Business: Financial: Banking
More secure checks   (+1, -2)  [vote for, against]
Don't print the account number

Instead of printing your account number of every check, the bank should instead print the result of a cryptographic calculation that depends on both your account number (perhaps your "public" one which is normally deposit-only), the sequence number of the check, and a nonce. This means that each check will have a different number on it.

Bank clerks will be able to verify the authenticity of each check by running it through the same kind of optical character reader that they use today. This will enable them to detect forged checks (though not verify the monetary amount), and presumably they can already detect attempts to cash a check with the same sequence number multiple times.

This system makes impossible the existing forgery technique of changing the sequence number. It also enables you to write checks without giving away the account number that you use to make withdrawals and electronic transfers. But it still associates the check with a specific account in a machine-readable way.
-- beland, Sep 27 2003

But no one forges cheques - they just steal chequebooks.
-- hippo, Sep 28 2003


Nuancense. - The algorithm will be cracked immediately.
-- Shz, Sep 28 2003


Indeed, as Shz says, relying on an encryption algorithm alone would not be enough. You could, however, give every cheque a bank + cheque number (ie, remove the account_number), the only way of getting the account number would be to look up the cheque number in the bank's list of cheques to find the corresponding account. If numbers would be assigned randomly to cheques from this list, it would be tough to guess a number.
-- Rcomian, Sep 28 2003


I was thinking that there should be a secret key, so that even if the algorithm were public, the numbers could not be forged. But of course a look-up table would be even more secure. Either way, it would raise the bar from being a casual Photoshop fraud artist to someone with some amount of cracking computing power.

Someone whispers in my ear that people at least used to forge checks. Corporate checks, that is. (A la *Catch Me if You Can*)
-- beland, Sep 28 2003


Hmm... I just thought of essentially this idea and figured I should search before posting.

To allow the new checks to work within the existing infrastructure, I would create one new account number for each account (so it each account would have two numbers). These two numbers would bear no numerical relationship to each other, but would be cross-linked at the account holder's institution. Let's suppose the first account number is 123456789 and the second is 654321. The providing institution would also keep a secret key for each account holder.

The holder of the account would receive from his financial institution a few "ACH signup" slips for use setting up automated deposits; those would have account number 123456789. All of the person's normal checks would have a printed account number consisting of his own secondary account number 654321 concatenated with a hash of the check number encrypted with his account's private key (for a total length of 12 digits or so--I'm not sure what the maximum is).

As far as any of the intermediate institutions are concerned, check #123 would look like it was drawn against account #654321935452 (or whatever). They wouldn't care what significance that account had. The issuing institution, though, could look up the private key for the account, hash the check number (123), and confirm that it hashed out to 935452 when encrypted with the proper key.
-- supercat, Dec 05 2007


//presumably they can already detect attempts to cash a check with the same sequence number multiple times//

You have a touching faith in the banking system. Banks will cash any cheque you present them with. The only checking that they do is to confirm, if possible, with the issuer that the details on particularly large payments are correct.

//But no one forges cheques - they just steal chequebooks//

Normally what they do is try to alter the amount on a legitimate cheque that they've been sent or make fraudulaent use of cheque books that their employer has issued them with.
-- DrBob, Dec 05 2007


Pastry. If the nonce were sufficiently large, it should certainly make the algorithm secure until checks become obsolete.
-- ed, Dec 05 2007



random, halfbakery