This fraud involves depositing bad checks and withdrawing funds before they return unpaid.
What is bust-out fraud?
This type of fraud involves unauthorized access to an existing account.
What is Account Takeover (ATO)?
A customer’s checks suddenly begin clearing with different payees than normal, but the customer confirms they did not write them.
What is Third Party Fraud
Address, phone, or email changes may indicate this fraud type.
What is account takeover risk?
An account shows login activity from a new location followed by unauthorized check payments.
What is Account Takeover (Third Party Fraud)?
This fraud includes creating a fake identity using real and fabricated information.
What is synthetic fraud?
This fraud involves stealing someone's personal information to open or use accounts.
What is Identity Theft?
An account shows multiple checks written to “Cash,” with signature inconsistencies and no customer awareness.
What is Third Party Fraud (altered or fictitious checks)?
Large deposits followed by withdrawals before funds clear indicate this.
What is a bust-out red flag?
Customer information does not match records, and an account was opened using different identity details.
What is Identity Theft?
This tactic involves altering small pieces of personal information to bypass detection.
What is PII manipulation?
A customer’s account shows matching PII, a recent address change, login from a new device, and altered checks made payable to unfamiliar recipients. The customer denies issuing the checks.
What is Account Takeover / Third Party Fraud?
A customer deposits several large checks, immediately withdraws funds, and the checks later return unpaid. The customer cannot be reached.
What is First Party Fraud (bust-out via deposits)?
SSN issued before birth or linked to multiple people indicates this.
What is synthetic identity risk?
An account has matching customer information, but shows address changes, a new card request, and unusual transactions.
What is Account Takeover?
This fraud pattern includes building account history, inflating balances, then withdrawing funds and disappearing.
What is bust-out fraud lifecycle?
High-risk transactions like gift cards, casinos, and quasi-cash merchants are indicators of this fraud type.
What is Identity Theft fraud activity?
A business account shows a sudden shift in payees and transaction patterns, but the customer denies issuing the checks.
What is Third Party Fraud (account compromise)?
Reluctance or inconsistent stories from a customer may indicate this fraud type.
What is familiar fraud? EVAFE
A fraudster uses stolen identity information to open a new checking account and deposit fraudulent checks.
What is Identity Theft (new account fraud)?
A customer deposits multiple large checks, immediately withdraws most of the funds, and the checks later return unpaid. When contacted, the customer confirms they made the deposits but says they “thought the checks were good.”
What is First Party Fraud / Bust-Out behavior?
A business account has Positive Pay active. Altered checks are identified, and the customer confirms they did not issue them. The account has not shown suspicious customer behavior, only compromised check activity.
What is Third Party Fraud / ATO or account compromise?
An account shows repeated bad check deposits followed by withdrawals. The customer confirms they made the deposits but claims they expected the checks to clear.
What is First Party Fraud?
An account shows a recent address change, a rush card request, and then unusual check activity. The customer’s PII still matches, but the activity is out of pattern.
What is possible Account Takeover / TPF risk?
An account shows address changes, login access from a new device, and altered check activity. The customer denies all transactions, but PII fully matches.
What is Account Takeover (not Identity Theft)?