Thought some of you might be interested in this article.

Mobile Banking Fraud

There was fraud potential when RDC was first deployed, and regulators issued warnings that banks needed to complete a risk-based evaluation of the service (including in-house capture, by the way) before deploying it.

Even before RDC was seriously deployed, USAA Bank began offering a version of it to its consumer depositors, which made sense because of its huge numbers of widely-scattered customers, many of whom do most of their banking online. Moving the service to the smart phone was just the logical next step for the industry.

Whether you call it RDC Jr. or mRDC as Krebs refers to it, it's still RDC. Although per client volume is not likely to approach the levels of business RDC users (if it does, you've got some major concerns!), the fraud potential remains, and one of the controls -- the "franking" that's done by many commercial RDC installations -- is missing from mRDC.

The industry has fallen all over itself trying to make it easier for its customers to conduct business away from the branch; it hasn't done a wonderful job anticipating and preventing the fact that it's more convenient for the crook, too.

Thanks for the article Retread. I've been waiting so see something like this in print, rather than just my usual, "here's what's going to happen" and having no "proof". We are just beginning to implement mobile deposit capture for consumers. We've got duplicate detection on our side so if the customer takes a picutre and then attempts to deposit inside the bank, we should catch this, but that's really just catching mistakes and not real fraud. Hopefully our $1,000 limit will mitigate some of the risk.

And it won't identify the scenario in which your customer used MRDC to deposit a check with your bank and deposits it a second time with another bank using MRDC and finally deposits the paper item with an Nth bank.