« Credit for Parenthood (in the Wall Street Journal) | Main | Thank You to Philomila Tsoukala »

RDC App for Citibank?

posted by Adam Levitin

Citibank is running commercials featuring the ability to deposit checks remotely via mobile device, a process known as remote deposit capture. Citi isn't the first retail bank to roll out RDC--USAA, for example, has been doing it for a while, but USAA has almost no branches, so checks have to be deposited remotely by their farflung depositor base.

There's no question that RDC will become a standard retail banking feature over the next few years, but I'm still puzzled how RDC will overcome its fundamental security problem:  multiple deposits of the same check. If I write a paper check to you and you deposit it remotely by sending in an image, you can still deposit/cash the physical check  elsewhere.  And you can, in theory, deposit the same check remotely multiple times. Moreover, the ability to deposit remotely means that check forgers don't need to bother obtaining magnetic ink, etc.  

There are things banks can do to limit the fraud risk, but RDC continues to appear very vulnerable to a coordinated kiting scam or other organized attack. I'm not sure what would prevent my cousin Boris in Odessa from making mass deposits of bogus checks and clearing out a whole bunch of accounts before anyone was the wiser, especially if he used a gang of smurfs.  It'll be interesting to see how long it takes before a bank takes a major loss from a RDC scam, if it hasn't happened already.   

[Updated 2.28.11:  Bob Meara, the leading RDC analyst, makes a very good point in the comments that makes me think I should clarify some points in the post, namely who is at risk with RDC.  The risk I was discussing is the risk of the depository banks, where the checks are deposited.  There is also potential risk for the bank on which the check is drawn, but that is a separate risk.  There really isn't much risk that I see for either honest depositors or honest drawers of checks.  If you didn't write the check, you shouldn't be liable, although there may be some hassle in getting your account recredited from a fraudulent draw.  

Instead, the issue here is the risk to the banks themselves, not to the payor or the payee.  There is a risk that the payor bank pays on multiple presentments of the same check, but as Bob Meara notes in his comment, that's an easy enough risk to address with computer systems that will allow only one payment on the same check number and check amount.  

The real risk is to the depository bank.  Banks have to make funds available per a schedule in Reg CC. The problem is that Reg CC sometimes mandates funds availability before checks have cleared--that is before the depository bank knows that the drawer bank will pay on the check.  Thus, the depository bank might pay out on a check, but be unable to collect.  There are ways to reduce the risk exposure here, such as deposit limits, neural networks looking for errant activity, and faster check clearing via electronic processing. (One wonders why check clearing hasn't become real time in most cases...) But the basic problem still remains--banks have to make funds available before they always know if they can collect on the check.  A smart fraudster will try and determine which checks will take the longest time to clear (my guess is that it means checks drawn on small banks) and try to clean out the funds made available before the depository figures out that the check has bounced. ]


This was a major problem with real estate attorneys in Florida recently. Apparently, a seller took their proceeds check, RDC'd it with their smart phone, then went back to the attorney and asked him to wire the funds to their account instead of them taking the paper check. Not anticipating the RDC issue, he did that!

Most bank core processing systems keep track of the checks that have been paid on each account. Each check, after all has a unique check number,routing number and dollar amount. A fraudster depositing a check more than once would typically result in the return of subsequent presentments. Ergo a debit in the fraudster's account. In addition, the majority of financial institutions also have systems to detect duplicate presentments before posting to the account.

The net result has been remarkably little in the way of RDC loss.

The comments to this entry are closed.


Current Guests

Follow Us On Twitter

Like Us on Facebook

  • Like Us on Facebook

    By "Liking" us on Facebook, you will receive excerpts of our posts in your Facebook news feed. (If you change your mind, you can undo it later.) Note that this is different than "Liking" our Facebook page, although a "Like" in either place will get you Credit Slips post on your Facebook news feed.



  • As a public service, the University of Illinois College of Law operates Bankr-L, an e-mail list on which bankruptcy professionals can exchange information. Bankr-L is administered by one of the Credit Slips bloggers, Professor Robert M. Lawless of the University of Illinois. Although Bankr-L is a free service, membership is limited only to persons with a professional connection to the bankruptcy field (e.g., lawyer, accountant, academic, judge). To request a subscription on Bankr-L, click here to visit the page for the list and then click on the link for "Subscribe." After completing the information there, please also send an e-mail to Professor Lawless ([email protected]) with a short description of your professional connection to bankruptcy. A link to a URL with a professional bio or other identifying information would be great.