Though distinct from the sub-prime meltdown, another recent episode about a bank gone to the dark side also suggests room for regulatory improvement—and it's much easier to understand! In brief, telemarketers, third-party “payment processors,” and a compliant big bank combined to defraud hundreds of thousands of mostly elderly consumers. When petitioned in mid-2005 by 35 state attorneys general to crack down on the scheme, the Fed offered a response that seems lackadaisical at best.

The gimmick the defrauders used, via accounts they held at North Carolina-based Wachovia Bank, was an obscure but dangerous form of check known as a “demand draft” or a “remotely created check” (or RCC).

Unlike a regular check, an RCC requires no signature. So if someone can obtain information about your checking account, they can plunder it, no signature required.

How did it work at Wachovia? Telemarketers got account information by phoning mainly elderly people and offering them bogus services, such as travel vouchers, protection against identity theft, and the like.

Armed with this account information, the telemarketers had the third-party payment processors work up the RCCs, then deposited the RCCs in the telemarketers’ Wachovia accounts. Wachovia would then present the victim’s bank with the RCC for collection. In one telling incident, the Royal Bank of Scotland noticed that depositors at its Citizens Bank branches were being defrauded in this manner. It alerted Wachovia to the scheme and asked Wachovia to crack down on the perpetrators—but was stonewalled until a court order was issued the following month.

Between June 2003 and December 2006, at least 350,000 consumers were thus defrauded. How do we know that Wachovia was a party to the scheme? Not for the first time, e-mail left a well-marked trail. The U.S. Treasury’s Office of the Comptroller of the Currency (or OCC) conducted a 15-month investigation, in which it found the usual incriminating messages. One from way back in April 2003 was from a “risk management” officer inside the bank: “To knowingly bank a customer who is perpetrating fraud places the bank at great exposure.” Wachovia took the account anyway.

By August 2005, a Wachovia “loss manager” looked into an account at the bank that had drawn over 4,000 complaints in only two months. Reuters (February 6, 2008) recounts the e-mail she sent others in the bank: “Yikes!!!! Now, the crux of the problem…is that all their deposits are third party drafts!!! Double Yikes!!!! There is more, but nothing more that I want to put into a note.” Evidently the fees on such accounts continued to outweigh the risks of exposure.

What was the Federal Reserve Board’s response to the May 2005 request by the state attorneys general for a crack-down? In November of that year, fully six months later, the Board got around to declaring that as of the following July 1 (2006), liability for the bogus checks would shift to the bank presenting the check (in this case Wachovia) to the victim’s bank for collection. That’s all. And hunting season remained open for the intervening seven months.

Why not abolish the RCC as a device? The Fed says it can have a legitimate use for last-minute payments made by phone to avoid late fees on, say, a credit card. But the same end can be achieved with a debit card, with much less risk of fraud.