A federal court in California has ordered a Web site to stop e-mailing personal checks without verifying the identity of the check-writers in response to a Federal Trade Commission lawsuit alleging that the practice has resulted in widespread fraud. The action came after brazen crooks used the Qchex Web site to try to steal from federal agencies, including the FTC itself.
U.S. District Judge William Q. Hayes last week issued a temporary restraining order barring Qchex from e-mailing the checks while the FTC pursues a lawsuit against the San Diego-based company.
In seeking the order, the FTC said it had received over 600 complaints from consumers who say the practice was used to fraudulently withdraw money from their accounts.
The agency said criminals also wrote 20 checks drawn against FTC and Federal Communications Commission bank accounts. Neither the 16 fake checks worth a total of $100,000 written on the FCC accounts nor those drawn on FTC accounts was cashed, so no money was lost, it said.
The company did not immediately respond to requests for comment on the lawsuit.
Site popular with fraud artists
MSNBC.com first warned consumers about Qchex.com more than a year ago. The site offers consumers the ability to register their checking accounts, then send checks via e-mail. But the service quickly became popular with fraud artists who discovered that Qchex didn't verify that its users were the legitimate account holders before giving them the ability to draft checks drawn on an account.
The FTC said most of the complaints it received about Qchex came from businesses defrauded by criminals who paid by a Qchex check that eventually was returned as worthless. Generally, criminals used the fake checks to purchase merchandise online.
While personal checks generally must be signed in order to be valid, federal and state banking regulations contain an exception to the rule that the criminals are exploiting. Known as "demand drafts" or "remotely created checks," the documents look like personal checks but are stamped with a message such as "signature not required."
This enables Qchex users to easily write a fraudulent check if they have the bank routing number and account number that appear on every paper check and deposit slip. A criminal can create a fraudulent check even if the account holder's name and address are incorrect, as long as the bank routing number and account number are accurate, the FTC said.
Qchex victims told the FTC that the company was virtually unreachable, or could only be contacted only through "Herculean persistence." One Utah company complained that 20 Qchex checks were drawn on its business account over several months despite numerous attempts to reach the company by phone and e-mail.
CEO says site not to blame
When MSNBC.com first wrote about Qchex, James Danforth, CEO of the site's parent company, Neovi Data Corp., conceded that some fraud occurs from criminals using the site. But he said the overwhelming number of customers are legitimate and argued that the site is no different from hardware and software that allows consumers to print their own checks at home.
"Anybody could take any check in America and commit fraud," Danforth said. "A check is a very simple document to reproduce."
The site itself acknowledged the threat of illegal use, urging consumers to register their checking account numbers before they are claimed by a criminal.
“Registering your bank accounts with Qchex ensures no one else can set up or access your account numbers on the Qchex system,” it advised in its instructions.
In its motion in support of a temporary restraining order request, the FTC said Qchex still does not adequately verify its users.
"Defendants did not and still do not require a customer requesting those services to demonstrate that he or she has authority to write checks on an identified bank account," it said. "As a result of defendants’ failure to verify their customers’ authority to write checks drawn on identified accounts, defendants have created and delivered numerous bogus checks for fraud operators. ... Anyone could open a Qchex account with any bank account number and Qchex would create and deliver checks for them."
Lack of verification blamed for ‘substantial injury’
The motion says Qchex has refused to add verification procedures to its site, indicating the company has "persisted in their course of conduct, even after being notified repeatedly and from numerous quarters of the substantial injury it causes."
Federal regulators have been eyeing Qchex for some time. In July 2005, the Federal Deposit Insurance Corporation issued a warning to member banks about fraudulent Qchex checks. At the time, Danforth told the FDIC that the site was processing several thousand transactions every week, the FTC complaint says.
In response, Danforth told regulators that Qchex would add a number of systems to improve the site's security. But in its motion, the FTC alleges that those systems had loopholes that were easily abused by criminals.
The federal government also has taken action to tighten rules on demand drafts.
The Federal Reserve last year adopted an amendment to its checks regulations that makes the bank that cashes a demand draft liable for losses if it is fraudulent. Previously the bank that had the account the check was drawn from was liable.
The new regulations went into effect in July and it is not yet clear if the change is stemming fraud using demand drafts.