10:38 AM
Connect Directly

Check Scanners That Detect Fake I.D.'s Help One Bank Fight Fraud

Check scanners from CTS North America have been enabled with technology that detects fake I.D.'s that have helped one community bank secure branch transactions and can authenticate remote check deposits.

Fake I.D.'s can be used as a plastic key to to get into a bank's systems in a number of ways, says Perry Forst, CEO and president of Citizens State Bank Norwood Young America, a single-branch community bank in Norwood Young America, Minn. Criminals can and have used fake I.D.'s to cash checks, make deposits, open new accounts and apply for loans. To prevent such fraud attempts the bank ($80 million in assets) has actually been using its check scanners, provided by CTS North America, a banking automation company, to scan government issued I.D.'s in the branch.

The I.D.-scanning capability of the check scanners is the result of an integration between CTS's LS40 and LS150 check scanners and I.D.-reader software provided by Identification Verification Systems, which provides I.D.-based authentication solutions. The I.D. reader check scanners can be used both in the branch and as a remote check deposit solution to verify a customer's I.D.

Forst explains that the instant authentication of the I.D. allows his bank's employees to move service customers more quickly and efficiently as employees can move on to the important tasks of helping the customer complete their transaction. "The program [for scanning ID's] is just one click on the desktop, so we can determine the validity of any government-formatted I.D. immediately," Forst says. "We know right away our comfort level with the customer and can focus on taking care of that customer's needs."

The I.D. verification software, called Snare, uses a magnetic stripe reader and can detect questionable I.D.'s, says John McCullough, the executive vice president of I.V.S. The software also takes an image of the I.D. and saves it, meaning that even if criminals have switched the 2-D Barcodes on the I.D. the software can detect if the QR Code says one thing and the face of the card says another, McCullough explains. So far the Snare technology has yet to be duped by a fake I.D. at one of the company's client banks, McCullough reports.

McCullough says that technology is a valuable aid to tellers because it uses the same process that tellers already use for scanning other documents. In addition, he points out, most tellers aren't experts on detecting fake I.D.'s, so many of them are relieved to have that decision taken out of their hands. "We've run a test where we showed a mix of 50 I.D.'s - some fake and some real - to a group of tellers. Most of the experienced tellers will identify the fraudulent ones, but they also tend to think that some of the real I.D.'s are fake. The new tellers don't have a clue," McCullough relates.

The integration of I.D. verification with check scanners can also be used to authenticate remote check deposits. McCullough says that I.V.S has already integrated the software with CTS's desktop check scanners, but that capability has just recently been released and none of its clients are using it yet. The company will look to integrate the Snare I.D. authentication software into mobile check deposit as part of the software's next phase of development, possibly by using a card reader that works with the mobile device. This could help verify the identity of customers depositing checks with their mobile device.

But the technology has already proven a hit in the branch with the tellers at Citizen State Bank Norwood Young America, Perry Forst reports. "One teller I've spoken with told me 'I'd feel naked without it now,'" Norwood's Forst says.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.