The rapid evolution in remote deposit capture could be the trigger for an alarming surge in fraud, wrote Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed, in a post this week on the Portals and Rails blog.
King explained that RDC has grown 13 percent in the past two years as banks have expanded the service from their commercial clients to retailers. In that time, RDC technology has also evolved, moving from desktops to mobile devices. USAA, J.P. Morgan Chase, PNC Bank and U.S. Bank now offer mobile RDC for retail consumers, with Bank of America planning to follow suit early next year.
King questions whether or not this expansion could lead to a spike in fraud, as banks' retail customers undertake "less stringent due diligence than do their commercial customers."
A new Celent report indicates that the commercial RDC market is nearing maturity, and estimates that approximately 75 percent of U.S. banks and 50 percent of U.S. financial institutions offer at least one RDC service. Given that any further growth will come from banks adopting retail RDC services, as well as expanding it to new products like prepaid cards, King questions whether fraud will see an increase.
King cited the 2011 AFP Payments Fraud and Control Survey, which noted that only 1 percent of respondents reported being defrauded through their electronic check conversion service. This is actually a decrease from the 2010 survey; in which three percent of respondents indicated that they had experienced payments fraud stemming from their RDC service.
However, an RDC fraud study by the Financial Crimes Enforcement Network (FinCEN) showed 1,017 Suspicious Activity Report (SAR) filings between 2005 and 2011, with more than half of the reports occurring after 2010. Even more alarming is that these SARs account for about 0.1 percent of all bank-filed, check-fraud-related SARs.
The recent expansion of RDC to the general-purpose reloadable (GPR) prepaid card market is especially of concern, noted King. Using the service, unbanked prepaid card users can load funds directly on their cards.
According to a Paybefore article, this service is risky because not only can check images be altered, but someone could attempt to reuse the same check by sending the image to multiple cards, doubling or tripling the money at a check-cashing store.
Paybefore noted that third-party service providers like Chexar Networks, FactorCheck LLC and FIS have the risk-management software to enable mobile RDC for the prepaid industry, and these organizations are willing to accept the risk on mobile RDC transactions, rather than the prepaid program manager or issuer.
But King noted that the overall lack of information about GRP prepaid users, compared to retail and corporate clients, makes RDC services with the group much more susceptible to fraud. "In fact, prepaid card users may be unbanked because they have a poor, or no, credit history or they lack appropriate identification and credentials to open a banking account," he wrote.