Cheque Tampering Detection: Image Forensics for Payee and Amount Changes
Detecting cheque tampering requires image forensics that target payee and amount fields, not just the MICR line. A washed or altered cheque can keep the genuine paper stock, signature, and MICR while the fields that move money are changed. Operations and fraud teams need a detection workflow that treats MICR as one signal among many, cross-checks multiple forensics indicators, and preserves a defensible audit trail.
Why Valid MICR Is Not Enough
MICR identifies routing, account, and cheque number. It does not confirm that the payee or amount is original. Chemically altering a cheque can leave the MICR line intact while the payee name or courtesy/legal amount is removed and rewritten.
A tampered cheque may still show:
- Genuine cheque stock
- Valid MICR encoding
- A real account number
- The original signature
- Security features outside the altered region
Because the MICR read passes, an automated decision that relies on it alone will miss the alteration. The question operations should ask is not "does the MICR line read correctly?" but "do all forensic signals agree, and does the cheque show evidence of alteration in the fields that direct funds?"
The Multi-Signal Detection Model
Tampering detection becomes operationally reliable when each signal feeds a structured review decision rather than a single pass/fail rule.
| Signal | What it can reveal | Evidence to capture |
|---|---|---|
| Image quality | Blur, skew, crop, compression, glare, missing rear image | Quality score, failure reason, capture source |
| Region comparison | Payee or amount area texture differs from surrounding paper/ink | Region crops, feature outputs, confidence |
| RGB/channel analysis | Inconsistent ink behaviour across colour channels | Channel metrics and flagged regions |
| UV or spectral capture | Chemical residue, fluorescence changes, altered fibres | Capture mode, abnormal regions |
| MICR/OCR comparison | Mismatch between magnetic and optical readings | MICR read, OCR read, disagreement reason |
| Legal vs courtesy amount | Written and numeric amounts disagree | Extracted values, confidence, reviewer correction |
| Duplicate checks | Same cheque appears again or through another channel | Match keys, previous presentation, status |
| Manual investigation | Human confirms, rejects, or escalates the flag | Reviewer identity, rationale, final decision |
This is where cheque data extraction and fraud review connect. Extraction produces structured signals; the cheque fraud detection workflow enforces review steps, approval rules, and evidence capture.
Washed Cheques Need Region-Level Review
Washed cheques are especially dangerous because they start as genuine. A fraudster removes ink from the payee or amount area while leaving the MICR line and signature untouched. Detection must isolate the altered region.
A review workflow should compare the questioned region against untouched areas on the same instrument. Operational questions include:
- Does the payee region show different paper texture from the memo or signature area?
- Is the ink density in the courtesy amount inconsistent with surrounding fields?
- Do fibre patterns or fluorescence change around rewritten text?
- Is there evidence of abrasion, chemical residue, or unnatural blank space?
- Does handwriting style differ between the amount, payee, memo, and signature?
ChequeDB routes items with region-level flags to a review queue, preserving region crops, reason codes, and extraction confidence scores. The system does not declare a cheque "definitely washed"; it flags alteration indicators and prevents the item from proceeding without investigation.
Evidence Preservation for Audit Defence
A fraud decision is only as strong as the evidence preserved with it. If the system flags an item but keeps only a final pass/fail result, the audit trail is weak.
For each tampering flag, preserve:
- Original front and rear images
- Crops of questioned regions
- Derived feature outputs
- OCR, ICR, and MICR reads
- Model and rule versions
- Reason codes
- Reviewer actions
- Final disposition
- Link to deposit batch, ERP/payment record, or clearing reference
That evidence must flow into the cheque management record and into an immutable audit trail. Tampering detection is not just about catching the cheque; it is about being able to demonstrate why it was held and what evidence supported the decision.
Operational Prevention Controls Reduce Tampering Risk
Automated detection does not replace basic prevention. Operations teams should maintain controls that reduce the chance of successful tampering:
- Positive pay or payee positive pay where available
- Secure cheque storage and mailing practices
- Filling blank spaces on payee and amount lines
- Using ink that is harder to remove cleanly
- Using cheques with embedded security features that make alteration more visible
- Account monitoring and rapid exception escalation
- Clear internal rules for stale, altered, or suspicious cheques
ChequeDB supports these controls by capturing the item, extracting fields, comparing signals, and routing exceptions through a maker-checker workflow that retains the decision trail.
Choosing a Cheque Tampering Detection System
Finance and bank operations teams should not accept a system that treats a valid MICR line as safety. Instead, evaluate whether the platform combines multi-signal image forensics, configurable review steps, and an audit-ready evidence record.
ChequeDB delivers that combination: front/rear capture, OCR/ICR/MICR extraction, security-feature checks, mismatch detection, duplicate presentment signals, region-level review routing, and an immutable audit trail. The system does not rely on any single signal; it cross-checks each configured forensic indicator and holds the item until it passes a documented review.
For operations, fraud, and compliance teams, that is the defensible standard: detect the suspicious signals, hold the cheque, show the evidence, require the right approval, and keep a complete record of the decision.