09:00 AM
Wesley Wilhelm, NICE Actimize
Wesley Wilhelm, NICE Actimize

Are Mobile Payment Apps a Boon for Both Customers & Fraudsters?

How fraudsters can take advantage of mobile transactions, and how banks can mitigate that risk.

Clearly consumers love the ease of mobile remote deposit -- the ability to deposit checks anywhere, any time with their smartphones. Now considered a competitive differentiator for financial institutions, mobile remote deposit capture (RDC) moves customers away from more costly item processing systems and expensive branch and ATM visits, so it's a boon to banks. But could the age of mobile payment apps, a valuable extension of self-service banking, prove to be a boon to fraudsters, too?

Recent surveys suggest that more than 75% of financial institutions are not experiencing fraud through mobile RDC. However, will this remain that way for very long? If history is any indicator, I don't think so. Unfortunately, now is the time for fraud managers to stop reading surveys and start thinking like crooks. And that means assessing vulnerabilities and evaluating detection methods. As Dr. Paul Ekblom, a London crime expert, has suggested, "Now is the time to be 'designing against crime.'"

[For more on mobile security, check out: The Mobile Security Journey at Wells Fargo]

The truth is, much like customers, fraudsters follow speed, flexibility, and convenience. As past evidence shows, the more restrictions are placed on customers -- like low daily item and amount limits and multi-day holds -- the higher the frustration and customer attrition rates are. This is not to say that mobile RDC policies should be a free for all. But prevention and detection controls must be managed with the same consideration as other areas of fraud management -- by relying on a combination of human intelligence, pattern analysis, and behavioral signatures to distinguish criminal activity hiding within the overwhelming volume of legitimate activity.

How do financial institutions manage to keep customers happy without helping fraudsters? Unlike other areas of fraud, deposits require both monitoring and potentially restricting access to money coming in and going out of the account. Financial institutions must scrutinize deposits, checks, and fund transfers, all while honoring federally mandated funds availability timelines. The faster a deposit or check is determined to be legitimate, the faster the bank can safely make the customer's funds available. Increases in processing speed and improved availability have resulted in dramatically reduced detection and decision time frames, and thereby more satisfied customers. Next up, day-one and day-two deposit fraud controls (and manual review processes) have to be upgraded to attain the decision-making speed and consistency required in real-time and nearly real-time deposit processes.

Keeping the fraudster in mind, the check-image clearing process should move only so fast -- to maintain certainty that the funds being made available actually are available right up until the time the check clears. By using the same fraud detection and mitigation approach used in the online banking, card authorization, ACH origination, bill pay, and wire transfer channels, and by examining activity patterns and account activity consistent with suspicious behavior, a financial institution can have more confidence in identifying valid funds -- and delaying availability for funds displaying suspicious activity.

Wesley Wilhelm (Wes) has more than 30 years of experience in banking and consulting to the financial services industry, with extensive knowledge of fraud management, payments, and retail banking technology and operations. He has held numerous management positions in risk and ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
7/11/2014 | 9:58:44 AM
It's a delicate balancing act, as the article states, and consumers also must recognize that they may not always be able to do things like mobile RDC in real-time, as quickly as possible, if it means sacrificing security.
User Rank: Author
7/10/2014 | 1:22:29 PM
Re: Mobile Payment App Risks?
Tracking transaction behavior could play a big role in securing mobile deposits too. Several of the bigger banks have had mobile check deposit for long enough that they should have a good amount of data on how their customers usually use the service. They should know what time of month a customer is most likely to make a mobile deposit, and have an idea of how much it will be for. Anything outside of those normal patterns should go through some extra verification.
User Rank: Author
7/10/2014 | 10:58:37 AM
Mobile Payment App Risks?
Wes, you have summarized the ongoing conundrum banks face -- how to balance the access, convenience, speed and real-time resolution that customers demand with the need for security and control in an environment where fraudsters and criminals are increasingly aggressive and sophisticated. Your recommendations reflect some of what I have heard from other industry figures -- that, if handled (and communicated) correctly, tighter/better security can be a differentiator and an aspect of customer service/engagement. After all, everyone offers mobile check deposit, if you can convey that yours is more secure without sacrificing convenience, that is a competitive advantage.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.