Your First US Check Could Cost You Thousands: A Fraud Guide for APAC Founders

Why US Checks Are Still Your Problem (Even in 2025)

Let's start with the culture shock: checks aren't extinct in the US.

In Singapore, PayNow replaced checks years ago. In Hong Kong, FPS (Faster Payment System) made bank transfers instant and free. In Australia, NPP eliminated most business check usage by 2020. If you're under 40 and running a startup in APAC, you've probably never written a business check in your life, and you certainly don't expect to receive one.

But in the US, checks remain a primary payment method for B2B transactions, vendor payments, customer refunds, and entire industries like healthcare, real estate, and legal services. Small and medium-sized businesses especially, still rely on checks for monthly invoicing cycles.

Here’s why this creates a huge risk: Check fraud attempts in the US doubled between 2021 and 2024, driven by organized crime rings that exploit USPS mail theft vulnerabilities. Foreign businesses are especially attractive targets because fraudsters correctly assume you don't know what a legitimate US check looks like, how long clearing actually takes, or when you're legally liable for fraud losses.

Your first 90 days in the US market are your highest-risk window. Most founders focus their energy on incorporation paperwork, visa sponsorships, and early customer acquisition. Fraud controls come later, often after the first loss. By then, one successful check fraud can wipe out months of revenue and create reconciliation nightmares that distract your small finance team for weeks.

The 6 Check Fraud Methods Targeting Your Business

Here's how check fraud actually works in practice. Understanding these methods helps you spot them before they hit your bank account.

1. Counterfeit Checks

Fraudsters create fake checks using stolen routing and account numbers, often obtained through phishing, data breaches, or social engineering. These checks may look legitimate but are drawn on accounts that don't belong to the supposed sender.

Risk indicators:

• Unexpected checks from new customers you haven't invoiced
  
• Poor check quality (smudged printing, odd fonts, missing security features)
  
• Pressure to deposit immediately
  
• Checks that arrive before you've fully onboarded the customer or completed KYC verification.
  

2. Altered or "Washed" Checks

This is old-school but effective: criminals steal checks from residential or business mailboxes, use chemicals to erase the ink (leaving only the signature intact), and rewrite the payee name and amount. A $500 check becomes a $5,000 check to a different recipient. USPS mail theft has become an industrial-scale operation in many US cities, making this a systematic threat rather than an opportunistic crime.

Risk indicators:

• Checks that look slightly discolored or have faint residue
  
• Mismatched fonts between the printed account holder name and the handwritten payee/amount
  
• Vendors claiming they never received checks you sent, checks cashing in unexpected states or regions.
  

3. Overpayment/Refund Scams

This is the most common trap for new US businesses, so pay attention. A "customer" sends you a check for $50,000, then claims it was a mistake—they only owed you $30,000. They ask you to refund the $20,000 difference. You see the funds in your account (because US banks make funds available quickly), so you issue the refund. Days later, the original check bounces. You've now lost both the $20,000 refund AND whatever product or service you delivered. The fraudster walks away with $20,000+ of real money.

Risk indicators:

• Any overpayment followed by urgent refund requests
  
• Customers asking you to refund via wire or ACH to a different account than the original payment source
  
• Pressure to process the refund quickly ("before our accounting period closes")
  
• Checks arriving before a contract is fully executed or an invoice is generated.
  

Tip: Instead of returning the partial funds, advise the sender to work it through their bank instead.

4. RDC Abuse (Double Depositing)

Remote Deposit Capture—mobile check deposit—was designed to modernize checks. Instead, it created new fraud vectors. Fraudsters deposit the same check multiple times using different mobile banking apps at different financial institutions

Risk indicators: The same check number appearing multiple times in your transaction history, deposits from new devices or unfamiliar IP addresses, unusually high-value mobile deposits from new payors (especially over $10,000), deposits happening outside your normal business hours or in rapid succession, frequent RDC failures or correction attempts (often indicates someone testing your system's controls).

5. Check Kiting

This is a more sophisticated scheme: fraudsters exploit the delay between when a check is deposited and when it actually clears. They write checks between multiple accounts, withdraw the "available" funds before the checks bounce, and disappear. This targets businesses with multiple bank accounts or those unfamiliar with US clearing timelines.

Risk indicators: Customers with multiple account relationships requesting you accept checks from different banks, unusual patterns of deposits followed immediately by withdrawal requests, customers who seem overly familiar with your bank's funds availability policies.

6. Stolen/Closed Account Checks

Fraudsters write checks on accounts that are already closed or never existed in the first place. These checks will always bounce, but not before they appear legitimate during the initial deposit and clearing window.

Risk indicators:

• Checks from unknown payors or companies you can't verify through basic due diligence (business registry search, website, LinkedIn presence)
  
• Mismatches between the company name on the check and the customer contact information you have
  
• First-time customers sending high-value checks before establishing payment history.
  

What APAC Founders Get Wrong About US Check Fraud

Whether it's in Singapore, Hong Kong or Sydney, banking in your local market has prepared you well for digital payments, but it's created blind spots around US check fraud. Here are the three most dangerous misconceptions.

Misconception #1: "The bank will protect me from fraud"

In many APAC markets, banks bear most fraud liability. If someone deposits a fake check into your account or withdraws unauthorized funds, you expect the bank to make you whole.

In the US, liability is governed by Regulation CC and the Uniform Commercial Code (UCC Articles 3 & 4). These regulations can shift liability to your business if you fail to demonstrate "ordinary care"—meaning you didn't implement reasonable fraud prevention controls. If you accept checks from unknown payors, deposit them without verifying security features, and issue refunds before checks fully clear, banks may deny your fraud claim. You're expected to protect yourself.

Misconception #2: "Funds available = funds cleared"

This is the most dangerous assumption. US banks are required by Regulation CC to make deposited funds available to you within 1-2 business days. This is a customer service requirement, not a confirmation that the check is legitimate.

Here's the actual clearing timeline:

Days 1-2: Funds show as "available" in your account (this is a Reg CC requirement for customer access, not fraud verification)

Days 3-7: Check moves through the automated clearing house

Days 8-15: Receiving bank verifies funds with the issuing bank

Day 16+: Check is truly cleared—this is when you're actually safe

If the check bounces anywhere in this 15-day window, the bank reverses your "available" balance. If you've already spent or transferred that money, you owe the bank the full amount. This gap between "available" and "cleared" is where most check fraud succeeds—fraudsters know you'll see the money in your account and act before verification completes.

Misconception #3: "Mobile deposit is safer than physical deposit"

RDC introduces new risks, not fewer. When you deposit a check via mobile banking, you're responsible for:

• Storing the physical check securely until the deposit is confirmed
  
• Destroying the physical check properly (usually by shredding) after confirmation
  
• Ensuring only authorized personnel can access your RDC-enabled devices
  
• Monitoring for duplicate deposit attempts
  

Banks require businesses to follow FFIEC RDC guidance on secure handling. If you violate these requirements—say, by letting multiple employees deposit checks from personal phones, or by failing to destroy physical checks—you may be held liable for any resulting fraud losses.

Misconception #4: "Internal fraud isn't a risk for small teams"

Actually, small teams have higher concentration risk. If the same person receives checks, deposits them, approves refunds, and reconciles bank statements, you have zero segregation of duties. Many US fraud cases involve collusion between employees and external fraudsters—especially in startups where "we all wear multiple hats" becomes a control weakness.

US Fraud-Readiness Checklist for Founders

This checklist covers the essential controls every US-operating business should implement before processing their first check. Copy this into Notion, Asana, or your internal finance SOP—and assign clear owners for each item.

Before You Start—Payment Strategy & Account Setup

Set your payment hierarchy:

• Prefer ACH, wires, or card payments over checks whenever commercially possible
  
• For new US customers, require digital payment methods in your contracts and invoicing terms
  
• Set transaction limits for check deposits (e.g., no single check over $25,000 without VP Finance approval)
  
• Enable positive pay with your bank to validate check details before clearing
  
• Configure real-time alerts for all check deposits, especially those exceeding your defined threshold
  
• Enable velocity monitoring to flag an unusual number of deposits within short timeframes
  
• Turn on device and IP monitoring for all RDC activity
  

Secure your mail and check delivery:

• Use a dedicated P.O. box or locked commercial mailbox—never use your office reception desk for check delivery
  
• Designate one specific person responsible for receiving and logging all incoming checks
  
• Store all received checks in a locked drawer or safe immediately upon receipt
  

When Checks Arrive—Handling & Verification Procedures

Log and inspect every check:

• Log check details immediately in your finance system: payor name, amount, check number, date received, invoice reference
  
• Compare the check amount to your invoice, contract, or expected payment amount
  
• Inspect physical security features: MICR line (magnetic ink at bottom), watermarks, microprinting, perforations
  
• If the payor is unknown or the amount is unexpected, verify sender identity through an independent communication channel (call their main business line, don't use contact info from the check itself)
  

Before depositing:

• Never accept checks from completely unknown entities without thorough verification
  
• For checks above your defined threshold (suggest $10,000), require finance lead approval before deposit
  
• Take clear photos or scans of both the front and back of the check for your records
  
• Endorse checks with "FOR DEPOSIT ONLY" plus your account number
  

Storage and destruction:

• Store checks securely until deposit—never leave them on desks, in common areas, or in unsecured drawers
  
• After mobile deposit, immediately mark the physical check with "DEPOSITED [DATE]" in permanent marker
  
• Destroy physical checks by shredding only after the bank confirms successful deposit acceptance (usually 1-2 business days)
  

Mobile Deposits (RDC)—Digital Controls

Device and access controls:

• Only use company-authorized devices for RDC—no personal phones unless they're enrolled in Mobile Device Management (MDM)
  
• Restrict RDC access to designated finance team members only; document who has access
  
• Require multi-factor authentication (MFA) for all banking app logins
  
• Monitor for RDC attempts from new devices, unusual geographic locations, or outside normal business hours
  

Deposit verification process:

• Double-check that the check amount matches your expected payment before capturing the image
  
• Ensure image quality is clear and legible for both front and back
  
• Never deposit the same check twice—if a mobile deposit fails, investigate before re-attempting
  
• Wait for the bank's deposit confirmation notification before destroying the physical check
  

Post-deposit procedures:

• Reconcile all mobile deposits daily against your bank statements
  
• Flag any RDC failures, corrections, or reversals for immediate investigation
  
• Train your team to recognize warning signs: rapid succession deposits, high-value checks from new payors, deposits occurring outside business hours
  

Refunds & High-Risk Transactions

Never issue refunds until full clearance:

• Wait a minimum of 10-15 business days for checks to fully clear—not just until "funds available" shows in your account
  
• Verify refund recipients independently: call their known business number, never rely solely on email refund requests
  
• Require dual approval (two authorized signers) for any refund exceeding your defined threshold (suggest $5,000)
  
• Document all refund approvals with supporting evidence: original invoice, contract, complete communication log
  

Overpayment scam protocol:

• If any customer claims they overpaid and requests a refund, stop all processing immediately
  
• Contact your bank directly to verify the check's true clearing status before issuing any refund
  
• If a refund is legitimately owed, issue it via ACH or wire transfer—never send a refund check to a different address than the original payment source
  
• Escalate all overpayment scenarios to your fraud team or finance lead for review before taking action
  

Vendor payment verification:

• Confirm any bank account updates directly through a known contact—never trust email alone for banking changes
  
• Verify new vendor identities thoroughly before issuing first payments (check business registration, references, online presence)
  
• Be immediately suspicious of vendors who insist on check-only payments when digital options exist
  
• Cross-check vendor addresses, phone numbers, and tax ID numbers against public business registries before payment
  

Ongoing Monitoring & Team Training

Daily and weekly controls:

• Reconcile bank statements at minimum weekly; flag any unexpected check activity immediately
  
• Review all check deposits, clearances, and returns in detail
  
• Monitor for duplicate check numbers, altered amounts, or unusual clearing patterns
  
• Escalate any suspicious activity to your bank and fraud support team immediately—early reporting can prevent larger losses
  

Team training and segregation of duties:

• Train all finance team members on check fraud warning signs; conduct refresher training quarterly
  
• Implement clear segregation of duties: ensure different people handle check receipt, deposit processing, and refund approvals
  
• Never allow the same person to receive checks, deposit them, AND approve refunds—this is the highest-risk control gap
  

Create an internal fraud escalation playbook documenting exactly who to contact, what to document, and what steps to take if fraud is suspected

Account security:

• Treat your ABA routing number and DDA account number as highly sensitive information (in the US, these numbers can be used for both receiving AND sending money)
  
• Only share account details with verified, trusted business partners
  
• Enable account takeover alerts for unusual login locations, new devices, or suspicious access patterns
  
• Require MFA for all team members accessing any banking systems