[Cryptography] Paper check security

[Arnold Reinhold]

There has been a lot of discussion here about credit card security and the strengths and weaknesses of the newly required in the U.S. EMV chip. (e.g the thread "Insecure Chip 'n' PIN starts tomorrow"). But I haven’t heard anything at all about the security of paper checks. Banks now allow such checks to be deposited by scanning them or even photographing them with a smart phone. This defeats more than a century of inventions designed to make paper checks unforgeable.  It also increases the likelihood that recipients of your checks will keep them on file for long periods and/or dispose of them insecurely, allowing others to get at your bank account numbers and other information needed to Photoshop a phony deposit.

It would seem easy to create a cryptographic authenticator that makes each blank check unique. It could be a hash of the account number, check number and a secret held by the bank or check printing company. A public key signature would be better, of course, since it could be verified by anyone. The authenticator could be printed on the check as text or as a 1-D or 2-D bar code. The best case would be for the bank processing a deposit to verify the authenticator, but just having it big enough to be readable in a scan would allow the account holder to challenge a phony deposit by showing the authenticator was used twice. Of course getting the banking community to agree on anything is a long, difficult process, but a similar feature could be included in accounting packages that print checks, in which case the authenticator could verify the payee and amount as well. 

Arnold Reinhold