Obviously, the employees in the best position to intercept signed cheques are those whose duties include the handling and delivery of signed cheques. The most obvious example is a mailroom employee who opens outgoing mail containing signed cheques and steals the cheques. Other personnel who have access to outgoing cheques might include accounts payable employees, payroll clerks, and secretaries.

Chart : Forged Endorsement Schemes

cheque fraud


Unfortunately, employees are often able to intercept signed cheques because of poor internal controls. For instance, many employees simply find signed cheques left unattended in the work areas of the individuals who signed them or the people charged with their delivery. In these cases it is easy for the perpetrator to steal the cheque. Another common breakdown occurs when the person who prepares a cheque is also involved in the delivery of that cheque once it has been signed.


A high-level manager with authority to disburse employee benefits instructed accounts payable personnel to return signed benefits cheques to him instead of immediately delivering them  to  their  intended  recipients.  These  instructions  were  not  questioned  due  to  the manager’s level of authority within the company. The perpetrator simply took the cheques that were returned to him and deposited them into his personal bank account, forging the endorsements of the intended payees.

In addition to the preceding example, secretaries or clerks who prepare cheques for their bosses to sign are often responsible for mailing those cheques. It is very simple for those employees to make out a fraudulent cheque and obtain a signature, knowing that the boss will give the signed cheque right back to them. This scheme is indicative of the key problem with occupational fraud: trust. For an office to run efficiently, high-level employees must be able to rely on their subordinates. Yet this reliance is precisely what puts subordinates in a position to defraud their employer.

Theft of Returned Cheques

Cheques that have been mailed and are later returned to the victim for some reason, such as an incorrect address, are often targeted for theft by fraudsters. Employees with access to incoming mail are able to intercept these returned cheques and convert them by forging the intended payee’s endorsement.

RELATED:  Cheque Tampering Frauds – Part 3


A manager took and converted approximately $130,000 worth of cheques that were returned due to noncurrent addresses (he also stole outgoing cheques, cashed them, and then declared them lost). The fraudster was well known at his bank and was able to convert the cheques by claiming that he was doing it as a favour for the real payees, who were “too busy to come to the bank.” The fraudster was able to continue with his scheme because the nature of his company’s business was such that the recipients of the misdelivered cheques were often not aware that the victim company owed them money. Therefore, they did not complain when their cheques failed to arrive. In addition, the perpetrator had complete control over the bank reconciliation, so he could issue new cheques to those payees who did complain and then “force” the reconciliation, making it appear that the bank balance and book balance matched when they actually did not.

Re-Routing the Delivery of Cheques

Employees might also misappropriate signed cheques by altering the addresses to which those cheques are mailed. These perpetrators usually replace the payee’s legitimate address with an address where the employee can retrieve the cheque, such as the employee’s home or a PO Box the employee controls. In other instances, the perpetrator might purposely misaddress a cheque so that it will be returned as undeliverable. The employee steals the cheque after it is returned to the victim organisation. Obviously, proper separation of duties should preclude anyone who prepares disbursements from being involved in their delivery. Nevertheless, the person who prepares a cheque is often allowed to address and mail it as well. In some instances where proper controls are in place, employees are still able to cause the misdelivery of cheques.


A clerk in the customer service department of a mortgage company was in charge of changing the mailing addresses of property owners. She was assigned a password that gave her access to make these changes. The clerk was transferred to a new department where one of her duties was the issuance of cheques to property owners. Unfortunately, her supervisor forgot to cancel her old password. When the clerk realised this oversight, she would request a cheque for a certain property owner and then sign onto the system with her old password and change the address of that property owner. The cheque would be sent to her. The next day the employee would use her old password to re-enter the system and replace the proper address so that there would be no record of where the cheque had been sent. This fraudster’s scheme resulted in a loss of over $250,000 to the victim company.

Converting the Stolen Cheque

RELATED:  Fraudulent Cash Disbursements

Once a cheque has been intercepted, the perpetrator can cash it by forging the payee’s signature, hence the term forged endorsement scheme. Depending on where he tries to cash the cheque, the perpetrator may or may not need fake identification at this stage. If a perpetrator is required to produce identification to cash his stolen cheque, and if he does not have a fake ID in the payee’s name, he might use a dual endorsement to cash or deposit the cheque. In other words, the perpetrator forges the payee’s signature as though the payee had transferred the cheque to him, and then the perpetrator endorses the cheque in his own name and converts it. When the bank statement is reconciled, dual endorsements on cheques should always raise suspicions, particularly when the second signer is a company employee.

Altered Payee Schemes

The second type of intercepted cheque scheme is the altered payee scheme. This is a form of cheque tampering in which an employee intercepts a company cheque intended for a third party and alters the payee designation so that the employee or an accomplice can convert the cheque. (See the “Altered Payee Schemes” flowchart.) The employee inserts his own name, the accomplice’s name, or a fictitious entity’s name on the cheque’s payee line. The alteration essentially makes the cheque payable to the employee (or an accomplice), so there is no need to forge an endorsement and no need to obtain false identification.

Altering Cheques Prepared by Others: Inserting a New Payee

The method used to alter the payee designation on a cheque depends largely on how that cheque is prepared and intercepted. (Incidentally, the amount of the cheque might also be altered at the same time and by the same method as the payee designation.) Cheques prepared by others can be intercepted by any of the methods discussed in the forged endorsements section. When the perpetrator intercepts a cheque that has been prepared by someone else, there are basically two methods that can be employed to change the payee. The first is to insert the false payee’s name in place of the true payee’s. The true name might be scratched out with a pen or covered up with correction fluid. Another name is then entered on the payee designation line. These kinds of alterations are usually simple to detect.

RELATED:  Cheque Tampering Frauds – Part 4

A more sophisticated method occurs when the fraud perpetrator enters the accounts payable system and changes the payees’ names before cheques are generated. Anyone with a password that permits access to the accounts payable address file can accomplish this.

Chart: Altered Payee Schemes

cheque fraud


An accounts payable employee was so trusted that her manager allowed her to use his computer password in his absence. The password permitted access to the accounts payable address file. This employee waited until the manager was absent and then selected a legitimate vendor with whom her company did a lot of business. She held up the vendor’s invoices for the day and used the manager’s log-in code to change the vendor name and address to that of a fictitious company after work. The new name and address were run through the accounts payable cycle with an old invoice number, causing a fraudulent cheque to be issued. The victim company had an automated duplicate invoice test, but the perpetrator circumvented it substituting “1” for “I” and “0” (zero) for capital “O.” The next day, the employee would replace the true vendor’s name and address and manipulate the cheque register so that the cheque payable to the fictitious vendor was concealed. Approximately $300,000 in false cheques was issued using this method.

Cheque Tampering Frauds – Part 2
Tagged on:

Leave a Reply

Your email address will not be published. Required fields are marked *

Read previous post:
Cheque Tampering Frauds – Part 1

Cheque tampering is unique among the fraudulent disbursement schemes because it is the one group in which the perpetrator physically...