Check Processing

05:00 PM
Connect Directly

BB&T Detects Check Duplicates with Assist from CONIX

BB&T leverages CONIX Systems' Dupe Detective to catch check image duplicates before they are processed, saving the bank time and money.

Check image duplicates are a 21st-century challenge that arose with the advent of the Check 21 Act. When Check 21 was enacted in 2003, Winston-Salem, N.C.-based BB&T Corp. ($157 billion in assets) put together a project team to ensure that, as the law took effect, the bank wouldn't run into too many duplicate-image problems.

According to BB&T's Tim Dillow, regional operations support manager, while the bank didn't anticipate check duplicates would be a major problem, past experiences convinced executives that it would be worthwhile to ensure that the transition was seamless. In the early days, he recalls, the bank did its check duplication detection in-house.

"Originally [in 2004] we did some limited in-house programming that would check for duplicates," Dillow says. "The negative thing about it was it happened after the check was already done posting."

So while the bank -- which was an early participant in the Federal Reserve's check image program -- was able to uncover duplicate check images, by the time the early solution cross-referenced the images, the damage already was done. As a result, it took more time to correct and mediate duplicate checks; it also resulted in more branch traffic.

"And in those days with the Fed-based exchange, we all had duplicates from time to time," recalls Joe Brannan, BB&T's processing services manager. "It could be weeks later before we got it all resolved."

Adds Dillow, "We felt that if we could eliminate duplicates before posting, it would eliminate the problems we had before" and, ultimately, "make the stream easier." So BB&T began the search in early 2005 for a solution that would identify duplicate check images before they were processed.

"There weren't a whole lot of players in the market at the time," Dillow relates, adding that the bank wanted a solution that would be effective across all channels. "We looked at all of them. The No. 1 thing was to resolve the checks prior to post."

BB&T ultimately chose Manchester Center, Vt.-based CONIX Systems' Dupe Detective. "Of the three solutions that we looked at, we felt CONIX Systems had come the furthest in addressing all of our criteria," says Dillow, who declines to identify the other candidates.

"Any given check could post as a check and as an ACH item," Brannan adds. "That's the cross-channel error that can occur. The beauty of this system is that it's comparing across those channels."

Live in 60 Days

BB&T signed a contract with CONIX in late 2006, and the software implementation took about 60 days, according to Dillow, who notes that Dupe Detective's business roles are defined by users via a menu-driven interface. The bank began beta testing in February 2007 and went live in August of that year, he adds.

Since the deployment, BB&T has had a nearly 100 percent success level in finding duplicate images, and it suffers minimal impact on adjustments with events that do occur, Dillow reports. "The product has been highly effective in doing what we wanted it to do," he says. "While other banks have had single events that have made the news, we have been protected from it."

BB&T is completely operating with branch capture, Dillow continues, and currently processes about 2.6 million items a day, with peak days that reach up to about 4.6 million items. Additionally, the bank has several thousand merchants set up with remote capture. "In a month's time we will look at some 25,000 to 30,000 suspects, and we will confirm from those suspects about 30 percent are duplicates."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.