Check Fraud: It's Time to Jettison Price v. Neal
Check fraud has been on the rise, even as check usage continues to decline. There's lots of different types of check fraud, however. Sometimes it's as simple as a thief stealing a blank check, filing it in, and forging the drawer's signature. Sometimes a legitimate check is intercepted in the mail, and the payee's name (and maybe amount) get washed off and replaced by that of the fraudster or a friendly party. Sometimes a legitimate check is copied—while in transmission or even after receipt and possibly even after deposit—but with the payee then changed prior to deposit. And once a check has been copied once, it can be copied multiple times, and each copy can be deposited (and possibly deposited multiple times with remote deposit capture). It can be hard to figure out how the fraud happened, however, as the payor bank often doesn't receive a paper (or at least the original paper) check. Instead, the payor bank might simply be presented with an image of the check or perhaps a paper reconversion of an image of the deposited check. And with remote deposit capture, the depositary bank might itself not have a paper check.
The problem this variety of fraud creates is that it makes it hard to know which legal rule should apply, and the uncertainty of legal rules might reduce banks' incentive to take care to protect against fraud.
In contrast, if anything else is off about the check—there's a forged indorsement or altered payee or amount—then the bank of deposit is liable under its presentment warranty. Thus, if the original check is intercepted in the mail and the fraudster alters the payee's name, the depositary bank is liable, but if the original check is intercepted in the mail and copied and the change occurs only on the copy, the payor bank is liable, as the drawer did not actually authorize the copied check, only the original, and the changed version is not an "alteration" for UCC purposes.
This leads to the rather ridiculous situation in which a fraudster intercepts a check, alters it to change the payee, and copies it and changes the payee on the copy, and then deposits both checks. The depositary bank is liable on one check and the payor ban on the other. At this point the logic behind Price v. Neal really breaks down.
There are a few different readings of Price v. Neal, neatly summarized by Dean Ames (this is from the halcyon days when Harvard Law Review used to publish work with actual practical significance, like doctrinal explorations of commercial law). Ames' explanation—and it's got good textual support in Lord Mansfield decision—is that the logic of the case is that as between equally innocent parties, the loss is better placed on the party that does not hold legal title to the instrument. I don't find this very convincing because there's really no reason we should care that the depositary bank paid to acquire title to the forged instrument--it's still a forged instrument.
The alternative logic is that a payor bank is negligent when it pays on a forged signature because it should know its depositors' signatures. Lord Mansfield never addresses this theory directly, however, and Ames rightly points out that the payor bank might not have been negligent. Signatures are not static over a person's lifetime and depend on conditions. They're also relatively easy to forge. When we add in modern copying technology and image exchange, it gets much worse. In the example of an altered original and a copy of the original with an alteration both being deposited, there's no really way for the payor bank to detect the fraud. The signature on both of the checks is the same identical signature, only one is a real signature of the drawer and the other is a copy. Unless the payor bank lines up the signatures and sees that they are perfectly identical (which they should not be), there'd be no way to know that one is a copy, and even then, it might be hard to know which is the copy and which the original. In any case, Price v. Neal isn't a negligence rule (as Ames describes it), but a strict liability rule.
Yet, I think there's something more going on than Ames admits. My sense is that the law developed in these areas in the context of instruments other than checks, and checks are fundamentally different. The key case for the adoption of Price v. Neal in the US is Bank of the US v. Bank of Georgia, a federal common law decision by Justice Story. Bank of the United States dealt with payment on forged bank notes, and there's good reason to think that a bank should able to tell if what purports to be its own note is authentic. As the Supreme Court noted, banks regularly put in security devices known only to them to be able to identify which notes were real.
This logic would seem to apply to the bill of exchange in Price v. Neal. The drawer of a BEX has a relationship with the payor, and they could have agreed to particular security devices (e.g., the "i" in the signature would always be double dotted). In both instances—bank notes and bills of exchange—the payor would be dealing with either its own notes or the drafts of a very small number of drawers, such that it could have security procedures in place. This logic doesn't really extend to checks (a later invention), however. Banks today have millions of customers and the checks are not even produced by the banks, but by third parties, so there really isn't the ability to implement security devices. But even if there were, it's hard to see how it would help if the problem is that a real check has been copied and the payee name changed. That's a type of fraud that just wasn't so feasible 200 years ago.
There seems an easy solution for this mess: the UCC should be revised to jettison Price v. Neal by changing the presentment warranty to warranty the authenticity of the drawer's signature. We've already junked Price v Neal in the ACH context, where NACHA rules require that the ODFI warrants that the ACH entry has been authorized by the Receiver. So if the check is converted to ACH, there's a shift in the legal rule and the depositary bank, rather than the payor bank, is on the hook for an unauthorized payment. Why not have the same darn rule for the original paper check, especially in an age where check information is often being sent electronically, just like ACH entries.
Shifting all check fraud loss to the depositary bank might seem unfair: the depositary bank has no way of knowing if the drawer's signature is legitimate. But the depositary bank does have a way of knowing who its customers are and monitoring their account behavior. It can see if there's a pattern of fraudulent checks being deposited, for example, and it can cut off the customer if there's a pattern of fraud, the same way a credit card issuer would or if there were a high ACH return rate. Now shutting down accounts is an after-the-fact solution that doesn't remedy the preceding frauds. But there's a fix for that as well: investigation of customers more carefully before they open accounts. There are consumer reporting services that will flag whether a customer has been a check fraud problem in the past. I don't know how frequently such services are used, and there are always false positive concerns with such products, but if all banks were using them, fraudsters would find it hard to access the financial system.
Changing the UCC Article 4 rule to make the depositary bank liable for all check fraud would simplify consumers' lives by making it easy for their banks to recredit their accounts—it's now the depositary bank's problem if there's an allegation that the payment was unauthorized—and would create a real impetus for depositary banks to be much more careful in monitoring their customers.
Pamela
Foohey
Anna
Gelpern
Mitu
Gulati
Melissa Jacoby
Dalié
Jiménez
Jason
Kilborn
Bob Lawless (blog admin)
Adam
Levitin
Stephen Lubben
Nathalie Martin
John
Pottow
Mark Weidemaier
Jay
Westbrook
Alan
White
Thank you for a nice overview on the legal background behind check fraud regulatory responsibility.
As for the solution: it seems odd that banks cannot employ similar tactics as is used by the credit card companies.
Specifically - they trace different individual fraud acts to home in on who/where they are occurring. From there, it is much easier to identify the source of the problem rather than attempt to redress every individual fraud act committed from a location or by a person/group.
Among other things - banks should be doing the following:
1) Capturing device, GPS/cell tower location, mobile apps ID and other information from all virtual deposits. This is actually far more detailed information than what credit card companies get.
2) The banks should be setting up a mutual system where fraudulent checks - the above information and some form of protected PII identifiers for both source of funds victim and depositor/issuer of checks is accessible.
3) With the above information, the aforementioned aggregation methods used by credit card companies plus some form of public and/or private investigation and criminal prosecution capability, the end result would be a vastly increased likelihood of identification and prosecution of organized check fraud. And this in turn will both deter and reduce successful check fraud.
It seems the numbers justify this. The ABA says check fraud is $24B; credit card fraud in contrast was less than $6B in the US in 2021 albeit with a far, far larger amount of money in movement (I am pretty sure).
Posted by: c1ue | December 18, 2023 at 08:52 AM
On a related matter. Why is NOT the party that buys a property from a Title Fraudster out of luck rather that the actual property owner?
Posted by: Greg Daneke | December 18, 2023 at 12:45 PM
Greg--there are two separate types of bad title here: fake drawer's signature and fake indorsements. The buyer is out of luck on the fake drawer's signature, but not on the fake indorsements because there are statutory warranties about the indorsements. The rule about the drawer's signature is the anomaly.
c1ue makes a very nice point about RDC data. The problem, I suspect, is a technology cost issue. There are ~6000 banks and credit unions in the US, most of which are quite small and without the ability to fund the fraud detection systems that a big bank can. Contrast this with payment cards--most credit cards are issued by around 10 banks, and MC/V themselves have some anti-fraud safeguards. Maybe there's a business to be had providing check fraud detection to smaller banks....
Posted by: Adam Levitin | December 18, 2023 at 12:56 PM
Re: cost
The cost for running such an anti-fraud operation is not insignificant for any individual bank - but the real value is having a central association doing this type of work. Unless check fraud is largely a local phenomenon, I also have doubts whether such activity even makes sense for any small or even regional bank. I have doubts as to whether fraudsters are targeting specific banks?
From a business perspective - the model that (to me) makes sense would be a nominal membership fee plus a "usage" fee to reflect disproportionate fraud activity, presuming this is actually true.
The actual overall cost is not high at all these days though. We're not talking about rocket science - the work involves putting fraud activity into a database and running very simple, specific tracing activities then activating law enforcement and/or civil action.
Credit card companies do spend a lot more but that is at least partly because there are many large, organized online gangs that are really only prosecutable via public/private task forces. The tracing aspects work very well to identify "retail" fraud as in a person at a large box store "double swiping" a credit card but cannot work well for things like insider jobs or extremely sophisticated technological attack vectors. I've been involved from the cybersecurity side in such activity hence my familiarity with the process, although my work in those instances revolved around bank account compromises.
Posted by: c1ue | December 21, 2023 at 02:52 AM