Skip to content

Business Fraud & Identity Theft Protection

Since its founding in 1933, the privacy and safety of our customer’s financial information has remained one of Countybank's top priorities. We are committed to keeping you and your business informed about the most recent scams and identify theft schemes, while providing tips to help keep you financially safe.

Check Washing

What is check washing?

There has been a surge in fraudulent bank account activity, most recently in the form of altered or counterfeit checks. In many cases a form of fraud called “check washing” occurs where criminals steal checks from mailboxes and change the payee’s name on the check.

When you write a check and hand it to an individual or put it in the mail, there is always a risk because you are handing someone your routing and account information.

Mail theft and check fraud are currently a nationwide problem. Business clients are being targeted because they are perceived to have higher balances. The US Postal Service (USPS) has admitted that they are unable to control the check fraud that is occurring in the USPS. In response, they have released a warning, recommending people stop mailing checks.

If a check is lost or stolen, someone could do the following with your account information:

  • Create their own check
  • Change information on the check and deposit it at another financial institution
  • Attempt to cash the check
  • Create an ACH or set up your account to pay their bills

How to Prevent Check Washing

We recommended these best practices to help prevent check washing:

  • Monitor your bank account(s) daily
  • Immediately notify the bank of any discrepancies or fraudulent activity
  • Pay your bills online
  • Don't mail checks; deliver your mail to the post office
  • Use a pen with blue or black non-erasable gel ink when filling out a check
  • Use Countybank’s Positive Pay service

Positive Pay for Businesses

Countybank recommends limiting or eliminating check writing when possible. For businesses that need to issue checks, Countybank recommends its Positive Pay service, which matches the file you upload to checks posted against your account. Positive Pay cross-references the check amount, check number, and check date.

Payee Match Feature

Our Positive Pay service includes a payee match feature that allows for an extra layer of security. Businesses can upload their checks to the platform, and the payee match feature will cross-reference the payee on the file you upload to checks posted against your account.*

*Countybank cannot take responsibility for any potential loss related to the payee match feature if you choose not to enroll in payee match.

Our fraud guide includes additional information on check washing, Positive Pay, and the payee match feature.

Resources

ACH, Wires, and Remote Deposit Capture for Businesses

Countybank recognizes that writing checks is a necessity for some businesses. In these cases we recommend businesses use our ACH or wire processing services when possible in lieu of writing checks.

{beginAccordion}

ACH Best Practices

ACH processing is a safer more cost-effective payment option that gives businesses control of their account information. Checks, by contrast, can cost businesses on a per check basis, in addition to the time and risk of lost or stolen funds.

  • Implement dual control processing for ACH. 
  • Retain an agreement for each employee, vendor, or client that they direct deposit funds to. 
  • Only establish direct draft if there is a true business need.
  • Verify account information by phone if you receive requests to update information through email, fax, or other electronic means. Contact the individual using the phone number(s) on file, not the information provided in email, fax, etc.
  • Verify all requests to send payment by phone call to the client, vendor, or employee. This is especially necessary when an unexpected request is received.

Wires Best Practices

  • Send wire information in an encrypted email communication when communicating wire instructions to another individual. 
  • Verify wire instructions by phone if you receive information through email, fax, or other electronic means. Contacting the client, vendor, or employee using the phone number(s) on file, not information provided in email, fax, etc.
  • Process wires under dual control and set internal limits based on daily need and employee need.
  • Know your customer, client, or vendor. If you don’t recognize an individual or company and aren’t expecting a request, contact your banker before processing the payment. Make sure it is a legitimate request, and verify the account information.

Remote Deposit Capture Best Practices

  • All checks must be endorsed prior to being submitted using remote deposit capture.
  • Retain all checks for 120–140 days after the check has been submitted through remote deposit capture and processed. Countybank may request the original check to aid in the clearing and collection process or to resolve claims by third parties.
  • Retain all information related to the digitization of the check (created by the remote deposit capture) for 7 days. Countybank may request this information for research or resolution purposes.
  • Use a commercially reasonable method to destroy checks after the retention period has expired. Countybank recommends using a cross-shredder. If clients use a shred company, ensure shred containers are locked and require dual control should they need to be accessed.

{endAccordion}

Depositing Checks

Best Practices for You or Your Business

  • Look for signs of a scam or indications the check is fake.
  • Contact the bank that the check is drawn on and ask them to verify funds.
  • Always ask for and verify identification when a customer pays by check.

What to Look For

  • Where is the check from and/or who is the payee?
  • Does the checking account have funds available?
  • Does the check show signs of being a fake document?
  • Does the person who gave the check to you routinely bounce checks?

How To Spot a Fake Check

  • Do not accept checks sent via email, which is a common scam. Countybank does not accept computer screenshots of checks for deposit.
  • Make sure the check is issued by a legitimate bank and doesn’t have a fake bank name. If the check includes the bank’s phone number and address, verify the information is correct.
  • Look for check security features, such as microprinting on the signature line, a security screen on the back of the check, and the words “original document” on the back of the check.
  • Review the check amount. Scammers often write checks for more than the original amount than was intended.
  • Make sure there aren’t any smudges or discoloration on the check, which can indicate the check was altered.

Additional Safeguards

  • Don’t share your login information with others.
  • Don’t store passwords. Instead, try setting passwords to a phrase of words that you can remember. Incorporate capital letters, lowercase letters, numbers, and special characters.
  • Be vigilant when reviewing suspicious emails with links and attachments to help protect against phishing attacks.
  • Do not register your device as an added layer of security. An unregistered device will now require a secure access code with every login.

Consumer Fraud & Identity Theft Protection

Gift Card Scams

How It Works

Gift card scams start with a call, text, email, or social media message. Scammers will say almost anything to get you to buy gift cards — like Google Play, Apple, or Amazon cards — and hand over the card number and PIN codes.

  1. Scammers will say it's urgent
  2. Scammers will tell you which gift card to buy and where
  3. Scammers will ask for the gift card number and PIN

No legitimate business or government agency will ever tell you to buy a gift card to pay them.

Learn more about avoiding and reporting gift card scams.

Phishing Scams 

Don't take the bait!

You've probably heard about identity theft — people stealing other people's personal information to use for illegal purposes. In a new scheme called "phishing," ID thieves trick people into providing their Social Security numbers, financial account numbers, PIN numbers, mothers' maiden names, or other personal information by pretending to be someone they're not. 

Important Reminders

Countybank fraud services will only ask about potential fraudulent activities. They will not ask customers for the following information:

  • Card number
  • Social security number
  • Password
  • Codes that have been texted to a mobile device

When in doubt, contact Countybank directly using one of the following phone numbers.

Countybank Customer Service
864-942-1524
800-726-8689

How does phishing work?

The most common form of phishing is by email. Pretending to be from a legitimate retailer, bank, or government agency, the sender asks to "confirm" your personal information for some made-up reason. Typically, the email contains a link to a phony website that looks just like the real thing. You enter your personal information on the Web site — and send it into the hands of identity thieves. 

Phishers also use the phone to hunt for victims' personal information. Some pose as employers and call or send emails to people who have listed themselves on job search websites. 

Malicious Number Spoofing

Fraudulent phone calls can also come from what appear to be a legitimate phone numbers (i.e., caller ID shows an actual Countybank phone number, but the call is not from Countybank). In some cases the caller may already have the last 4 digits of your card number. Always keep the important reminders listed above in mind, and do not provide personal information such as your card number, social security number, password, or codes. Be wary if the caller texts you information and asks you to click on a link or provide a code.

How can you tell if the person or company who contacted you is legitimate or a con artist?

  • Be suspicious if someone contacts you unexpectedly and asks for your personal information. It's a warning sign that something is "phishy." Legitimate companies and agencies don't operate that way.
  • Don't click on links in emails that ask you to provide personal information. To check whether an email or call is really from the company or agency, contact it directly by phone or online. If you don't have the telephone number, get it from the phone book, directory assistance, or the Internet. Use a search engine to find the official website.
  • Job seekers should also verify the person's identity before providing personal information to someone claiming to be a prospective employer. 

What should you do if you got hooked by a phishing scam?

  • If you provided account numbers, PINs, or passwords to a phisher, notify the companies with which you have those accounts immediately.
  • Put a "fraud alert" on your files at the credit reporting bureaus. For information about how to do that and other advice for ID theft victims, contact the Federal Trade Commission's ID Theft Clearinghouse online or toll-free, (877) 438-4338. The TDD number is (202) 326-2502.
  • Even if you didn't get hooked, you should report phishing to the company or agency that was being impersonated to the National Consumers League's National Fraud Information Center at fraud.org or toll-free at (800) 876-7060. The TDD number is (202) 835-0778.
  • Remember, security tools such as PIN numbers and passwords help keep your transactions safe. Keep them private.

Additional Resources