Viewpoint: Don't Be Duped: Remote Checks Risky

Remote deposit capture and image exchange have successfully accelerated check clearing across the industry — so successfully, in fact, that they have also created their own unique subset of operational challenges.

Almost daily, financial institutions, unfazed by the inherent risks, unveil plans to expand RDC to a broader range of commercial customers, accept consumer deposits and even contemplate mobile applications. Banks need to embrace a uniform approach to risk management issues emerging from widespread RDC adoption before broadening their RDC deployments.

Paul Carrubba, a check imaging legal expert and a partner at Adams and Reese LLP, says one of the biggest RDC exposures that financial institutions face is that the physical check is retained outside the bank by the customer after the image is remitted for payment. I agree. The possibility of duplicate payments being made from a single check is more than conceivable — it's inevitable.

By accepting a scanned check image for deposit, banks also accept accountability should that check be remitted again. Although most RDC systems prevent customers from scanning the same check twice, a customer with multiple banking relationships could easily deposit the same check to separate institutions — once via RDC and again in person. Such fraud creates a breach of warranty and indemnification liability of up to three years for both banks subject to any claims brought as a result of the duplicate deposit.

Bank consultants, industry analysts and many reputable banking executives agree that both human error and fraud will proliferate due to banks' vulnerability to duplicate item presentment. Unfortunately, there is little consensus among bankers on the magnitude and potential negative impact of duplicate item presentment. Could it be that banks are counting on traditional item processing protocols to intercept duplicate image items before they cause a ripple effect of increased costs and customer service issues?

Granted, banks may not recognize the alarming RDC-related fraud indicators today. But the types of fraud that can occur in response to RDC and image exchange require an explicit, targeted and expeditious response. Unless immediate steps are taken to thwart opportunities for RDC duplicate item presentment and fraud while the volume of these transactions is still relatively small, banks can anticipate a tangle of exception items to compromise their processing operations.

At a minimum, financial institutions need to become familiar with the Federal Financial Institutions Examination Council's guidance on remote deposit capture, then perform a risk assessment to ensure their RDC parameters are in compliance. Banks should already be reviewing deposits and setting limits as required by the council. By addressing noncompliant processes, banks will improve their systems' risk-mitigation characteristics.

Bank should also establish a list of high-risk customers and a high-risk customer profile to which they will not extend RDC services. That is common-sense risk management. The Bank Secrecy Act has already designated some businesses as being high-risk on the basis of suspected money laundering. This is a reasonable starting point for financial institutions to identify those customers they wish to exclude. Banks can further protect themselves from RDC fraud by implementing an application process for RDC services to better determine customer risk profiles.

Finally, banks need to demand automated, enterprise-wide management solutions that include detecting duplicates, establishing deposit limits, reviewing over-limit transactions, and searching for other suspicious activity. These solutions must enable duplicate detection across multiple payment channels and platforms to accommodate check conversion to automated clearing house transactions, since ACH and check payments are processed by separate systems.

The digital characteristics of RDC and image exchange lend themselves to the development of an automated rules-based processing system that can identify and intercept suspect items, test for false positives and reroute exception items. Late in the first quarter, a group of bankers and item processors convened in South Carolina to map out and evaluate the requirements for just such a system. The group formed a solution development steering committee made up of members from BB&T, Royal Bank of Canada and a global item processing provider. They reached consensus that it is not only desirable and possible to automate the management of image exception items such as duplicate or alteration fraud, but it is also important to move quickly, before image exchange volume increases. Their benchmark for the solution is both ambitious and realistic: handling Day 2 exception items on Day 1.

As a 20-plus-year veteran of item processing technology, I am personally hardwired to believe that banks tend to postpone risk-mitigation solutions, either because, like the proverbial frog in the pot, they do not perceive the rising temperature, or because the problem has reached daunting proportions that appear to defy intervention.

In the case of RDC and image exchange, banks are well informed by such experts as Paul Carrubba and have ample precedent for how fraud can exploit process vulnerabilities. All financial institutions can largely avoid a wave of RDC fraud and related repercussions if they act with urgency.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER