There was fraud potential when RDC was first deployed, and regulators issued warnings that banks needed to complete a risk-based evaluation of the service (including in-house capture, by the way) before deploying it.
Even before RDC was seriously deployed, USAA Bank began offering a version of it to its consumer depositors, which made sense because of its huge numbers of widely-scattered customers, many of whom do most of their banking online. Moving the service to the smart phone was just the logical next step for the industry.
Whether you call it RDC Jr. or mRDC as Krebs refers to it, it's still RDC. Although per client volume is not likely to approach the levels of business RDC users (if it does, you've got some major concerns!), the fraud potential remains, and one of the controls -- the "franking" that's done by many commercial RDC installations -- is missing from mRDC.
The industry has fallen all over itself trying to make it easier for its customers to conduct business away from the branch; it hasn't done a wonderful job anticipating and preventing the fact that it's more convenient for the crook, too.
John S. Burnett
Fighting for Compliance since 1976
Bankers' Threads User #8