate issuer-side details (numbers, amounts, payees).
• Add TCVS for Treasury-specific payee verification.
• Build redundancy into workflows so checks must pass multiple gates.

Result: A layered defense reduces reliance on any one tool and ensures fraud slips through less often.

9. Build cross-functional incident response playbooks

Even with strong defenses, some attempts succeed. A coordinated response plan reduces losses and regulatory risk.

Playbook essentials:

• Define clear escalation steps for freezing accounts and recalling checks.
• Train teams on SAR filing and regulator notifications.
• Conduct quarterly tabletop drills to simulate multi-branch treasury check fraud attacks.
• Document lessons learned from each incident for continuous improvement.

Example: When a counterfeit check scheme targets three branches, the playbook ensures immediate holds, notifies regulators, and coordinates a comprehensive investigation across operations, compliance, and fraud teams.

10. Educate customers to reduce exposure

Criminals often start fraud outside the bank by stealing checks from the mail. Educated customers reduce the number of fraudulent items entering deposit channels.

Steps to empower customers:

• Promote USPS Informed Delivery to help customers track their incoming Treasury checks.
• Advise customers not to leave checks in unlocked mailboxes.
• Publish guides on recognizing check washing and reporting stolen items quickly.
• Be transparent about Reg CC holds to set realistic expectations.

Example: A retiree signs up for Informed Delivery, notices a missing Treasury check, and alerts the bank before fraudsters can use it.

How VALID Systems helps banks stay ahead of Treasury check fraud

Treasury check fraud will not disappear in the future. Mail theft remains rampant, counterfeit technology continues to improve, and regulatory scrutiny is only intensifying.

But banks are no longer powerless. The tools now exist to verify every Treasury check at deposit, to score risk in real time, and to share intelligence across the industry before fraudsters can cash in.

VALID Systems provides leading fraud analytics platforms used by many U.S. banks. Modern fraud-prevention platforms integrate risk scoring, behavioral analytics, and operational controls to combat check fraud, and VALID's tools set the benchmark by combining these capabilities into one system.

In summary, VALID's solutions exemplify how a bank can combine AI risk scoring, behavioral analytics, and operational policies into a single workflow to combat Treasury check fraud. Using such a platform, a financial institution can:

• Accept low-risk Treasury checks and grant instant availability (while meeting Reg CC).
• Immediately flag any check that violates expected patterns (e.g., mismatched payee name, abnormal amount, suspicious channel).
• Trigger enhanced review or decline on the fly, avoiding POCs and losses.
• Log and analyze trends to continuously improve fraud rules (OCC encourages continuous risk management, not "set and forget").

With these tools integrated, VALID Systems reports that clients are seeing 87% fewer fraud losses and have prevented over $600 million in fraud losses with CheckDetect alone.

Ready to stop treasury check fraud before it hits your balance sheet?

Schedule a VALID Systems demo and discover how leading institutions reduce losses and safeguard customer trust.