Remote Deposit Capture (RDC) Could Escalate Fraud

Tuesday, November 22, 2011



The utilization of Remote Deposit Capture (RDC) is experiencing rapid growth in the retail banking sector, and some experts are worried that this increase could lead to an escalation in banking fraud.

As described by the FDIC, "RDC allows financial institution customers to 'deposit' checks electronically at remote locations, usually in the customers’ offices, for virtually instant credit to their account. Paper checks are digitally scanned, and an image of the check is electronically transmitted to the customer’s bank."

RDC has been in use for some time by commercial entities and merchants, and the technology is now being implemented for use by retail banking clients, with some banks allowing customers to simply snap a digital image of a check and transmit it to make a deposit.

"In just this short period, the RDC market has grown significantly and changed rapidly. This growth and change has led to approximately 13 percent of checks being deposited as images at the bank of first deposit, according to the 2010 Federal Reserve Payments Study. In addition, financial institutions and banks, which initially offered RDC capabilities primarily to their commercial customers, are now broadening these services to include their retail customers," wrote Douglas King, a payments risk expert with the Atlanta Federal Reserve.

King expects RDC-based service offerings to continue to expand in the retail banking sector, with new options available to consumers - and a bevy of new security problems for financial institutions to mitigate.

"Any future growth of RDC services should be expected via retail consumers. This growth will come from the adoption of retail RDC services by banks and financial institutions as well as the expansion of the service into new payment products—most notably, prepaid cards. As RDC usage expands to more retail consumers and additional payment products, we have to wonder if fraud associated with it will rise or continue to be held under control," King wrote.

While the instances of RDC being used to commit fraud are reportedly quite low, this should be construed as an indication that RDC transactions are inherently secure.

"According to the 2011 Payments Fraud and Control Survey from the Association of Financial Professionals, only 1 percent of surveyed organizations responded that someone had used their electronic check conversion service to commit fraud. This figure is unchanged from the 2009 survey," King noted.

The low levels of reported instances of fraudulent activity may be due to the limited population to which banks had previously offered RDC services.

"To date, banks and other financial institutions have successfully managed risks for commercial RDC services. Whether by restricting the use of the service to only its most vetted commercial clients or limiting the value of allowable remote deposits, banks have implemented risk controls to effectively minimize their risk and fraud exposure associated with RDC," King wrote.

With the expansion of offerings to the general banking public, this trend may be short lived.

"With banks and financial institutions expanding this service to a retail customer base that often undergoes less stringent due diligence than do their commercial customers, is the potential for fraud increasing?" King asks.

Given the tendency for vulnerable systems to be exploited by nefarious criminal entities - as exemplified by the sharp increase in mobile device exploits - one might expect that 2012 will produces a sharp surge in RDC-related fraud schemes.

Possibly Related Articles:
Enterprise Security
Banking Headlines Financial Risk Mitigation Account Fraud Customers Mobile Banking Remote Deposit Capture
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.