Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
November 19, 2012
The Art of Capturing Customers with Mobile Remote Deposit Capture
Last November, Portals and Rails took a look at remote deposit capture (RDC) and wondered if deposit fraud would rise as more financial intuitions roll out the service to more customers. We've seen no evidence in the past year to support an uptick in fraud. However, we have ample evidence demonstrating that the product is becoming mainstream through the mobile channel. With four large financial institutions incorporating RDC with their mobile applications over the summer, eight out of the ten largest depository institutions currently offer the product.
As with any new offering, financial institutions need to understand the risks behind new products and develop strategies to mitigate these risks. At a recent conference, I sat in on a wonderful discussion led by Terri Ferrise and Hunter Wolfe with Cachet Financial Solutions that highlighted the growing demand for mobile RDC and best practices for risk management of the product. Given banks' rapid adoption of the product, Portals and Rails would like to pass along some of the best practices for mobile RDC shared by Terri and Hunter as well as other financial institutions that were engaged in the discussion.
"Know your customer" (KYC) is essential with mobile RDC. Financial institutions should prioritize their customers and offer mobile RDC only to their best customers, closely aligning the product offering with customer characteristics. When considering which customers to offer the product to, they should take into consideration these issues:
- The length of the customer's relationship. Some financial institutions require that an account be open for at least 90 or 180 days before offering the service to their customers.
- The depth of the customer's relationship. The more products the customer has with a financial institution, the better the financial institution should know that customer.
- The experience with the customer. For example, has the customer previously used check deposit at the ATM? Has the customer previously attempted to deposit bad checks?
Deposit and velocity limits
Even with strong customer controls in place, financial institutions must also consider and employ deposit and velocity limits, which would include taking these steps:
- Set realistic deposit limits (daily, weekly, and monthly) and availability rules based on the customer profile.
- Consider velocity limits and other tools to analyze individual transactions and customer trends. Have a system in place to flag certain deposited items that are out of the ordinary for closer (or even manual) examination.
- Continually monitor these limits and adjust them depending on the customer's behavior.
Front and back end processes
Financial institutions must also have adequate risk management at both the front end and the back end of the deposit process, which would include some of these strategies:
- Procedures for dealing with RDC items post deposit. Destruction and franking protect against double presentment.
- Strong user and hardware authentication routines.
- Strong image validation and quality guidelines.
- Customer education to ensure that images are not being stored on their mobile devices.
Just like any other successful product launch, mobile RDC creates new risk considerations. To date, it appears that those financial institutions offering the product are successfully controlling their risks. As this product begins to become commoditized, perhaps the biggest risk to financial institutions may be losing customers if they don't offer the product. For additional information on risk management of RDC, I encourage everyone to read the Federal Financial Institutions Examination Council's guidance on the topic.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference The Art of Capturing Customers with Mobile Remote Deposit Capture:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud