Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
June 7, 2010
Remotely created checks: Banks of first deposit provide front line of defense
Almost everyone has authorized a draft transaction from a checking account, whether to expedite a payment to a creditor, purchase an item via telephone or Internet, or compensate a merchant for the return of an initial paper check due to insufficient funds. The payee remotely creates these preauthorized drafts, or remotely created checks (RCCs), under the authority of the accountholder but without the accountholder's signature. This lack of signature makes RCCs vulnerable to fraud.
How can the payments industry balance the legitimacy and convenience of an RCC with the risk management challenges it presents? Staff at the Atlanta Fed's Retail Payments Risk Forum explored this question and other challenging issues in a recently published concept paper, "An Examination of Remotely Created Checks."
Risk management challenges: RCCs are hard to monitor
RCCs, like traditional checks, can be sent forward for collection through the banking system or processed electronically by converting the paper check into an electronic file acceptable to image-exchange networks. Electronic-only RCCs can also be presented for payment and sent forward for clearing, and in some instances can be converted and processed as an ACH debit item and cleared through the ACH network. RCCs that exist in this format may easily bypass detection because, when they are sent forward for clearing, they appear in a format indistinguishable from files of images captured from paper checks.
Distinguishing electronic-only RCCs from paper RCCs converted to an electronic image is crucial to understanding and appropriately applying the new RCC warranty and presentment claims. Yet reliable data on the prevalence of RCCs as well as the true magnitude of fraud perpetrated through this payment channel is difficult to quantify because, as stated above, RCCs are indistinguishable from files of images from paper checks.
Risk management concerns and applicable due diligence protocols
In 2005, Regulation CC was amended to addressed RCC's unique attributes and the risks and challenges that accompany them. Ultimately, Regulation CC altered the final payment rule by shifting liability for unauthorized RCCs from the paying bank to the bank of first deposit. The change in liability structure also altered presentment and transfer warranties.
Risk management concerns for the bank of first deposit are substantial due to the inherent risk of unauthorized RCC transactions. Often, reported incidents of RCC fraud are tied to poor internal controls and due diligence practices of banks, particularly with their "know your customer" programs.
The Office of the Comptroller of the Currency (OCC) issued updated guidance in 2008 suggesting that account relationships with third-party payment processors are the riskiest for a bank that accepts RCCs as deposits. The guidance was intended to serve as a supplement to existing risk management practices while enhancing underwriting and monitoring of entities that process payments for telemarketers and other merchants.
Depository banks may be best poised to manage the unique risk of RCCs
Some experts firmly believe that RCCs provide consumers the important benefit of avoiding late fees by facilitating the expedited payment of a bill, while others oppose the use of RCCs because their risks outweigh any benefits they may provide. Rather than prohibit their use, exploring improved ways to manage RCCs may preclude the need for new laws or regulations.
Only the bank of first deposit possesses the information necessary to manage RCCs, and only the bank of first deposit has a financial incentive for mitigating RCC fraud. By creating comprehensive risk management practices, beginning with account relationship agreements, the bank of first deposit could detail the quantity of RCCs it will accept, the quality of the images, and the permissible percentage of returns it will accept as RCCs. The institution with the most to lose has the most to gain by policing its own payments activities, while identifying, monitoring, and controlling RCC fraud risk.
By Ana Cavazos-Wright, payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Remotely created checks: Banks of first deposit provide front line of defense :
- The Range of Un-Friendly Fraud
- Payments Webinar October 10: Cash in the 21st Century
- "Insuring" Ransomware Will Continue to Flourish
- Designing Disclosures to Be Read
- Is There a Generation Gap in Cash Use?
- What the Most Convenient Food Tells Us about Payments
- Is Friction in Payments Always Bad?
- Why Should You Care about PSD2?
- At the Intersection of FinTech and Financial Inclusion
- A Call to Action on Friendly Card Fraud and Loss?
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- account takeovers
- ATM fraud
- bank supervision
- banking regulations
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- credit cards
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- financial technology
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- online retail
- Payment Services Directive
- payments fraud
- payments innovation
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- skills gap
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workforce development
- workplace fraud