The Check Clearing for the 21st Century Act (Check 21) has created new opportunities for financial institutions and customers. By eliminating the need to transport paper checks, remote check capture can provide significant cost savings for financial institutions. Customers benefit as well: retail customers can receive image proof-of-deposit at an ATM or other remote capture site, and commercial customers can deposit imaged checks directly at their own premises. At the same time, remote check capture carries with it operational risks that left unmitigated could expose a financial institution to fraud losses. According to a 2006 white paper published by the BITS Fraud Reduction Steering Committee, the use of the Internet to transmit check image files could be exploited by criminals. “Remote deposit image files will be open to all the same attacks that online banking or online commerce face. Files could be intercepted on the Internet and either be edited for fraudulent submission or mined for fraud and identity theft.†Information security risks include unauthorized access to and/or use of the imaged information, submission of edited or unauthorized files for clearing, and loss of data. Fortunately, strategies exist for mitigating these risks. Superior Iron Superior Iron Range Community Federal Credit Union, based in Michigan’s Upper Peninsula, has experienced operational cost savings through the use of check image exchange with its clearinghouse, which not only eliminates check courier costs but also reduces the risks inherent to transporting the paper checks. Superior Iron Range’s check imaging technology providers “were not only patient with us regarding our initial concerns and requirements, but also proactive in making sure the products we would be using made the most business sense,†says Ronald Lauren, the financial institution’s chief financial officer. “We were able to do electronic check exchange in a matter of weeks.†Still, the introduction of new products and services often attract criminals eager to exploit vulnerabilities created by the confusion surrounding a new product or service and the eagerness on the part of the financial institution to sell a new service, says Paul Carruba, an attorney with the law firm Adams and Reese LLP and a payment systems expert. “Remote deposit capture will be no exception.†The electronic transmission of deposits creates the opportunity for the same check or checks to be deposited multiple times. A financial institution customer may transmit an image of a check to the financial institution and then deposit the original check at the same financial institution or at a different financial institution. Another potential exposure is the potential for criminals to transmit duplicate files or duplicate images of checks to the financial institution. While the perpetrators may not get away with this activity for very long, the amount of one duplicate image or file could be substantial under the right circumstances. Ideally, duplicate detection safeguards will be built into the software used by the customer to capture checks, to deter fraud or prevent accidental deposit of the same item multiple times. Additionally the financial institution’s deposit receiving platform and deposit systems should have the capability to identify duplicate items. Deposited items suspected to be duplicates should be flagged for review by the financial institution at the earliest feasible point in the process. The potential for fraud loss may also be increased because of counterfeit items. An image of a counterfeit check will be almost impossible to detect. The financial institution will not have the ability to examine the texture of the check, discoloration, watermarks, borders, heat sensors, and other physical fraud detection features. If the financial institution pays the fraudulent check and the accountholder subsequently files a claim for indemnification, the financial institution will get stuck with the loss. Receipt of an image of a check instead of the original check may increase the financial institution’s exposure to loss from alterations. While financial institutions already experience this type of loss, it would appear that the potential for loss will be increased. Alterations are often difficult to detect on original items because of the advanced techniques used by criminals to make the alteration. Detection of alterations on a black and white image of an item will be even more difficult to detect. Financial institutions should consider offering Positive Pay with payee name recognition to assist in detecting this type of fraud. Payee name verification utilizes automated recognition technologies to compare the name of the payee on the check when the item is presented to the name of the payee at the time the check was issued.
Andrew Miller is a freelance writer specializing in financial services and information technology. He holds an MBA from Columbia University and a Master's in computer science from Rensselaer Polytechnic Institute. He has held jobs at CMP Media, MetLife, and Gartner.
From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:
Understand the current cyber threats to all public and private sector organizations;
Develop a multi-tiered risk management approach built upon governance, processes and
information systems;
Implement NIST's risk management framework, from defining risks to selecting, implementing
and monitoring information security controls.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.