Check fraud statistics every business should know
If your company still writes checks, the data says you are a target. For more than a decade, surveys of corporate finance teams have put paper checks at the top of the fraud list, ahead of wire transfers, ACH, and cards. The numbers below come from the Association for Financial Professionals (AFP) annual Payments Fraud and Control Survey and from the Financial Crimes Enforcement Network (FinCEN). We have kept the figures to what those sources actually report, and we link them at the bottom so you can check the originals.
The headline numbers
The AFP survey is the most widely cited source on business payments fraud. It polls treasury and finance professionals each January about the year that just ended. Three recent editions tell a consistent story:
- 2024 activity (2025 survey, 521 respondents): 79% of organizations were hit by attempted or actual payments fraud. Checks were the payment method most often targeted, at 63%.
- 2023 activity (2024 survey): 80% of organizations reported payments fraud, with checks targeted at 65%.
- 2025 activity (2026 survey): 76% reported payments fraud, and checks were again the most-compromised method at 58%.
Read those together and two things stand out. First, the overall rate of payments fraud has drifted down slightly from its 2023 peak. Second, checks have held the No. 1 spot the entire time. Even at 58%, paper checks were attacked more often than any other payment type in the most recent survey.
The longer trend: SAR filings roughly doubled
Survey responses capture how many companies were targeted. To see the raw volume of activity, look at Suspicious Activity Reports (SARs), the reports banks file with FinCEN when they spot likely fraud. In a February 2023 alert, FinCEN reported that financial institutions filed more than 350,000 check-fraud SARs in 2021, a 23% increase over 2020. In 2022 that figure climbed to more than 680,000, nearly double the prior year.
A near-doubling of check-fraud reports in a single year is the kind of jump that drove banks to push positive pay harder and prompted the FinCEN and U.S. Postal Inspection Service alerts on mail-theft check fraud. Stolen checks get "washed" (the payee and amount chemically removed and rewritten) or counterfeited, then deposited before the issuer notices.
Why checks stay the top target
The obvious question is why criminals keep going after a payment type that feels old-fashioned. A few reasons:
- Checks expose a lot of data. A single check shows your account number, routing number, an authorized signature, and the bank's address. Nothing else in business payments hands over that much usable information on a piece of paper that travels through the mail.
- Businesses are not leaving checks. In the AFP data, around 91% of organizations still used checks, and more than 75% reported no plans to cut check usage in the next two years. As long as checks circulate in volume, they remain worth stealing.
- Recovery is getting harder. In the 2025 survey, only 22% of organizations recovered 75% or more of the funds they lost to payments fraud, down sharply from 41% the year before. Prevention matters more when clawing money back is the exception, not the rule.
What actually moves the needle: positive pay
Most of the fraud above is caught (or missed) at one control point: positive pay. You send your bank a file listing every check you issued, with the check number, amount, date, and often the payee. When a check hits your account, the bank matches it against your list. Anything that does not match, a number you never issued or an amount that was altered, gets flagged before it clears.
It is the single most effective defense against altered and counterfeit checks, because it does not rely on a teller eyeballing a signature. The catch is that you have to produce that issue file in your bank's exact format, and accounting software is often no help here. QuickBooks, for example, does not export a positive pay file natively. That gap is why teams end up reformatting registers by hand or buying a converter.
How PositivePayMaker fits
PositivePayMaker is a free, browser-based tool that turns your check register (CSV or Excel) into the positive pay file your bank expects. It runs entirely in your browser, so your check data never gets uploaded anywhere. It ships with 11 bank layouts, a custom format builder for any spec your bank hands you, and a file validator to catch formatting errors before you submit.
If you process a high volume across many entities, a paid desktop product may earn its keep. Big Red Consulting's PositivePay File Creator runs about $119 the first year, then $99 a year, and is Windows-only. Treasury Software's Bank Positive Pay is an installed Windows app priced roughly $29.95 to $89.95 per month with 350-plus prebuilt layouts. For a small or mid-size business that just needs a clean file for one or two banks, a free client-side tool usually covers it.
One step you should not skip
Whatever you use to generate the file, send a test file to your bank and confirm it imports cleanly before you rely on it. Banks differ on field order, date formats, header and trailer records, and how they encode voids. A file that looks right can still be rejected over a single column. Verify the first one with your treasury contact, then make it routine.
For the mechanics of building and submitting the file, see our QuickBooks positive pay guide and the positive pay file format reference.