Flex Blog shares ways to prevent check fraud through remote deposit capture
Thursday, July 13, 2017
Posted by: Flex CU Tech Blog
Editor’s Note: This article was originally featured on Flex CU Tech Blog and has been modified.
With new technology comes new risk. We see this often in our daily lives. Keyless entry and remote start for cars are convenient, but it didn't take long for thieves to come up with a device that lets them steal cars that use key fobs. Wi-Fi is essential to efficiency in our home and office, but even with complicated passwords, it can cause security nightmares. Mobile banking is a necessary offering to remain competitive, but Remote Deposit Capture (RDC) opens you up to a new kind of credit union fraud. A recent analysis of 400 FIs found that of all fraud cases involving mobile banking apps, 72 percent included remote deposit capture (RDC) and the use of fraudulent checks.
A recent RDC scam going around works as follows: First, the thieves make a remote deposit via mobile device in the parking lot of the credit union, then they walk that same check into the teller, who cashes the funds as they are immediately available, even though the check hasn't technically cleared yet. The good news is it usually only takes a few cases of reported fraud attempts before a new product, service, or security upgrade is created to combat the attack.
Here are 3 ways credit unions are currently preventing check fraud through RDC:
1. Unified cash letter between check-21 and RDC: Depending on your credit union technology infrastructure, you should have the option to unify the in-branch check-21 and RDC cash letter. Having a unified check-21 and RDC cash letter may sound like a minor tweak but it makes all the difference when it comes to prevention RDC fraud scams as described above. Having separate cash letters is what allows fraudsters to deposit the same check through multiple channels without the credit union noticing.
2. Duplicate Deposit Scan: Most check-21 teller capture systems have built-in duplicate deposit scans that crosscheck the current cash letter to verify the check hasn't already been processed. While this is a good preventative measure, the game was changed when RDC was introduced to the world. It didn't take fraudsters long to realize that most credit unions use separate systems for RDC and in-branch check-21, allowing them to make duplicate deposits without setting off any alarms. However, as mentioned in point 1, by unifying your check-21 and RDC cash letter, the duplicate deposit scan checks not only in-branch checks but also those deposited through RDC.
3. Crosscheck a check fraud database: If your core processor has an integration with a compliance and fraud database, this step is never overlooked. For example, TrueChecks® offers integration with check-21 teller capture systems. The TrueChecks® database is comprised of check data from financial institutions across the United States to deliver real-time responses on counterfeit, NSF, Closed Account, Duplicate, and other fraudulent items. This process is virtually transparent to the member service representative as TrueChecks® displays Reg CC recommended action and associated risk on scanned and RDC checks.
Source: Flex CU Tech Blog