CHEQUE fraud is making a striking comeback in Jamaica, surging to its highest level in five years as banks close loopholes on card fraud and ramp up digital security.

The revival of old-school scams comes as Bank of Jamaica data reveal overall fraud has risen sharply since COVID-19, with Internet banking scams growing nearly ninefold since 2019, the BOJ outlined in its Financial Stability Report 2024.

While card fraud — debit and credit — still dominates at 56 per cent of cases, the BOJ warns financial institutions must now combat both old-school scams and prepare for a new era of cybercrime, with artificial intelligence (AI) expected to fuel more sophisticated attacks on the nation’s banking system.

“Fraudsters [are] starting to realise that it’s getting harder to do the cloning of the debit card, because of the chip and pin, so they have gone back old school [perpetrating more cheque fraud],” Jide Lewis, deputy governor of the Bank of Jamaica with responsibility for the financial institutions supervisory division, told the Jamaica Observer in an interview Tuesday.

Cheque fraud skyrocketed to $401 million in the year to March 2023 — a fivefold increase — making it the second-largest source of losses after credit card fraud. Previously marginal, cheque fraud now accounts for nearly $1 in every $4 lost to scams.

Audrey Tugwell Henry, CEO of Scotia Group Jamaica, acknowledged the risks at a recent shareholders’ meeting.

“We do issue cheques, but I can tell you that cheque acceptance in Jamaica is very low… There is very, very low demand from our clients for chequing accounts. Also, at the industry level, we are examining the matter of cheque issuance due to the high rate of fraud,” Tugwell Henry, who is also president of the Jamaica Bankers Association, pointed out. Her reference to the “industry level” reveals discussions among banks about issuing cheques due to fraud and low usage.

The escalation in losses is however not only limited to cheque fraud. BOJ data reveal a dramatic increase in annual fraud amounts reported by the banking sector for the period ending March 2023, with total fraud surging to $1.73 billion — nearly double the pre-pandemic peak in 2019. This spike is overwhelmingly driven by digital channels, particularly credit and debit card fraud, along with Internet banking fraud — which together now account for approximately $7 of every $10 of total fraud losses in Jamaica’s banking sector. Specifically, credit card fraud show that losses reached $658 million, debit card fraud $305 million, and internet banking fraud $262 million, totalling $1.225 billion out of the $1.734 billion in total fraud losses for the 12-month period ending March 2023.

Card and Internet banking frauds were most prevalent in higher digital traffic areas in major towns and cities such as Kingston, Portmore and Spanish Town, where online banking adoption is concentrated.

The BOJ also reported $145 million in stolen funds from physical attacks, including five robberies targeting cash-in-transit (CIT) providers and 10 attempts at ABM locations, highlighting Jamaica’s dual challenges of combating both digital and physical fraud.

Still, the central bank points to emerging threats on the horizon as commercial banks push to digitise more of their processes.

“Notably, the use of artificial intelligence (AI) in cyber-attacks is a significant concern,” the BOJ said in its report.

Asked to expand on this emerging threat, Lewis told the Business Observer that it was more a forecast of where threats could go, rather than what is happening at the moment. “Right now it’s more theoretical,” he said, adding, “You shouldn’t read any sort of inference that it is a problem now.”

Globally, over half of all financial fraud now involves AI, with generative AI (GenAI) enabling criminals to create hyper-realistic deepfakes, synthetic identities, and sophisticated phishing scams, according to Feedzai in its 2025 AI Trends in Fraud and Financial Crime Prevention report, uncovering how GenAI is used in financial fraud. The company, based in Portugal and with offices in the United States, specialises in protecting financial institutions from fraud and financial crime.

In its report published earlier this month, Feedzai noted that from its survey of the financial services sector, AI-driven fraud attempts have surged, accounting for as much as 43 per cent of detected cases, and the sophistication of these attacks is escalating at an unprecedented pace. Fraudsters are leveraging AI to automate and personalize attacks, bypass security protocols, and exploit system vulnerabilities — often with devastating speed and scale, Feedzai said in the report.

Lewis said it is precisely because of those risks that the issue was raised to reinforce the emerging threat to Jamaican banks.

“If you look at most fraud types, they start in the big markets — US, Canada, UK, and so on,” he pointed out.

The potential threat from AI, which emanates mainly from Eastern Europe and the Far East is expected to impact banks in more developed markets for now.

“Jamaica is not a lucrative market because the size of the population is small and the amount of money in the accounts is not that large. So the reward-to-effort ratio is not yet high enough to make it attractive,” Lewis noted.

But that apart, he said how banks operate in Jamaica, still having “a lot of manual intervention where you need to come into the bank and sign something” continues to act as a barrier to any immediate growth in AI-driven fraud attacks on Jamaican banks.

“You still need a human to intervene, so the AI threat landscape for Jamaica would be much lower because our systems are not as sophisticated as those that you’d find in countries where everything is online.”

“We still have a jurisdiction where when they attack the ABMs and that never work out, they start attacking the delivery trucks. That is our reality in Jamaica,” he continued.

Given the prevalence of fraud, especially cyberfraud which the BOJ deems “an evolving risk” due to a shift towards electronic methods for transacting business following the advent of COVID-19, the central bank has mandated stricter cybersecurity protocols, including real-time card blocking and enhanced fraud monitoring systems, for debit cards on their mobile platforms, a feature traditionally reserved for credit cards, to help reduce customers’ financial losses. The new cyber-resilience framework was implemented in March of this year and is known as the Standard of Sound Practice on the Management of Cyber Risks. The standard will provide DTIs with guidance on prudential requirements in cyber risk governance.

“Being attacked isn’t a matter of if but when,” warned Lewis at the recent BOJ monetary policy press briefing, emphasising that banks must now balance fighting cheque scams with preparing for AI-driven threats. While Jamaica’s manual banking processes — like in-person signatures — currently deter advanced cyberattacks, the BOJ notes that international ransomware groups are increasingly targeting developing nations’ digital infrastructure.

Lewis reiterated that Jamaica’s current lower digitisation levels reduce its exposure to AI-driven fraud, but urged vigilance: “It’s a journey. We have to prepare for evolving threats while managing today’s realities.”

To support this initiative, the BOJ engaged a service provider to establish and manage the Cyber Information and Intelligence Sharing Initiative — Jamaica CIISI-JM — in/for the financial sector.

“CIISI-JM will serve as an independent ‘sector coach’ for cyber resilience, enhancing integrated, all-of-government and industry oversight of relevant cyber information as well as intelligence, which aims to foster a trusted community where members can voluntarily share timely intelligence, discuss emerging cybersecurity threats and implement effective practices to maintain cyber resilience across Jamaica’s financial system.”

These measures, being undertaken by the Bank, along with the Financial System Stability Committee’s (FSSC) Cyber Resilience Principles, set out measures to ensure that cyber resilience is transparent, thorough and targeted as well as being consistent with the information sharing requirements outlined for licensees in the BOJ Cyber Risk Standard.

LEWIS…fraudsters [are] starting to realise that it’s getting harder to do the cloning of the debit card, because of the chip and pin, so they have gone back old school .