Fraud continues to complicate the lives of community bankers and their customers. While the industry would be a far better place without it, the reality is that community banks must build fraud awareness, knowledge and prevention skills in order to succeed. And that all starts with knowing what to look out for.

“Fraud mechanisms and scam typologies are constantly evolving, and community banks continue to be challenged by their stubborn persistence,” notes Scott Anchin, ICBA’s senior vice president of strategic initiatives and policy. “Fraud and scams don’t just affect the bottom line; they affect customer relationships and divert resources away from other important operational activities.”

Anchin says check fraud, payment card friendly fraud, romance baiting and business email compromise top the list of today’s fraud concerns.

Worst of the worst: check fraud

Terri Luttrell
Terri Luttrell

Following years of exponential growth, check fraud remains the most concerning issue for community banks in 2025, says Terri Luttrell, compliance and engagement director at financial institution software provider Abrigo in Austin, Texas. According to the 2024 Abrigo Fraud Survey, 61% of Americans still write checks. This represents a decline in overall check volume, but incidents of fraud and the resulting losses remain high across the U.S. Luttrell cites current FBI statistics: $18 billion in annual check fraud losses, 500 million fraudulent checks per year and more than a million fraudulent checks detected daily.

Sarena Barker
Sarena Barker

At $1.6 billion-asset Plumas Bank in Quincy, Calif., “one of the strongest and most effective” check and ACH fraud protection tools the bank offers its commercial customers is positive pay with payee match, says Sarena Barker, senior vice president and digital banking manager.

Positive pay automates transaction monitoring for possible check and ACH fraud, and payee match double-checks payee names on images and issued check files. “Our clients say it’s a real game-changer and it provides peace of mind,” Barker says. 

Furthermore, Plumas Bank recommends that both its commercial and retail customers use the community bank’s secure online banking and bill pay services instead of writing and mailing checks because there are additional safeguards within those that can help deter fraud. Customers can review their transactions in real time, set up alerts and daily thresholds to easily monitor any unusual activity, and establish multifactor authentication (MFA) for an extra layer of validation.

Know your fraud types

Along with the types of fraud mentioned in this article, the FBI lists these types of fraud to watch out for:

  • Business email compromise

  • Advance fee schemes

  • Nigerian letter (419 fraud)

  • Ponzi schemes

  • Pyramid schemes

  • Synthetic identity fraud

  • Romance scams

  • Skimming

  • Spoofing and phishing, including smishing (text) and vishing (voicemail)

  • Grandparent scams

  • Government impersonation scams

  • Sweepstakes/charity/lottery scams

  • Home repair scams

Combating consumer scams

Rene Perez
Rene Perez

When it comes to consumer fraud, it’s all about scams: scamming them out of their credentials or one-time tokens, or duping them into sending instant payments, says Rene Perez, national director of financial crimes sales and financial crimes consultant at tech solutions provider Jack Henry in Monett, Mo.

“Banks have really gotten to the point where they have a lot of resources and tools put into place to protect their four walls,” says Perez, “so for fraudsters, the path of least resistance is targeting, more and more, consumers themselves.”

He notes that one scam growing in popularity is when fraudsters place ads on Facebook Marketplace for goods, asking buyers to pay outside of the platform and use Venmo or PayPal instead. The goods don’t exist.

“If a buyer sends money through Facebook, Facebook then holds that money from the person selling the item until that item is confirmed and received. Facebook then releases the money,” Perez says. “Both Venmo or PayPal have opportunities to claw back money as well, but it’s a lot more hoopla. You’ve already lost the money, and you’re now trying to gain the money back.”

Another scam targeting wealthy consumers, Perez says, is “pig butchering,” where fraudsters dupe individuals into investing dollars or cryptocurrencies using fake apps or websites. After sending their money, the fakes are taken down and the victims lose their money.

“A lot of the fraudsters that are committing the pig butchering scams are actually human trafficking victims,” Perez notes, “and they’re trying to buy their freedom from the fraud organization.”

A fraud checklist for customers

Terri Luttrell, compliance and engagement director at Abrigo, believes community banks should give customers these pointers:

  • Verify the validity of any investment opportunity from strangers or long-lost contacts on social media websites.

  • Be on the lookout for domain names that look like legitimate financial institutions, especially cryptocurrency exchanges, but that have misspelled URLs or slight deviations in the name.

  • Do not download or use suspicious-looking apps as a tool for investing unless you can verify the app’s legitimacy.

  • Do not click on any links or attachments from an unknown source or without verifying a known source.

  • If an investment opportunity sounds too good to be true, it likely is. Be cautious of “get rich quick” schemes.

Tools to mitigate fraud

Partnering with fintechs or other companies that offer fraud detection, mitigation and prevention tools can augment banks’ in-house resources, Anchin says. Consortium-based solutions, for instance, use data gathered from a bank’s customers to produce actionable fraud analytics.

Jenn Brick
Jenn Brick

Isabella Bank in Mt. Pleasant, Mich., uses multiple systems to mitigate various types of fraud, says Jenn Brick, vice president and director of customer service operations at the $2 billion-asset community bank.

“We have internal monitoring based on different types of alerts of anything that would be considered a high risk,” Brick says. “In addition, we have solutions for our customers.”

Isabella Bank, like Plumas Bank, uses MFA. Brick says it’s required for customers to log into its online banking site and its app, as well as for high-risk Mastercard debit card transactions.

Isabella Bank also uses the REDiVerify system, which messages customers to ask if a certain debit card transaction was legitimate. If not, the system shuts down the card and asks the customer to contact the bank.

$18B

Annual check fraud losses in the U.S.

Source: FBI

“We also have different security features within each tool provided by Jack Henry, such as limitations depending on the type of transaction, like Zelle transactions or B2B transfers,” Brick says, “so at least the potential of fraud is limited.”

Perez notes that Jack Henry also now offers Financial Crimes Defender, where a bank can move all its fraud point solutions to a single platform. This offers a more holistic view to determine whether and where fraud is occurring. 

“For example, if a fraudster does a $500 Zelle payment, then a $2,000 ACH, a $1,500 wire and a $2,000 FedNow payment, each of those smaller transactions look legitimate under siloed fraud detection systems,” he says. “But when a bank can see the combination of all those different transactions, the bank will know that they’re fraudulent.”

Plumas Bank deploys software to manage fraud risks within an acceptable tolerance, and alerts are generated for risks that exceed set tolerances. These are then investigated by fraud experts, says Amber Marshall, senior vice president and risk manager. The community bank also has a strong customer identification program and customer due diligence controls in place, she says, as well as partnerships with local and federal law enforcement agencies “to help protect our clients and the bank from fraud.”

Anchin notes that when working with third parties, “it’s important to perform careful due diligence to make sure that solutions will integrate with existing technology and that vendors are reliable and trustworthy.”

Government fraud resources

When in doubt about prospective fraud, find a trusted source of information and education. Terri Luttrell, compliance and engagement director at Abrigo, recommends that community banks refer to the FBI’s annual Internet Crime Report and the Federal Trade Commission’s web pages detailing the latest scams.

Other government agencies that offer tools and educational material related to fraud include the banking regulatory agencies, FinCEN and the U.S. Postal Inspection Service, says Scott Anchin, ICBA’s senior vice president of strategic initiatives and policy. He says these organizations provide guidance, timely alerts and other information that can help community bankers stay up to date with active frauds and scams.

“Preventing, detecting and mitigating fraud requires active engagement from everyone in the ecosystem,” Anchin says, “including community banks, consumers, small businesses, technology providers, regulators and law enforcement agencies.”

Fraud education is critical

According to Anchin, “Education is the cornerstone of fraud prevention.” He notes that proactively educating both internal staff and customers will go a long way in minimizing the incidence of fraud.

“There are a number of creative mechanisms community banks can use to reach both groups, including alerts, live sessions and simulated fraud exercises,” he adds.

Isabella Bank’s marketing department regularly posts fraud-prevention articles on the bank’s website and social media. It also sends emails and push notifications directly to customers with tips for keeping personal and account information safe, Brick says. There’s external outreach, too: Bank staff give presentations about fraud prevention to local chambers of commerce and other organizations.

“We tell customers all the time that for your debit card number or account number, we will ask you a verification question, but we’re not going to ask for your full number because we should already have that in our system,” Brick says. “So, if someone is asking you for [full account] information, that’s a red flag. If you’re uncomfortable, hang up and call the number of your institution that you know, and verify if we were actually talking to you.”

Plumas Bank offers a “robust” educational program that includes in-branch forums, blogs, newsletters and social media, Marshall says. In addition, the community bank provides materials and handouts from government agencies such as the Federal Deposit Insurance Corporation, the Federal Trade Commission and the National Cybersecurity Alliance.

“Educating our clients on how to protect themselves against fraud and cybercrime is a top priority for Plumas Bank, and we take our role as a trusted financial resource for our clients very seriously,” Marshall says.

500M

Fraudulent checks annually

Source: FBI

When alerting customers about how to avoid the latest fraudulent attempts, Perez recommends that community banks include vivid visual cues, like a big warning message with a skull and crossbones or a cartoonish hacker huddled over a computer.

“Once you get their attention, you got to give them good, concise information,” he says. “Nobody’s going to read a paragraph, but if you give them two or three bullet points, they’re going to look at it.”

4 ways to fight business payments fraud

Business payments fraud is a significant risk, especially for small businesses with limited cash flow, says Scott Anchin, ICBA’s senior vice president of strategic initiatives and policy. “Working with customers to help them understand how to prevent business payments fraud offers community banks a great opportunity to add depth to their small business relationships,” he says.

Here are four tips for mitigating business payments fraud.

  1. Consider offering positive pay free of charge. Rene Perez, national director of financial crimes sales and financial crimes consultant at Jack Henry, says banks should rethink their approach to positive pay. If a bank’s total fraud losses on its business accounts are greater than the amount of fee income it receives from offering customers positive pay, it should consider offering it at no charge. “Give every customer positive pay for free, and you will reduce your fraud losses to the point where it actually becomes a revenue generator,” Perez says.

  2. Lean on cybersecurity expertise. Banks should employ experienced cybersecurity teams to ensure their systems are safe and that all updates and patches are applied in a timely manner, says Terri Luttrell, compliance and engagement director at Abrigo.

  3. Invest in fraud detection software. Banks should have a strong fraud detection and monitoring system to detect check fraud, wire fraud, ACH fraud and other types of fraud. “A combined anti-money laundering/fraud system is recommended due to the criminal crossover of financial crimes,” Luttrell says. “Proceeds from fraud must be laundered, and robust software will follow patterns for better detection and prevention.”

  4. Invest in fraud investigators. Luttrell believes community banks should have adequate, qualified and trained staff to investigate suspected fraud alerts before they become hard-dollar losses. Fraud investigators should have a specific skill set and proper on-the-job training.

Above all, Luttrell continues, processes must be dynamic and staying up to date with the newest schemes is essential due to fraudsters’ continued escalation in complexity. “Regardless of the current budget,” she says, “regulators will expect adequate technological and human resources to protect the institution’s safety and soundness.”