Federal banking regulators have issued an alert about Qchex.com, a Web site that lets Web users initiate traditional paper check payments through e-mail. The alert follows an MSNBC.com story in May chronicling complaints about fraudsters using the service.
At Qchex.com, visitors can create checks that draw funds from nearly anyone's checking account -- as long as the user has the correct bank routing number and checking account number. Those numbers are found on the bottom of every check.
In its terms of service, Qchex says it does not attempt to verify the identity of its users.
"Several financial institutions, retailers and consumers have reported receiving fraudulent checks issued via Qchex.com," the alert, issued Tuesday by the FDIC, says. The alert is titled "Fraudulent Checks Created Using Qchex.com."
"Financial institutions should be aware that some, but not all, checks created using this service may be fraudulent," it says.
Michael Benardo, manager of the Cyberfraud and Financial Crimes Section at the FDIC, said the alert was issued because there has been a steady increase in complaints about the service. But he said Qchex is used for legitimate check payments, too.
The agency plans to take no action against San Diego-based Qchex, he said. "We don't have any authority over the company because they are not a bank...they are not claiming to be a bank," he said.
The FDIC alert was sent specifically to bank executives, so they can be on the lookout for check fraud trends. But the alert is also public information and posted on the agency's Web site.
Qchex COO James Danforth, who said he was on vaction in France when reached on a cell phone, said he hadn't seen the alert and wasn't prepared to comment on it. But he defended the company's practices, saying any would-be criminal with a laser printer or Internet access could do what criminals are doing on his Web site -- print up fraudulent checks using account numbers and routing numbers.
"It's pretty easy to point the finger at Qchex because we are right there in front of everybody," he said. "But if you point the finger at us you need to point fingers at Hewlett-Packard for providing a printer, and at America Online for providing an Internet connection."
He declined to offer addition comment until he had seen the alert.
Sign up before a criminal does
Melissa Ramont, vice president of operations at the San Diego Better Business Bureau, said that while it appears Qchex is not doing anything illegal, the Web site is facilitating fraud.
"Qchex is just making it too easy for this fraud to occur," she said. The agency has received 88 complaints against Qchex in the last three years, 17 in the last two months. The agency will soon issue its own warning about Qchex, she said.
On its Web site, Qchex says it does not verify account holders, and in fact, the site urges consumers to register their checking account numbers before they are claimed by a criminal.
“Registering your bank accounts with Qchex ensures no one else can setup or access your account numbers on the Qchex system,” the site advises in its instructions.
Qchex payments are often as part of fraudulent schemes involving online auction sales, Ramont said. Auction winners who are criminals sign up with anonymous e-mail addresses, then send the Qchex checks as payment. Many sellers cash the checks and send the winnings, only to find out later the checks are bogus, and their goods have been stolen, Ramont said.
"If you are selling online, look out for checks from this company," Ramont said.
Demand drafts can be tricky
Qchex-issued fraudulent checks are tricky for consumers to spot and handle because they utilize a little-known check format known as a demand draft. The checks require no signature, and instead often are stamped "signature not required" in the signature area. Banks generally cash the checks and deposit funds into the depositors' accounts, but can then take weeks to determine if the check is fraudulent. At that point, the bank can remove the funds from a victim's account.
"We want to alert people that before they cash a check that they receive from this company to have the funds verified before they cash it," Ramont said. "That's the only way anybody will be able to determine whether or not the check is good."
Demand drafts, also known as "remotely created checks," have become such an attractive target for criminals of late that the Federal Reserve in February proposed a new set of rules to govern them. And the National Association of Attorneys General in April called on the Fed to place an outright ban on demand drafts, citing increased fraud.
"The fact that a stranger can pull money out of a person's bank account using only the numbers at the bottom of his or her check is not commonly understood," the group wrote to the Fed, commenting on the proposed rules change. "Complaints about unauthorized bank debits are believed to be grossly underreported, perhaps because of the lack of public awareness of this type of bank account vulnerability."
Mary McNamara, who runs Urban Age Institute in California, said she received $10,000 worth of fraudulent Qchex checks in early May. She said she didn't cash the checks.
But Pete Larson told MSNBC.com a criminal used Qchex to bleed his checking account.
"Someone has stolen my checking account number and routing number and has set up a Qchex account under my name. I have been calling ever since I received a letter from Qchex telling me I had an account set up. I called all day yesterday and even faxed a message requesting a call back," Larson wrote in his complaint to the firm. "They stole $1,800 ... and tried to cash 5-6 more checks yesterday. I was charged $35 for each of the 6 checks that did not clear last night. I have had to close my checking account and have lost 2 days of work taking care of this."
Larson says he received a form letter from Qchex telling him to contact his local police department.
"You know your system is faulty and you continue to turn a blind eye while criminals use your so-called secure system as a tool to rob people blind," Larson replied.
Bob Sullivan is author of Your Evil Twin: Behind the Identity Theft Epidemic