Beam Up My checks, Scotty

Never having to leave the office to make a run to the bank has become increasingly common as more small businesses adopt remote deposit capture, a technology that lets users scan and send images of checks to the bank, rather than go to a branch to deposit them.

Now some institutions are bringing this same service to consumers, letting them deposit check images from home, literally at the press of a button. While remote deposit offers the ultimate in convenience, it also raises a number of risk management issues, which the industry is addressing.

“There are a lot of options in terms of how banks can look at remote deposit risk and decide how to handle it,” says Bob Hunt, senior research director at TowerGroup Inc., a Needham, Massachusetts-based research firm.

Because banks never take physical possession of the imaged checks, fishy business is bound to occur. Without the original check, banks cannot detect the magnetic ink required to encode it, or ensure that it has been destroyed or endorsed as paid once it has been deposited.

Perhaps the biggest risk of remote deposit is a customer sending in an electronic copy of a check and then rushing to another bank to physically deposit the same item. Fraudsters are also more likely to try to pass off phony checks through remote deposit since they cannot be physically inspected. Honest mistakes, such as accidentally scanning and sending in the same check twice, could also occur. Or scanned images could be of poor quality, creating operational risks.

Banks are resorting to technological and operational solutions to address these risks. Vendor solutions are being designed to automatically detect potentially fraudulent checks and to identify duplicates that come in from different channels.

Ideally, such multichannel duplicates should be detected well before posting, says Rod Springhetti, vice president, business planning and development at Fiserv, which announced a consumer remote deposit service in February. That way, “there’s no adjustment in posting, there’s limited impact, and fraud is identified early in the work stream,” he explains.

To detect duplicates, First Command Bank, a $531 million institution based in Fort Worth, Texas that is scheduled to roll out remote deposit to consumers in late September, is relying on a database from its technology provider, Fidelity Information Services, which stores check data for 24 months. “It will recognize if a check has already been scanned in, even if it’s not by the same person,” says Sherry Sitton, executive vice president at First Command.

The system will also be on alert for other suspicious situations, such as an illegible endorsement or discrepancy between the amount said to be deposited and the actual check amount. “There are about eight different things it will flag,” Sitton says.

In addition, First Command plans to physically look at every imaged item that comes into the bank. This task is not such a stretch, since the bank already opens up every envelope containing a check that comes in from its far-flung customer base. (First Command’s customers have all been referred to it by a nationwide network of about 400 financial advisers who work for the bank’s holding company.)

Banks are instituting other operational and workflow procedures designed to limit the risk of remote deposit fraud. Dollar limits on the amounts that can be deposited per day and per check are common. First Command, for example, has a $5,000 daily limit, which can be modified if necessary.

Institutions also are inclined to be strict about the endorsements required on the backs of scanned checks. Massachusetts-based Sharon Credit Union, with $322 million in assets, became one of the first institutions in the country to offer consumer remote deposit when it introduced it last November. It requires five pieces of endorsement information on scanned checks: the words: “For Deposit Only at Sharon CU,” an account number, the words: “via www,” the date, and a signature.

Measures such as these are small, but can still be effective in deterring fraud, says Matt Bowen, senior vice president and general manager of Fidelity National Information Services’ remote deposit division, which has nearly a dozen customers involved in production or testing of consumer remote deposit. “An observant teller would catch that it’s already been endorsed to another bank,” Bowen says of scanned checks that are re-presented at a teller window.

The emphasis on more detailed endorsements means consumers will need to scan the fronts and backs of checks, even though that is less convenient than scanning only the front. A recent bulletin from the Federal Reserve also recommends that institutions require front and back scans.

Revisions to the Fed’s Operating Circular 3, which went into effect in mid-July, put the onus on banks to ensure that any check images sent through to the Fed actually originate from a paper check. The ruling has had a chilling effect on the plans of at least one software vendor to offer a “virtual endorsement” that would free consumers from having to endorse and scan the backs of checks.

Software Earnings Inc., a payments software provider in Memphis, Tennessee, says it has developed a process by which an image of a bank’s rubber stamp could be created, negating the need for consumers to endorse and scan the backs of checks. The development, however, appears to overstep the bounds of the Fed’s OC 3, since the rubber stamp is not from an original paper check. “It’s been created out of thin air,” says Trent Fleming, senior vice president of strategic market development at Software Earnings, which expects to introduce a consumer remote deposit product in October.

Software Earnings is taking a step back from its virtual endorsement idea, having concluded that requiring consumers to scan the front and back of checks is the “smart” thing to do, Fleming says. “A written endorsement on the check is good defense against redeposits to another institution by accident,” he said.

Other aspects of consumer remote deposit are not so clear-cut. Still undefined, for example, is the amount of time consumers should be required to hold onto checks once they scan them into their institution. While some banks are recommending consumers hang onto the paper checks they’ve scanned for 30 or 60 days, or more, some say that isn’t necessary.

Sharon Credit Union is not requiring members to hold onto scanned checks for any length of time. “Once they’ve made the deposit and gotten an e-mail from us that it’s OK, then they can destroy the check,” says Mark Emerson, chief operating officer.

About 500 of Sharon Credit Union’s 30,000 members have registered to use its consumer remote deposit service, and 50% to 60% of those use it regularly. In the year that it’s offered the service, “we’ve not had a single issue of wishing we had the original,” Emerson says.

Sharon Credit Union decided to go with no retention period after discussing the issue with other institutions. “Once the image is captured, it becomes the legal representation of a check, so there’s really no reason to keep the original,” Emerson explains.

Sharon Credit Union’s approach contrasts sharply with that of Summit Bank, a de novo institution based in Panama City, Florida, which has been offering consumer remote deposit since June. About 10 of its 130 households are actively using the service so far, says Frank A. Hall, chief operating officer.

Summit has taken a more conservative stance, asking customers to keep checks for 60 days before destroying them. Hall acknowledges that the bank will probably change its policy eventually, but for now, it wants to stay within customers’ comfort zones. “There are a lot of gray areas right now,” he says of the early days of consumer remote deposit.

One key to increasing comfort levels with the service is to build lots of communication into the workflow for remote deposits. The software from Fidelity National Information Services automatically sends customers an e-mail once the front and back scan of the check has been received. Then it sends another e-mail once the item has been reviewed and accepted for deposit. Customers can also look up the history on the account. “There’s good communication throughout the process,” Bowen says.

Perhaps the most important measure banks can take to prevent fraud on remote deposit accounts is to know their customers. At small private banks like Summit, where all the executives know all the customers, this approach is a cinch. “We’re not advertising it,” Hall says. “This is only for customers.” Similarly, First Command is only doing [remote deposit] business with customers who have been referred by its financial advisers, an approach that ensures detailed knowledge of each customer’s financial health and habits.

Remote deposit has a good track record so far among merchants using it to deposit checks from the office, which bodes well for its use by consumers. Fidelity National Information Services is processing about $6 billion a month through its merchant capture service and has not had a single fraud incident since it introduced the service in the second half of 2005, Bowen says.

Emerson of Sharon Credit Union cautions that knowing your customer or member is important in remote deposit. “But if you protect yourself on that end, the rest of it falls into place,” he says.