Tip

Check 21: A classic case of risk

The Check Clearing for the 21st Century Act, or Check 21, will supposedly revolutionize the check-clearing process. It is the most significant change since banks actually started clearing checks. Up to this point, the check process involved the physical transfer of a piece of paper to facilitate the transfer of money. The check was the key piece of necessary information, and the only final proof of the transaction.

Check 21 makes a small but significant change in the process by stating that banks no longer need to retain or return the actual check to the customer. Many people will have a knee-jerk reaction and say that this is unacceptable. The fact of the matter is that it is not. What do you need with all those checks anyway?

Let's face it, online bill-paying already made checks moot. We are conducting a checkless check process. With a check, you usually need to show some form of identification; with a check card it's essentially the same as using a credit card, which typically requires no identification and is accepted almost everywhere. This in itself creates risk.

With online bill pay and check cards, risk increases significantly. Anyone's banking information, which can be obtained through phishing, social engineering, spyware, etc., can be used to clean out an entire bank account. With a check card, usually no identification is required to clean out the account. Paper checks afford far more protection.

However, the reality is that online bill payment and

    Requires Free Membership to View

check cards offer convenience and cost savings that most people apparently believe makes the additional risk of having your account emptied worth it. This doesn't happen very often, and each individual should decide which course of action is best for them.

Check 21 poses other risks. Checks will now probably be destroyed and only electronic images of the checks will be available. The major advantage is that it is a tremendous cost savings to the banks, which hopefully saves us all money. Unfortunately, history shows us the best we can expect is to not have our costs go up. Frankly, few people have need of the hardcopy and it becomes a security risk to have all those checks sitting around your house anyway.

But there are many issues that will come up that are harder to deal with. For example, it eliminates a method of proving fraud, such as seeing and feeling the pen indentations on the check. Maybe this will start to cure people of one of the practices I like least on the Internet: using scanned images of signatures in a signature file. Those scans can be used to forge checks.

I will only say that when I sign books, or otherwise put my signature in a public place, I use a completely different signature than what I use on legal documents. To me, this reduces my exposure to fraud.

Check 21 is a classic case of risk. The benefit of cost savings has been legislated into being the better choice over the security concerns of destroying a key piece of evidence in check fraud and identity theft. I just hope, although I'm pretty sure that it's not the case, that the legislation now makes allowances for individuals defending themselves from check fraud.

In the grand scheme of things, security professionals and the general public can learn from this. With everything we do to implement cost savings, we are likely to be opening ourselves up to some criminal action. Whether or not Check 21 will be better or worse for you personally will depend on whether or not you are personally hit by the inevitable fraud that will occur.

About the author
Ira Winkler, CISSP, CISM, has almost 20 years of experience in the intelligence and security fields, and has consulted to many of the largest corporations in the world. He is also author of the forthcoming book, Spies Among Us.

This was first published in October 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.