As mobile remote deposit capture becomes more popular among bank customers, the attendant risk involved with these transactions is also coming to the forefront.
A session at NACHA PAyments 2014 in Orlando focused on common issues around risk and security arising from increasing mobile RDC use by consumers.
Kevin Olsen, IT manager for EastPay Inc., discussed how remote deposit capture initially found popularity among bank's corporate customers, but is now rising among everyday consumers as well. However, he noted that many financial institutions do not have the same requirements around RDC for consumers as they do corporate customers, which can lead to fraud. For example, Olsen said many banks don't set deposit limits as a policy for consumers using mobile RDC. This also ties into Know Your Customer policies. Olsen said if a customer who has never deposited more than $200 in one transaction suddenly deposits thousands of dollars worth of checks via RDC, that should raise a red flag.
The most common form of RDC fraud is "duplicate presentment," Olsen noted, wherein someone deposits a check via a mobile device, then takes the paper check to a different financial institution to cash it as well. One effective way to combat this is to require some kind of "restricted endorsement." In such a case, a customer would be required to include a note in their endorsement indicating the check is intended to be deposited via RDC or it won't be accepted for mobile deposit.
David Brock, president and CEO of Florida-based Community Credit Union, said his institution does this, requiring customers who deposit a check using a mobile device to write in the endorsement "for mobile RDC only." However fraud can never be 100 percent eliminated, so in an attempt to mitigate possible misuse, Brock said the credit union imposed deposit limits for mobile RDC. Retail customers can deposit up to $1,000 in one session, and $2,000 per day. However, for "Platinum Customers" -- those who have an established, longstanding relationship with Community Credit Union -- those limits are upped to $2,500 per session and $5,000 per day.
Another significant source of mobile RDC fraud is customers not properly disposing of checks afterwards. While some banks have guidelines they give customers as to how long the checks should be held before they are destroyed, ultimately a bank cannot ensure a customer does properly destroy the check. Olsen related the story of sitting in a coffee shop and noticing another customer their using their phone to deposit a check; then leaving the check in a trash can where anyone could have picked it up. Banks need to be aggressive about educating their customers on best practices for using mobile remote deposit capture, he said.
In the end, Olsen noted that while there are many protections for consumers who are the victims of fraudsters, banks have no such luxury, and must be as proactive as possible in keeping RDC fraud to a minimum.