RDC App for Citibank?
Citibank is running commercials featuring the ability to deposit checks remotely via mobile device, a process known as remote deposit capture. Citi isn't the first retail bank to roll out RDC--USAA, for example, has been doing it for a while, but USAA has almost no branches, so checks have to be deposited remotely by their farflung depositor base.
There's no question that RDC will become a standard retail banking feature over the next few years, but I'm still puzzled how RDC will overcome its fundamental security problem: multiple deposits of the same check. If I write a paper check to you and you deposit it remotely by sending in an image, you can still deposit/cash the physical check elsewhere. And you can, in theory, deposit the same check remotely multiple times. Moreover, the ability to deposit remotely means that check forgers don't need to bother obtaining magnetic ink, etc.
There are things banks can do to limit the fraud risk, but RDC continues to appear very vulnerable to a coordinated kiting scam or other organized attack. I'm not sure what would prevent my cousin Boris in Odessa from making mass deposits of bogus checks and clearing out a whole bunch of accounts before anyone was the wiser, especially if he used a gang of smurfs. It'll be interesting to see how long it takes before a bank takes a major loss from a RDC scam, if it hasn't happened already.
[Updated 2.28.11: Bob Meara, the leading RDC analyst, makes a very good point in the comments that makes me think I should clarify some points in the post, namely who is at risk with RDC. The risk I was discussing is the risk of the depository banks, where the checks are deposited. There is also potential risk for the bank on which the check is drawn, but that is a separate risk. There really isn't much risk that I see for either honest depositors or honest drawers of checks. If you didn't write the check, you shouldn't be liable, although there may be some hassle in getting your account recredited from a fraudulent draw.
Instead, the issue here is the risk to the banks themselves, not to the payor or the payee. There is a risk that the payor bank pays on multiple presentments of the same check, but as Bob Meara notes in his comment, that's an easy enough risk to address with computer systems that will allow only one payment on the same check number and check amount.
The real risk is to the depository bank. Banks have to make funds available per a schedule in Reg CC. The problem is that Reg CC sometimes mandates funds availability before checks have cleared--that is before the depository bank knows that the drawer bank will pay on the check. Thus, the depository bank might pay out on a check, but be unable to collect. There are ways to reduce the risk exposure here, such as deposit limits, neural networks looking for errant activity, and faster check clearing via electronic processing. (One wonders why check clearing hasn't become real time in most cases...) But the basic problem still remains--banks have to make funds available before they always know if they can collect on the check. A smart fraudster will try and determine which checks will take the longest time to clear (my guess is that it means checks drawn on small banks) and try to clean out the funds made available before the depository figures out that the check has bounced. ]
This was a major problem with real estate attorneys in Florida recently. Apparently, a seller took their proceeds check, RDC'd it with their smart phone, then went back to the attorney and asked him to wire the funds to their account instead of them taking the paper check. Not anticipating the RDC issue, he did that!
Posted by: Peter J. Pike | February 28, 2012 at 07:04 AM
Most bank core processing systems keep track of the checks that have been paid on each account. Each check, after all has a unique check number,routing number and dollar amount. A fraudster depositing a check more than once would typically result in the return of subsequent presentments. Ergo a debit in the fraudster's account. In addition, the majority of financial institutions also have systems to detect duplicate presentments before posting to the account.
The net result has been remarkably little in the way of RDC loss.
Posted by: Bob Meara | February 28, 2012 at 02:03 PM