By Ed McLaughlin
Editor's Note: This story was published by RemoteDeposit Capture.com Aug. 19, 2009; reprinted with permission. (c) 2009 RemoteDepositCapture.com. All rights reserved.
While good risk management tools are available, few organizations currently use them effectively. As with many new technologies or services, skeptics abound, and sometimes irrational fear of risk or loss may prevent us from fully recognizing potential advantages and benefits. This very issue has seemed to plague the remote deposit capture (RDC) industry since its inception in 2004.
To this day, the perceived risk of RDC has prevented many financial institutions (FIs) from realizing the benefits of RDC, and we constantly receive questions about risk and fraud in RDC.
Thus far, actual losses to FIs that can be contributed at least in part to RDC have been negligible. The primary reason we feel risk is largely overblown lies in the misperception that RDC as an entirely new service (in accordance with the Federal Financial Institutions Examination Council Guidance released on Jan. 14, 2009) built upon new processes and new technologies.
RDC processes and technology are not entirely but rather largely, improvements to systems, processes and technologies that have been used to clear hundreds of Trillions (yes, with a T) of dollars over the past decade alone. In short, RDC is built upon trusted, well-tested and reliable technologies and processes. (This article focuses upon RDC technologies; legal issues such as agreements are a completely different issue.)
The technology that enables merchant and corporate RDC is scanner technology to capture an image of the check. RDC uses desktop scanners that employ both image cameras and magnetic ink character (MICR) readers (in most cases), and, yes, they could be used to perpetrate a fraud. If you think about it, simply by using a scanner, a photo editor and/or a page design system a fraudster can generate a check.
The check can include all of the elements to allow it to be read by a check scanner (reading the MICR line in optical character recognition and/or with a magnetic ink cartridge) and be transmitted to the bank for deposit. In any form of RDC where the bank of first deposit (BOFD) and the paying bank are relying on an image for clearing and settlement there need to be other ways to identify the check as being real and means to mitigate the risk in case it is not.
While there is no substitute for customer due diligence and regular KYC (know your customer) policies and procedures, FIs should complement this process by tying their KYC information to the technical tools at their disposal to effectively mitigate RDC risk.
If the business being set up has been scrutinized and a risk category or number has been provided (for example, risk number based on an analysis of the type of business, credit score, size of business, longevity with the bank, transaction and balance history, return/reject overdrawn history, location, etc.) that should be used as the basis for the model to determine the parameters and settings that need to be established to mitigate risk.
RDC systems technologies have the ability to analyze an item being presented before it is accepted as part of a deposit. The features and capabilities vary by vendor, but here is a variety (or samples) of parameters that should be monitored for an item, a deposit and - by collection of the information in a database - for longer periods of time to develop trends. Examples include:
These are some of the items that can be looked at to minimize the risk at the point of entry. (I hope we hear from you if there are others you think should be included in this list.)
One of the many advantages of RDC is the electronification of the payment. The receipt and the processing now can be modified in real time based on a rule, a flag or warning generated in the receipt and analysis of a deposit or item.
This ability to have different workflows that can be set up to allow for additional manual review or comparison against regulatory and exception databases, and then be processed based on the decisions made during the workflow, will improve the risk assessment and mitigation process within the FI.
This process can also be of great value and importance to corporate or merchant customers. Most RDC agreements between financial institutions and their customers place the ultimate financial risk upon the end user.
It is only logical to assume that if the customer is assuming the risk (via legal agreement), that customer will value the ability to manage that risk.
Examples of this would be where workflows are exercised by the FI's customer to minimize risk before the deposit is sent to the FI.
This approach can be seen today in merchant processing applications where an item is sent to be verified before being sent for deposit; or in a brokerage houses where a payment is reviewed by the firm's internal processes before being accepted and before going to the FI.
The BOFD has its role in minimizing fraud in RDC, but so do the paying bank and the services it offers to its corporate clients through their cash management practice.
Positive pay (an automated fraud detection tool) is still one of the best ways for a business to mini-mize the potential for fraud, and positive pay's use with the advent of Check 21 and image processing can be argued as being more central and important than ever.
The RDC process and system itself is the best protection against fraud because the technology used in image capture is so ubiquitous that it cannot be limited, and the RDC process will have to add the controls necessary to allow us to develop effective deterrents. Look at your RDC system. Are you taking advantage of the tools it offers? We have heard of instances where the parameters are getting in the way, so they have been turned off or set so high as to be meaningless. Use the tools provided, be confident in your process and expand the roll out of RDC to your customers.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next