Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
November 19, 2012
The Art of Capturing Customers with Mobile Remote Deposit Capture
Last November, Portals and Rails took a look at remote deposit capture (RDC) and wondered if deposit fraud would rise as more financial intuitions roll out the service to more customers. We've seen no evidence in the past year to support an uptick in fraud. However, we have ample evidence demonstrating that the product is becoming mainstream through the mobile channel. With four large financial institutions incorporating RDC with their mobile applications over the summer, eight out of the ten largest depository institutions currently offer the product.
As with any new offering, financial institutions need to understand the risks behind new products and develop strategies to mitigate these risks. At a recent conference, I sat in on a wonderful discussion led by Terri Ferrise and Hunter Wolfe with Cachet Financial Solutions that highlighted the growing demand for mobile RDC and best practices for risk management of the product. Given banks' rapid adoption of the product, Portals and Rails would like to pass along some of the best practices for mobile RDC shared by Terri and Hunter as well as other financial institutions that were engaged in the discussion.
"Know your customer" (KYC) is essential with mobile RDC. Financial institutions should prioritize their customers and offer mobile RDC only to their best customers, closely aligning the product offering with customer characteristics. When considering which customers to offer the product to, they should take into consideration these issues:
- The length of the customer's relationship. Some financial institutions require that an account be open for at least 90 or 180 days before offering the service to their customers.
- The depth of the customer's relationship. The more products the customer has with a financial institution, the better the financial institution should know that customer.
- The experience with the customer. For example, has the customer previously used check deposit at the ATM? Has the customer previously attempted to deposit bad checks?
Deposit and velocity limits
Even with strong customer controls in place, financial institutions must also consider and employ deposit and velocity limits, which would include taking these steps:
- Set realistic deposit limits (daily, weekly, and monthly) and availability rules based on the customer profile.
- Consider velocity limits and other tools to analyze individual transactions and customer trends. Have a system in place to flag certain deposited items that are out of the ordinary for closer (or even manual) examination.
- Continually monitor these limits and adjust them depending on the customer's behavior.
Front and back end processes
Financial institutions must also have adequate risk management at both the front end and the back end of the deposit process, which would include some of these strategies:
- Procedures for dealing with RDC items post deposit. Destruction and franking protect against double presentment.
- Strong user and hardware authentication routines.
- Strong image validation and quality guidelines.
- Customer education to ensure that images are not being stored on their mobile devices.
Just like any other successful product launch, mobile RDC creates new risk considerations. To date, it appears that those financial institutions offering the product are successfully controlling their risks. As this product begins to become commoditized, perhaps the biggest risk to financial institutions may be losing customers if they don't offer the product. For additional information on risk management of RDC, I encourage everyone to read the Federal Financial Institutions Examination Council's guidance on the topic.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The Art of Capturing Customers with Mobile Remote Deposit Capture:
- Leaving a Cybersecurity Legacy
- What Can Parenting Teach Us about Data Security?
- Safely Motoring the Payments Highway
- Balancing Security and Friction
- Squeezing the Fraud Balloon
- Who's to Stand in for Mom?
- Security at the ATM: We Have Some Educating to Do
- Payments Stakeholders: Can't We All Just Work Together?
- Introducing Take On Payments
- Does More Security Mean More Friction in Payments?
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud