Remote Deposit Risk Assessment

Posted By: Nail

Remote Deposit Risk Assessment - 02/25/11 07:47 PM

What do you do for a Remote Deposit Risk assessment over the entire product as a whole(not the individual customers)?
Posted By: Its Just Me

Re: Remote Deposit Risk Assessment - 02/25/11 09:18 PM

I'd be happy to share my RDC risk assessment with you if you send me a pm with your email address.
Posted By: CEK

Re: Remote Deposit Risk Assessment - 02/28/11 02:11 PM

Hey Nail, BITS has a very good document on RDR: REMOTE DEPOSIT IMAGE CAPTURE:THE PROCESSES, RISKS AND STRATEGIES USED TO MITIGATE THEM

http://www.bitsinfo.org/downloads/Publications%20Page/BITSRDICFINALSept06.pdf

Check it out!!!
Posted By: AFaquir

Re: Remote Deposit Risk Assessment - 03/15/11 06:55 PM

Nail,

For our RDC risk assessment we started with identifying the risks, reputaion, operation, financial etc etc etc. Most of that should be boiler plate to a majority of your products and services.

For the actual product we broke it down by most significant regs or issues... so GLBA, a litle BSA and a lot of FRAUD...

From there you just need to think of the entire work flow for RDC... customer gets a check, customer opens software program, customer activates hardware, customer scans check, customer transmits data, software processes data, bank receives data, customer stores captured check, check gets cleared through process.

Once you get your work flow down you theorize ways for someone to come in and steal info (GLBA), launder money (BSA), or defraud people (Fraud)... make a quick list of all the ways and then what your system does to stop them. If the system can't stop them, what you do to detect them... if the system can't stop them and you can't detect them you have found your weak link... How do you combine other mitigation to sure up this weak link... if you can't sure it up, note that it is a vulnerability to you, make your risk assessment honest, get it signed off above your pay grade and your assessment is done.

I will share mine after I redact the detailed information, send me a PM with your e-mail

Cheers!