Last November, Portals and Rails took a look at remote deposit capture (RDC) and wondered if deposit fraud would rise as more financial intuitions roll out the service to more customers. We've seen no evidence in the past year to support an uptick in fraud. However, we have ample evidence demonstrating that the product is becoming mainstream through the mobile channel. With four large financial institutions incorporating RDC with their mobile applications over the summer, eight out of the ten largest depository institutions currently offer the product.
As with any new offering, financial institutions need to understand the risks behind new products and develop strategies to mitigate these risks. At a recent conference, I sat in on a wonderful discussion led by Terri Ferrise and Hunter Wolfe with Cachet Financial Solutions that highlighted the growing demand for mobile RDC and best practices for risk management of the product. Given banks' rapid adoption of the product, Portals and Rails would like to pass along some of the best practices for mobile RDC shared by Terri and Hunter as well as other financial institutions that were engaged in the discussion.
Customer management
"Know your customer" (KYC) is essential with mobile RDC. Financial institutions should prioritize their customers and offer mobile RDC only to their best customers, closely aligning the product offering with customer characteristics. When considering which customers to offer the product to, they should take into consideration these issues:
- The length of the customer's relationship. Some financial institutions require that an account be open for at least 90 or 180 days before offering the service to their customers.
- The depth of the customer's relationship. The more products the customer has with a financial institution, the better the financial institution should know that customer.
- The experience with the customer. For example, has the customer previously used check deposit at the ATM? Has the customer previously attempted to deposit bad checks?
Deposit and velocity limits
Even with strong customer controls in place, financial institutions must also consider and employ deposit and velocity limits, which would include taking these steps:
- Set realistic deposit limits (daily, weekly, and monthly) and availability rules based on the customer profile.
- Consider velocity limits and other tools to analyze individual transactions and customer trends. Have a system in place to flag certain deposited items that are out of the ordinary for closer (or even manual) examination.
- Continually monitor these limits and adjust them depending on the customer's behavior.
Front and back end processes
Financial institutions must also have adequate risk management at both the front end and the back end of the deposit process, which would include some of these strategies:
- Procedures for dealing with RDC items post deposit. Destruction and franking protect against double presentment.
- Strong user and hardware authentication routines.
- Strong image validation and quality guidelines.
- Customer education to ensure that images are not being stored on their mobile devices.
Just like any other successful product launch, mobile RDC creates new risk considerations. To date, it appears that those financial institutions offering the product are successfully controlling their risks. As this product begins to become commoditized, perhaps the biggest risk to financial institutions may be losing customers if they don't offer the product. For additional information on risk management of RDC, I encourage everyone to read the Federal Financial Institutions Examination Council's guidance on the topic.
By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed