U.S. Treasury checks cover Social Security, tax refunds, pensions, and other federal payments. For decades, they represented trust and guaranteed funds.
Yet, treasury check fraud is rising fast. Criminals exploit mail theft, washed payee lines, counterfeit alterations, and even AI tools to turn stolen checks into cash.
In FY 2024, the Treasury's Office of Payment Integrity used machine learning and other improved processes to prevent or recover over $4 billion in fraud and improper payments, up sharply from about $650 million the previous year.
The solution is not slower payments but smarter protection. This guide explains the 2025 threats, rules, and best practices every institution needs to know.
"Treasury checks" are paper checks drawn on the U.S. Treasury and issued by federal agencies. Common examples include Social Security and Medicare benefit checks, tax refund checks, federal salary or pension checks, stimulus payments, and other disbursements (debt relief, rental assistance, etc.).
The Bureau of the Fiscal Service manages these disbursements. Treasury checks are printed with unique security features (watermarks, microprinting, etc.) and cleared through Federal Reserve channels. The federal government spends a considerable amount, with ~1.4 billion payments totaling over $6.9 trillion, distributed to more than 100 million people annually.
Because they carry Treasury backing, these checks enjoyed prompt availability rules under Regulation CC (usually next-day availability for qualified deposits).
However, that very speed has become a vulnerability. Fraudsters exploit mailing and banking rules to their advantage, pressuring banks to release funds before the fraud is detected.
Check fraud remains one of the most pressing financial crime threats in the United States. Despite the steady decline in paper check usage, criminals continue to exploit them due to their accessibility, high dollar value, and the relative ease of alteration or counterfeiting.
In 2024, financial institutions filed 682,276 Suspicious Activity Reports (SARs) for check fraud, up from about 665,505 in 2023. Industry experts note that check-related activity continues to account for a disproportionate share of overall fraud.
According to the 2024 AFP/Fed Payments Fraud and Control Survey, 63% of organizations experienced attempted or actual check fraud. These numbers make checks the single most targeted payment method for businesses, outpacing ACH, wire transfers, and card transactions.
Mail theft remains the leading driver of treasury check fraud.
Criminals target USPS blue collection boxes, sorting facilities, and even residential mailboxes to intercept government disbursements, such as Social Security and tax refunds. Once in hand, checks are "washed" to change payee information, counterfeited using templates, or fraudulently endorsed and deposited.
A detailed FinCEN analysis of February through August 2023 (the most recent comprehensive study, released in 2024), revealed 15,417 reports of mail-theft-related check fraud filed by 841 financial institutions, representing over $688 million in suspicious transactions.
The same analysis showed how criminals used stolen checks:
Alongside traditional tactics, criminals are increasingly adopting digital tools. Regulators and industry surveys in late 2024 flagged AI-driven check fraud, including the use of:
The OCC's 2024 Risk Report specifically warned that AI-enabled manipulation of documents is a growing threat, recommending that banks strengthen authentication and monitoring with machine learning and real-time scoring.
Rising treasury check fraud has led to stricter rules for banks.
Updates to 31 CFR Part 240, Regulation CC, and the Treasury Check Verification System (TCVS) shift liability to financial institutions and require stronger verification before releasing funds.
Banks must verify Treasury checks through return files and TCVS, follow Reg CC timelines, and act on FinCEN guidance. Failure to do so can leave institutions directly liable for losses resulting from treasury check fraud.
Preventing treasury check fraud requires a layered defense model that integrates advanced technology, human oversight, and industry-wide intelligence.
Here are 10 detailed strategies any bank can implement today:
Fraudsters often exploit the gap between deposit and review. Legacy batch systems may only evaluate items hours later, leaving banks vulnerable. Real-time decisioning shuts that window.
Result: The system intercepts suspicious Treasury checks instantly, reduces losses, and lets legitimate items flow quickly.
InteliFUNDS provides banks with a safety net for Treasury check deposits. Even when real-time decisioning clears items for accelerated availability, some high-risk checks will still prove fraudulent.
InteliFUNDS covers those charge-offs, removing the loss from the bank's balance sheet. At the same time, it allows up to 99% of safe Treasury checks to clear instantly, improving customer access to funds while keeping fraud risk contained.
Fraud rings thrive by making activity appear routine. Behavioral analytics cuts through that disguise by comparing each deposit to customer and industry baselines.
Example: An account that usually deposits a $300 paycheck suddenly presents three Treasury checks totaling $15,000 via mobile over two days. Analytics flags the shift and escalates for review.
Fraudsters forge checks in ways that evade single-rule detection, but multi-factor scoring analyzes dozens of signals to reveal manipulation.
VALID's CheckDetect combines hundreds of data points, achieving 95%+ detection accuracy while keeping false positives manageable. By ingesting hundreds of signals and leveraging consortium intelligence, CheckDetect identifies over 75% of potential check deposit charge-offs at the time of deposit.
One of the most common fraud tactics is altering the payee name. Historically, banks had no means to validate the identity of payees on Treasury checks. The Treasury Check Verification Service (TCVS) API now fills this gap.
Example: A $2,800 Treasury check altered from "Maria Lopez" to "Mark Lewis" is flagged by TCVS, preventing the fraud in real-time.
Fraudsters exploit silos by depositing the same item in multiple ways. Without cross-channel visibility, banks risk paying out on duplicates.
Example: A customer cashes a $4,200 Treasury check at a branch drive-thru in the morning and then attempts to redeposit the same item through mobile banking later that day. Without cross-channel visibility, both transactions could post. A unified fraud hub compares activity across channels in real-time, flags duplicates, and stops the second deposit before funds are released.
Technology can only do so much if staff fail to enforce holds properly. Regulators also scrutinize documentation closely during exams.
Fraud rings often hit multiple banks simultaneously. Data sharing ensures one institution's discovery benefits the whole industry.
Example: Bank A detects a series of counterfeit Treasury checks with sequential serial numbers. That data is shared through the consortium, preventing Bank B and C from accepting identical items.
With visibility into more than 450 million accounts and 4 trillion dollars in annual transactions, VALID's Edge Data Consortium provides banks with predictive insights to identify Treasury check fraud earlier.
By pooling data across institutions, the consortium highlights anomalies such as recycled serial ranges or unusual payee alterations before they appear in your own deposits, giving your fraud team a clear advantage.
Traditional defenses, such as positive-pay, still work, but they must be paired with new tools to catch today's sophisticated schemes.
Result: A layered defense reduces reliance on any one tool and ensures fraud slips through less often.
Even with strong defenses, some attempts succeed. A coordinated response plan reduces losses and regulatory risk.
Example: When a counterfeit check scheme targets three branches, the playbook ensures immediate holds, notifies regulators, and coordinates a comprehensive investigation across operations, compliance, and fraud teams.
Criminals often start fraud outside the bank by stealing checks from the mail. Educated customers reduce the number of fraudulent items entering deposit channels.
Example: A retiree signs up for Informed Delivery, notices a missing Treasury check, and alerts the bank before fraudsters can use it.
Treasury check fraud will not disappear in the future. Mail theft remains rampant, counterfeit technology continues to improve, and regulatory scrutiny is only intensifying.
But banks are no longer powerless. The tools now exist to verify every Treasury check at deposit, to score risk in real time, and to share intelligence across the industry before fraudsters can cash in.
VALID Systems provides leading fraud analytics platforms used by many U.S. banks. Modern fraud-prevention platforms integrate risk scoring, behavioral analytics, and operational controls to combat check fraud, and VALID's tools set the benchmark by combining these capabilities into one system.
In summary, VALID's solutions exemplify how a bank can combine AI risk scoring, behavioral analytics, and operational policies into a single workflow to combat Treasury check fraud. Using such a platform, a financial institution can:
With these tools integrated, VALID Systems reports that clients are seeing 87% fewer fraud losses and have prevented over $600 million in fraud losses with CheckDetect alone.
Ready to stop treasury check fraud before it hits your balance sheet?
Schedule a VALID Systems demo and discover how leading institutions reduce losses and safeguard customer trust.