GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Hard times expose vulnerable residuals


Industry Update

7-Eleven takes interchange issue to D.C.

Canadian debit shake-up

Two companies, two new security departments

Cyber thieves stealing from students


How to leverage available technologies to manage risk and prevent fraud in RDC

Ed McLaughlin

Research rundown

Selling Prepaid

Prepaid in brief

Vigilance is watchword in fraud prevention

Empowering the cash-compensated

Is PayPal a threat to prepaid?


Portfolio conversions done right

Biff Matthews
CardWare International

The MLS and the ISO:
Cause for concern?

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:

Jon Perry and Vanessa Lang

Reserve accounts and processor meltdowns

Adam Atlas
Attorney at Law

Digging into PCI - Part 3:
Protecting stored cardholder data

Tim Cranny
Panoptic Security Inc.

A practiced approach

Jeff Fortney
Clearent LLC

Revving up business with profit-controlled marketing

Daniel Wadleigh
Marketing Consultant

Company Profile


New Products

Gateway as a service


First Data's new dynamic duo

First Data Secure Transaction Management
First Data Corp.


Little actions add up



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

October 12, 2009  •  Issue 09:10:01

previous next

How to leverage available technologies to manage risk and prevent fraud in RDC

By Ed McLaughlin

Editor's Note: This story was published by RemoteDeposit Aug. 19, 2009; reprinted with permission. (c) 2009 All rights reserved.

While good risk management tools are available, few organizations currently use them effectively. As with many new technologies or services, skeptics abound, and sometimes irrational fear of risk or loss may prevent us from fully recognizing potential advantages and benefits. This very issue has seemed to plague the remote deposit capture (RDC) industry since its inception in 2004.

To this day, the perceived risk of RDC has prevented many financial institutions (FIs) from realizing the benefits of RDC, and we constantly receive questions about risk and fraud in RDC.

Thus far, actual losses to FIs that can be contributed at least in part to RDC have been negligible. The primary reason we feel risk is largely overblown lies in the misperception that RDC as an entirely new service (in accordance with the Federal Financial Institutions Examination Council Guidance released on Jan. 14, 2009) built upon new processes and new technologies.

Improved technology

RDC processes and technology are not entirely but rather largely, improvements to systems, processes and technologies that have been used to clear hundreds of Trillions (yes, with a T) of dollars over the past decade alone. In short, RDC is built upon trusted, well-tested and reliable technologies and processes. (This article focuses upon RDC technologies; legal issues such as agreements are a completely different issue.)

The technology that enables merchant and corporate RDC is scanner technology to capture an image of the check. RDC uses desktop scanners that employ both image cameras and magnetic ink character (MICR) readers (in most cases), and, yes, they could be used to perpetrate a fraud. If you think about it, simply by using a scanner, a photo editor and/or a page design system a fraudster can generate a check.

The check can include all of the elements to allow it to be read by a check scanner (reading the MICR line in optical character recognition and/or with a magnetic ink cartridge) and be transmitted to the bank for deposit. In any form of RDC where the bank of first deposit (BOFD) and the paying bank are relying on an image for clearing and settlement there need to be other ways to identify the check as being real and means to mitigate the risk in case it is not.

While there is no substitute for customer due diligence and regular KYC (know your customer) policies and procedures, FIs should complement this process by tying their KYC information to the technical tools at their disposal to effectively mitigate RDC risk.

Clear parameters

If the business being set up has been scrutinized and a risk category or number has been provided (for example, risk number based on an analysis of the type of business, credit score, size of business, longevity with the bank, transaction and balance history, return/reject overdrawn history, location, etc.) that should be used as the basis for the model to determine the parameters and settings that need to be established to mitigate risk.

RDC systems technologies have the ability to analyze an item being presented before it is accepted as part of a deposit. The features and capabilities vary by vendor, but here is a variety (or samples) of parameters that should be monitored for an item, a deposit and - by collection of the information in a database - for longer periods of time to develop trends. Examples include:

These are some of the items that can be looked at to minimize the risk at the point of entry. (I hope we hear from you if there are others you think should be included in this list.)

RDC advantages

One of the many advantages of RDC is the electronification of the payment. The receipt and the processing now can be modified in real time based on a rule, a flag or warning generated in the receipt and analysis of a deposit or item.

This ability to have different workflows that can be set up to allow for additional manual review or comparison against regulatory and exception databases, and then be processed based on the decisions made during the workflow, will improve the risk assessment and mitigation process within the FI.

This process can also be of great value and importance to corporate or merchant customers. Most RDC agreements between financial institutions and their customers place the ultimate financial risk upon the end user.

It is only logical to assume that if the customer is assuming the risk (via legal agreement), that customer will value the ability to manage that risk.

Examples of this would be where workflows are exercised by the FI's customer to minimize risk before the deposit is sent to the FI.

This approach can be seen today in merchant processing applications where an item is sent to be verified before being sent for deposit; or in a brokerage houses where a payment is reviewed by the firm's internal processes before being accepted and before going to the FI.

The BOFD has its role in minimizing fraud in RDC, but so do the paying bank and the services it offers to its corporate clients through their cash management practice.

Positive pay (an automated fraud detection tool) is still one of the best ways for a business to mini-mize the potential for fraud, and positive pay's use with the advent of Check 21 and image processing can be argued as being more central and important than ever.

The RDC process and system itself is the best protection against fraud because the technology used in image capture is so ubiquitous that it cannot be limited, and the RDC process will have to add the controls necessary to allow us to develop effective deterrents. Look at your RDC system. Are you taking advantage of the tools it offers? We have heard of instances where the parameters are getting in the way, so they have been turned off or set so high as to be meaningless. Use the tools provided, be confident in your process and expand the roll out of RDC to your customers.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios