09 June 2013

The Digital Detective, Banking part 2

Continued from last week, where we explained the basics of kiting and how banks work

The Crumpled Kite

As mentioned earlier, kiting isn’t as common as it used to be, partly because of stiff penalties, but also because the time it takes to clear a check with another bank has shrunk from many days– sometimes a couple of weeks– to just a day or two. But when I consulted, I witnessed a kiting scheme that could have fooled financial institutions and their computers almost indefinitely.

A bank in Virginia’s Shenandoah Valley decided to invest its excess computer resources in software development and I contracted as their consultant. It was an odd relationship because they feared me as if they’d hired a gunslinger to guard the vault.

One evening I idled, waiting for computer time; in fact, I was waiting for a new guy to finish the night’s reconciliation run. As I sat tapping my fingers, he called the lead operator over and pointed out a worn, battered check. The lead glanced and dismissed it, saying “Just stick it in an envelope, imprint it, and run it through again.”

“But…” said the new guy hesitantly, aware the lead seemed annoyed he didn’t jump to it. “But, we can’t. I mean, it arrived in a carrier envelope and look, it’s not our routing number. And it's really old.”

Curious, I wandered over and the operations supervisor stepped in, obviously impatient at the delay. He read the check, stared at it, lips moving as he re-read the numbers. He ran his thumb under the date, several months old. Puzzled, he picked up the phone and beeped the operations manager.

It was still early evening when the manager strolled in. He looked at the check and made a phone call. When he hung up, he shrugged and turned to the supervisor, “No matter, we’ll find out in the morning what’s going on.”

But by now, the worn check had captured my curiosity and that of my colleagues. Three of us sat down to figure it out. We discovered a scam, and this is how it worked.

The Endless Kite

cheque numbers

From a common check supply company, our schemer bought checks printed with Frugal Savings & Loan’s name, address, and logo, but with Penury Bank’s routing number. He waltzed into a bank other than Frugal Savings & Loan, cashed his check, and departed without a care in the world.

That evening during the check run, the machine sorted his check into a tray to be delivered to the clearing house. From there on out, the following cycle endlessly repeated:
  1. The check arrives at the clearing house. Its routing number routes the check to Penury Bank & Trust.
  2. During the check run at Penury, the computer accepts the routing number but doesn’t recognize the check’s bogus account number and kicks it into the rejects pocket.
  3. A Penury operator plucks it out of the rejects pocket, notices it bears a Frugal Savings & Loan logo and address on it, and either manually packages it to send directly to Frugal S&L or bundles it to send back to the central clearing house for forwarding to Frugal. Either way, the check winds up at Frugal Savings & Loan.
  4. At Frugal, the MICR reader sees another bank’s routing number, knows that’s wrong, and kicks the check into the rejects pocket. It goes back to the clearing house to repeat the cycle again.
Meanwhile, the bank that cashed the check hasn’t received their money, but neither has the check been denied.

The Kite that Crashed

The cycle eventually broke because constant transit nearly wore out the check and an inexperienced operator questioned why a draft on his bank contained an unfamiliar routing number.

We don’t know how many experienced operators routinely handled the check, seeing the bank name and logo and not the routing number, just as their computers saw the routing number and not the bank name.

Banks (at least at that time) did not have a standardized way of handling a check that forever floated but never cleared. In many cases, the bank software simply left the deposit unresolved with neither the funds transferred nor reserved– it simply stayed on the books, so to speak. In banks that impose holds, their programs might be written to release the hold after a number of days if the check isn’t returned, even if the funds aren’t actually received.

I speculate the scheme might have been harder to detect if non-magnetic digits had been printed over ‘invisible’ MICR ink. In other words, the pigment in MICR ink is for the convenience of people. The computer itself doesn’t use optical recognition (OCR) but senses the microscopic particles in the numbers.

No one’s immune to bunco, not even banks.


  1. That's crazy, Leigh. It could have gone on forever if it hadn't worn out.

  2. THAT is clever. Sounds like the perp knew insider info about banks.

  3. I hope you're saving all this material for stories!

  4. Janice, I have used pieces in a story or two. A main concern is to find a way to make the technical side interesting (or at least not daunting) to non-tech people.

    Anon(s), yes, our bad guy must have known something, but banks have odd habits of plugging big holes but leaving others undone.

  5. Leigh, imagine yourself in a rented apartment with two small children because your house burned down while you were in the hospital two weeks after your husband moved out.

    Someone knocks on the door, and you answer to be informed the man standing there is an FBI agent and he needs you to come to his office to discuss bank embezzlement on your account. You inform him that you've just gotten out of the hospital and aren't allowed to drive. He persuades you and the two boys to ride with him to his office. (That wouldn't have happened these days, but back then, I was young, dumb, and trusting.

    At the FBI office, the younger child proceeds to crawl around on the floor including under the agent's desk.

    Before going to the hospital, I'd paid a baby sitter with a check. At that time, I banked as Frances instead of Fran. The sitter cashed the check at a Seven Eleven store which was robbed that night.

    One of the thiefs went to the highway department and got a replacement driver's license with my name but his picture on it--easy enough back then since Frances/Francis can be used for a male or female.

    They then traveled all over South Carolina making bogus deposits of forged checks. They would do it at the end of the banking day, deposit a thousand dollars or so, and get back a couple hundred in cash.

    This investigation lasted all summer, was a big mess with over $30,000 stolen from my bank.
    The point of this is that back in the old days, it wasn't even necessary to be technical to scam the banks.

  6. That's spooky, Fran. Back in the days when people didn't lock their doors, you could trust but not these days.

    Initially, I was thinking of the scam where someone claims to be an FBI agent who asks you to make a withdrawal to help catch bad guys… except he's the bad guy and swaps your currency.

  7. Gavin Alwin Smith09 June, 2013 21:11

    They say writer what you know, so you assuradly have material.

  8. Leigh, this is great stuff -- more incendiary than my explosives posts, even!

    You got me, last week, because I thought you were going to write about the big hauls made by international organized crime when they lined up folks to draw out of multiple ATM’s world-wide. I’d never even considered this sort of angle before!

    Thanks for the great info.

    And, I too thought Fran was going to tell us about the fake FBI agent scam. Good grief!


  9. As the old saying goes, you can't make this stuff up. Fran - what a thing to go through. (And the back-story doesn't sound too pleasant, either. Although morbidly interesting to this crowd, I'm sure.)

    And banks... well, thieves have always been inventive, and now there's surveillance cameras everywhere (A bank is the last place I'd ever try to physically rob), I'm sure the level of cyber-inventiveness is going to be amazing.

  10. Finally, an explanation that makes sense to me!

  11. This comment has been removed by a blog administrator.


Welcome. Please feel free to comment.

Our corporate secretary is notoriously lax when it comes to comments trapped in the spam folder. It may take Velma a few days to notice, usually after digging in a bottom drawer for a packet of seamed hose, a .38, her flask, or a cigarette.

She’s also sarcastically flip-lipped, but where else can a P.I. find a gal who can wield a candlestick phone, a typewriter, and a gat all at the same time? So bear with us, we value your comment. Once she finishes her Fatima Long Gold.

You can format HTML codes of <b>bold</b>, <i>italics</i>, and links: <a href="https://about.me/SleuthSayers">SleuthSayers</a>