Risk alert: Large-dollar fraudulently funded IRA accounts

Credit unions are experiencing attempts by fraudsters to open IRAs with large-dollar fraudulent cashier’s checks, according to the latest CUNA Mutual Group risk alert.

The objective is to get the account open, deposit the fraudulent check, and then immediately withdraw the funds before the check is returned. The fraudsters often fabricate a story for why they need the funds.

The risk alert states that fraudulent large-dollar checks — reportedly up to $165,000 — are being mailed directly to the credit union branch or the credit union’s IRA department. The fraudulent IRA rollover checks usually have “IRA, IRA Contribution, or IRA Rollover” entered in the memo line. The fraudulent checks are made payable to “for benefit of” the member, and some may also be made payable directly to the member.

Risk mitigation for credit unions:

  • Place extended holds on checks deposited to IRA accounts.
  • Prohibit staff from withdrawing funds from new IRA accounts until investigating deposits to the account.
  • Train staff to be suspicious of withdrawals from recently opened IRA accounts and other accounts that have early withdrawal penalties with recent large check deposits.
  • Send an item for collection and do not give availability to the funds until payment is received from the drawee bank.
  • Use third-party automated risk tools to detect potential fraudulent checks.
  • Determine whether policies and procedures need updating for handling IRA account deposits and withdrawals.
  • Understand the member’s liability for deposits of returned items, based on the state’s Uniform Commercial Code, and pursue available recovery from the member.
  • Educate members. Display the FBI Fraud Alert poster to assist in education. It can be challenging to convince members that they might have fallen for a scam and having outside authoritative resources may be helpful.

CUNA Mutual Group’s risk alerts, in addition to additional risk-prevention resources, may be accessed in their Protection Resource Center. Log-in is required.

Leave a Reply