Final month, a serious regional financial institution filed swimsuit in opposition to a New York entrepreneur, alleging a check-kiting scheme that processed greater than $72 million in fraudulent checks, leading to $27 million in direct losses. Whereas fee applied sciences
have advanced dramatically, conventional fraud strategies proceed to use basic processes, leading to losses. Test kiting might not generate the headlines of cyber-enabled crimes, nevertheless it stays a fabric threat for establishments.
In 2023, payroll govt Najeeb Khan was sentenced for working a scheme that in the end value banks practically $150 million. For years, he deposited monumental volumes of checks throughout a number of establishments, usually hand-delivered by
courier, with each day totals exceeding $100 million by the tip. The transactions bore little resemblance to the legit money flows of a payroll firm, but the sample continued till one financial institution lastly refused to honor the deposits. The crimson flags have been evident:
repetitive high-volume deposits, persistent discrepancies between collected and ledger balances, and a sample of exercise timed to coincide with posting deadlines. However they weren’t related right into a coherent image till it was too late.
Earlier this yr, Andrew Blassie, an govt vice chairman at a neighborhood financial institution, admitted to a unique variation of the identical tactic. Over the course of a yr, he used 4 private accounts throughout a number of banks to funnel
checks into his establishment, withdrawing practically $2.7 million in funds he knew didn’t exist. What made this case significantly damaging was the within position he performed in concealing it. By eradicating his personal title from suspect-account experiences, he turned off the
very safeguards designed to reveal the scheme. Uncommon overdrafts, repeated inflows from accounts with inadequate funds, and tampered fraud experiences all pointed to misconduct, however insider entry allowed him to override the controls.
These circumstances illustrate that test kiting shouldn’t be confined to a selected period or kind of perpetrator. It has ensnared small enterprise homeowners, senior financial institution executives, and even massive monetary establishments. Every episode reinforces
the identical actuality: when gaps exist in detection and oversight, fraudsters will discover a approach to exploit them.
The lesson is obvious. Know-how has superior, funds have accelerated, and analytics have matured, however test fraud nonetheless finds its means in.
Why Test Kiting Persists
Test kiting works as a result of it exploits the hole between when deposited funds are proven as accessible and when the test is lastly paid. Beneath Regulation CC, at the least $275 of most test deposits have to be accessible the subsequent enterprise
day, and most remaining funds are usually accessible by day two. Deposits at non-proprietary ATMs might be held till the fifth enterprise day. Exception holds apply to massive deposits and new accounts, with present greenback thresholds set at $6,725, and availability
that may lengthen to about seven enterprise days for big deposits and as much as 9 for sure new-account gadgets. Availability shouldn’t be settlement. The paying financial institution usually has till midnight of the subsequent banking day after presentment to pay or return an merchandise below
the UCC. That return window is the float fraudsters attempt to trip, transferring checks amongst accounts and throughout banks so every ledger seems wholesome lengthy sufficient to drag out actual cash.
At scale, the tactic creates layers of liquidity that aren’t money. Many banks select to launch funds sooner than the regulatory minimums as a matter of coverage and customer support. That’s permitted, and it’s common. A coordinated sequence of deposits throughout
a number of accounts, repeated over a couple of days, can produce very massive “accessible” balances whereas the collected steadiness lags. Weekends and holidays lengthen the sensible threat window. Cross-bank presentment and return cycles add extra delay. The sample is straightforward
to explain, but it’s sustained by velocity, symmetry, and repetition till the numbers balloon and the returns arrive.
The Stakes for Banks
Regardless of its lengthy historical past, test kiting stays tough to detect, particularly in its early phases. It’s not often one suspicious transaction, fairly it is a sample of habits that unfolds throughout time and accounts. Fraudsters depend on cross-entity complexity,
transferring funds throughout a number of banks and account varieties to obscure the view. They manipulate timing, benefiting from the float interval between deposit and clearing. The indicators might be refined like rounded quantities, repeated use of counterparty accounts, or deposits
timed excellent to keep away from consideration.
Every establishment implements its insurance policies in barely alternative ways, which makes coordinated detection tougher. Conventional monitoring techniques, designed to flag single anomalies, usually miss the larger image. The result’s that schemes can develop
till the losses are vital to disregard.
Finest Practices for Detecting Test Kiting
To counter this, banks are adopting behavior-based approaches that lower throughout channels and accounts. As an alternative of treating every deposit or withdrawal as a stand-alone occasion, superior techniques consolidate data from ATM, department, cell, and test posting
exercise to construct a unified image of account habits. This makes it potential to detect round fund flows, deposits and withdrawals that mirror one another too neatly, or account exercise whose velocity now not matches its regular profile.
Had such account-level visibility been utilized within the Khan case, the persistent mismatch between collected and ledger balances, coupled with repeated high-value deposits from the identical sources, would have stood out far earlier.
Detection additionally is determined by searching for the best behavioral indicators. Establishments are monitoring transaction velocity, repeated use of the identical counterparties, rounded greenback quantities that counsel artificial fund motion, and sequences of deposits timed inside
hours of one another. On their very own, these patterns might seem innocent, however collectively they’re predictive indicators of test kiting. In Blassie’s case, a mannequin tuned to flag repeated overdrafts linked to cross-bank deposits may have raised considerations, significantly
when the identical names and accounts reappeared in a number of cycles.
To strengthen accuracy and cut back noise, efficient applications use fraud enrichment methods. They tag suspicious time home windows, apply inspection guidelines similar to “three deposits and three withdrawals inside three days,” and weight alerts in order that recurring patterns
are prioritized. In best-in-class applications, associated transactions are consolidated right into a single account-level alert, giving investigators the whole image with out overwhelming them. That is precisely the sort of narrative-level view that might have related
the dots within the Khan matter earlier than losses escalated.
The target is early detection, generally throughout the first month of exercise. Properly-tuned techniques maintain alert charges manageable whereas surfacing the circumstances that matter most. In addition they suppress alerts for trusted accounts, guaranteeing investigators focus consideration
the place it counts. These should not simply theoretical ideas. At NICE Actimize, we have now seen main establishments apply these practices to strengthen defenses, cut back losses, and provides their fraud groups the arrogance to behave earlier.
Regulatory and Compliance Issues
Test Kiting isn’t just a fraud loss quantity, nevertheless it creates a regulatory publicity. Beneath BSA/AML necessities, establishments should file a Suspicious Exercise Report (SAR) inside 30 days of detecting potential fraud, extendable to 60 days if no suspect is
recognized.
The thresholds are clear: any quantity if insider abuse (as within the Blassie case) is concerned, $5,000 or extra if a suspect might be recognized, and $25,000 or extra if no suspect is understood. Most kiting occasions simply exceed these thresholds, making SAR filings unavoidable.
Examiners additionally look to see that SAR narratives clearly describe the behavioral sample, not simply remoted gadgets.
Whereas fashionable information doesn’t get away kiting particularly, earlier FDIC evaluations confirmed that from 1996 to 2000, practically 18,400 SARs have been filed citing test kiting — about 4% of all check-fraud associated filings. As we speak, FinCEN experiences that over 680,000 SARs associated
to test fraud have been filed in 2024 alone, a quantity that reveals the size of ongoing threat even when the kiting subset shouldn’t be individually tracked.
FFIEC steering on retail fee techniques reinforces this expectation. Examiners emphasize that efficient test fraud applications should establish patterns of habits—repeated deposits, persistent collected-versus-ledger steadiness gaps, and strange velocity—not
simply single transactions. Establishments are additionally anticipated to use risk-based exception holds below Reg CC, balancing customer support with security and soundness. Overly liberal availability insurance policies with out compensating monitoring might be flagged throughout exams.
Lastly, kiting exercise usually overlaps with AML typologies. Structuring deposits to handle availability, round fund flows with no financial function, and insider manipulation of experiences can all floor in each fraud and AML monitoring. More and more, regulators
count on fraud and AML groups to share intelligence and coordinate responses. Treating kiting as each a fraud and a compliance threat positions establishments to satisfy their regulatory obligations whereas defending their steadiness sheets.
From Reactive to Proactive
The regulatory image makes clear that kiting is greater than a fraud operations challenge. It’s a compliance accountability, a reporting obligation, and an examination focus. When tens of 1000’s of SARs have traditionally cited kiting, and tons of of 1000’s
extra reference test fraud every year, the sign is unmistakable: it is a systemic threat that calls for sustained consideration.
Based on the Actimize Fraud Insights Report, US Retail 2025 version, test fraud now represents 52 % of all fraud in retail banking. That determine alone reveals why establishments can’t afford to downplay the risk. The current kiting circumstances
illustrate how rapidly publicity can escalate when timing gaps and coverage selections are exploited.
For banks, the message is obvious: fraud doesn’t disappear just because fee techniques modernize. It adapts, it scales, and it checks the seams of oversight. The crucial now’s to behave, assessment funds availability insurance policies, strengthen behavioral monitoring,
and guarantee fraud and AML groups share intelligence fairly than function in silos.
Establishments that take these steps can shut the gaps earlier than they’re exploited. Those who delay won’t simply face monetary losses, they’ll face regulators, examiners, and clients asking why previous schemes have been allowed to succeed once more.