Technological boundaries have become non-existent across the landscape of consumer banking. Financial institutions continue to properly manage risk while attempting to maintain and attract customers in a very competitive consumer banking environment. The technological cultural shift has integrated electronic devices into the ability to effectively and efficiently function in our society, but not without a cost. As the distance between the consumer and the teller frontline has increased the potential for financial fraud corresponds.
As financial fraud evolves Law Enforcement must strive to stay ahead of the fraudulent schemes and respond with proper investigation techniques and prosecutorial strategies. For the past several years Remote Deposit Capture(RDC) has provided efficiency and lowered cost for both commercial banking customers and their financial institutions. Financial Institutions have expanded this technological trend and rolled out a convenient product for personal banking clients known as Mobile Remote Deposit Capture(MRDC).
Mobile Remote Deposit Capture is implemented through a software application used on a smartphone, tablet or a personal computer. The common method of remote deposit is for a customer to authenticate their identity, key in certain transaction data, capture a digital image of an endorsed financial check on their device that generates an Image Replacement Document or substitute check. The customer is then prompted to submit the substitute check and the bank receives the transaction as a valid financial deposit. The oversimplified model just described generalizes many factors that encompass the RDC process. One factor about MRDC that can quickly be determined is that this electronic transaction is ripe with fraud.
A proactive approach to prevent MRDC fraud will appropriately mitigate risk and lower the potential for monetary loss. Below is a brief list of several proactive protocols designed to secure MRDC:
Multifactor Authentication methods that are more strict than guidelines suggested by the Federal Financial Institutions Examination Council (FFIEC) and FDIC for online banking
Securing data transmissions
Layered IT Security
Collecting IP data and electronic device identifiers for an authorized user while using software filters to identify threatening anomalies, such as IP data collected from a unusual geographical area for the consumers CRM data or an electronic device identifier that has not been approved through a strict user authentication process. Electronic data is captured upon the submission of the deposit.
Customer Due Diligence and Suitability
Vendor Due Diligence and Suitability
DO NOT allow brand new account holders to utilize MRDC
Customer agreements specifically designed for MRDC
The ability to successfully prosecute MRDC fraud would be very favorable for law enforcement agencies in a simple straightforward scenario, but near impossible for an elaborate scheme.
The simple straightforward scenario exists when a bank customer who has been legally conducting business decides to deposit a forged or counterfeit check. Law Enforcement can clearly articulate that the criminal had intent to implement a scheme to collect funds from a fraudulent check. Given the history of the account relationship, probable cause exists that the bank customer benefited from the scheme. The ability to identify a suspect will increase the likelihood of collecting physical evidence such as the original physical check, electronic forensic examination of device and a possible verbal admission from the suspect.
In order to successfully prosecute the simple straightforward scenario Law Enforcement Agencies must consider the following elements:
Establish a historical relationship with customers of legit banking activity or MRDC activity
Account statement reflecting the fraudulent transaction
Image of the submitted substitute check
Electronic data collected from the MRDC application, this might include IP data, geographical locations and unique electronic device identifiers
In contrast with a very simple scenario, an elaborate scheme would be near impossible to prosecute. An elaborate scheme would involve the implementation of non-traceable smartphones, use of anonymous IP proxies, layered money cards and stolen identities to just name a few tools. However, through a properly structured MRDC program with strict security protocols these tools of fraud would be near impossible to implement. The largest threat for monetary loss in a MRDC program are new accounts. Implementing a probationary period of time for new customers to prove their legitimacy would be most beneficial to financial institutions.