The Rising Cost of Check Fraud — And How to Respond

Written by CFS Solutions Insight Hub Team | Mar 11, 2026 1:00:02 PM

What ATM and ITM operators need to know about today’s fraud environment, and the controls that make a measurable difference.

Check fraud is rising — and ATM and ITM channels are increasingly at the center of it. Self-service terminals process high check volumes without a teller present, which makes automated review controls the primary line of defense. When those controls are outdated, siloed, or slow to update, the window for fraud widens.

This guide covers the fraud types most relevant to terminal deposit environments, the real cost of delayed detection, and the controls that make the biggest difference.

The Fraud Types That Target Terminal Deposits

Most check fraud at the terminal falls into a few patterns, often used in combination:

Duplicate deposits — the same check submitted through multiple channels (ATM, ITM, mobile, branch) before cross-channel detection flags the item. This is the most common terminal fraud type, and it is fundamentally a visibility problem: when channels don’t share real-time data, the gap stays open.
Counterfeit and altered items — printing technology has made convincing fakes easier to produce. Automated image analysis and third-party verification catch what visual inspection misses.³
Check kiting — cycling funds across accounts to exploit float time before items clear. High terminal transaction volumes can obscure unusual patterns without cross-account monitoring.
Account takeover deposits — fraudsters using legitimate credentials to deposit fraudulent items, bypassing behavioral parameters tied to account history.

The Real Cost of Delayed Detection

Fraud losses are only part of the picture. When review is batch-based rather than real-time, back-office teams spend hours reconciling transactions that should have been flagged at capture. The labor cost alone often exceeds the value of the fraud being prevented — and the compliance exposure from undocumented exceptions adds further risk.

One community bank reduced daily balancing from four hours to 45 minutes after modernizing its deposit review and exception routing. The change came from real-time visibility and automated flagging — not additional staff.

As ATM and ITM fleets grow, the problem scales with them. Manual review workflows don’t — which means every terminal added without improved review infrastructure increases exposure proportionally.

The Controls That Make the Biggest Difference

Strong fraud outcomes at the terminal come from layering complementary controls, not from any single tool:

Configurable review rules applied at capture — flagging items based on your institution's specific needs, not a one-size-fits-all system. Rules need to be actively maintained; a ruleset calibrated years ago may have meaningful gaps against current fraud typologies.
Centralized review across all deposit channels — duplicate fraud lives in the gaps between siloed systems. When ATM, ITM, mobile, branch, and merchant capture feed one review queue, duplicate detection is immediate.
Third-party fraud verification — external scoring against shared negative databases catches counterfeit and altered items that internal rules alone may miss.
Hosted infrastructure — institutions in hosted environments consistently report faster issue resolution and more timely rule updates, because support teams have direct visibility rather than waiting for the institution to surface a problem.⁴
A proactive support relationship — when a fraud pattern shifts, response time measured in hours versus days determines whether losses occur. Direct access to knowledgeable support is a meaningful fraud control in itself.

Don’t Overlook the Compliance Dimension

Examiners are paying closer attention to how institutions document and govern deposit fraud controls.⁵ The standard isn’t just that fraud is detected — it’s that exception handling is consistent, decisions are traceable, and review rules are demonstrably current. Institutions relying on informal or undocumented processes are increasingly finding this flagged during examination, separate from any actual fraud losses.

Where to Start

When deposit systems can analyze and share data in real time, the benefits ripple throughout the organization.

Executives gain better visibility into liquidity and transaction flow. Operations teams can detect anomalies immediately. And customers — whether commercial clients or everyday account holders — experience faster deposits and fewer errors.

Modernization isn’t about replacing people with technology. It’s about giving people better tools to do what they already do best.

How to Get Started

When were your review rules last updated? Calibrate them to current fraud typologies, not the patterns that were common when they were set.
Which deposit channels share a unified review system — and which are siloed? The gaps are where duplicate fraud occurs.
Is your exception handling documented and consistent enough to hold up in an examination?
Does your technology partner proactively surface issues, or does your team have to find and report them first?

See How CFS Solutions Can Help

We work with regional banks, credit unions, and their reseller partners to modernize deposit automation, unify review across ATM, ITM, and additional capture channels, and build fraud controls that scale with your fleet. Contact us today to see how we can help!

📞 (850) 386-2902 🌐 cfssolutions.com ✉️ sales@cfssolutions.com

Sources

¹ FinCEN Alert FIN-2023-Alert001, February 2023. fincen.gov

² AFP 2024 Payments Fraud and Control Survey. afponline.org

³ ABA Deposit Account Fraud Survey Report, 2023. aba.com

⁴ CFS Solutions. “The ROI of Reliable Support.” 2025.

⁵ FFIEC Authentication and Access Guidance, August 2021. ffiec.gov

View full post