Threat of the Week: Looting via Mobile Remote Deposit Capture

[hrguy]

 

Boma Robert Spero-Jack suddenly has many mouths in banking security making worried sounds.

That’s because the Louisville, Ky., man apparently used mobile remote deposit capture and a Bank of America account to deposit 32 Western Union money orders that he also cashed out at a Kroger. That means he used mobile RDC to in effect double his money.

All in all, Spero-Jack made off with $12,620, according to police reports.

And this theft now is reigniting old fears that mobile RDC could easily be harnessed by crooks intent on double dipping with the same financial instrument.

One fact makes mobile RDC special. “The payment instrument stays in the hands of the depositor. That’s the unique thing,” said John Leekley, CEO of RemoteDepositCapture.com.

With traditional deposits -- be it at a teller window, an ATM, or via mail - the financial institution physically retains the deposited item, making it difficult for a crook to attempt to deposit it twice.

http://www.cutimes.com/2013/06/17/threat-of-the-week-looting-via-mobile-remote-depos?eNL=51520a1b140ba0ed7800006c&utm_source=Daily&utm_medium=eNL&utm_campaign=CUT_eNLs&_LID=137763512

[BusDiva]

The thieves always make it difficult for the "Good Guys".

[kfupanda]

Just yesterday I was thinking something like this could happen when reading terms to activate this feature on a bank mobile app.

 

Maybe I should turn it off again. I only get checks a few times a year anyway.

[mendelssohn]

I know that NFCU will not allow mobile money order deposits.

[hrguy]

Most of the banks do not allow money orders on mobile deposit - I think PSECU does, they were the only one I have encountered that does.

[jph5125]

I know it's not 100% photoshop proof, but isn't this why some places require you sign the back and write "For deposit at _____ credit union" to help prevent this sort of thing?

[ArchonInitiative]

When I first heard about this, I knew this could happen. It was just a matter of when. It was TOO obvious.

 

They come up with technology with normal people in mind, but have to adjust it or eliminate it because of the criminals.

[iWhat]

The thieves always make it difficult for the "Good Guys".

yep. hope they dont take this away too

[hrguy]

Some places make you send in the check - and you have so many day to do it, or they reverse the mobile deposit. It seems like this is a trend that had kinda stopped, but I see this picking back up.

 

And the places that would do it this way, gave you the deposit "on credit", you had to be credit approved to even have the mobile feature.

Edited June 19, 2013 by hrguy

[Burgerwars]

I don't know if professional crooks really would want to go down this path as new line of work. Mainly, banks just don't set up checking accounts and mobile deposit without knowing who you are. The goal of a crook is to not only get away with their crime, but to remain anonymous. Unless the crook is planning to flee to North Korea right afterwards, it's a bad idea.

 

Anyway, I'm waiting for the first bank to allow me to scan cash with my mobile phone and deposit that.

[CG in TX]

I don't know if professional crooks really would want to go down this path as new line of work. Mainly, banks just don't set up checking accounts and mobile deposit without knowing who you are. The goal of a crook is to not only get away with their crime, but to remain anonymous. Unless the crook is planning to flee to North Korea right afterwards, it's a bad idea.

 

Anyway, I'm waiting for the first bank to allow me to scan cash with my mobile phone and deposit that.

:rofl:

[SomeGuyInCA]

The threat is overblown if you ask me. The only way a crook could effectively make use of this would be to open accounts in other's names, and to do that they would need to be adept at identity theft. And then they would need to establish a positive track record, because most institutions don't simply grant account holders mobile deposit privileges without a track record of positive payment history, and typically not without direct deposits happening into the account each month.

 

What happened here, so far as I can tell, is that a not very bright person double deposited checks using his own account and obviously got caught doing it. One needn't be a rocket scientist to figure out that this sort of thing will get you busted in a hurry, but IQ is a bell curve distribution.

[BDK]

Both BOA and Chase mobile deposit apps allow deposits of MO.

[cashnocredit]

The threat is overblown if you ask me. The only way a crook could effectively make use of this would be to open accounts in other's names, and to do that they would need to be adept at identity theft. And then they would need to establish a positive track record, because most institutions don't simply grant account holders mobile deposit privileges without a track record of positive payment history, and typically not without direct deposits happening into the account each month.

 

What happened here, so far as I can tell, is that a not very bright person double deposited checks using his own account and obviously got caught doing it. One needn't be a rocket scientist to figure out that this sort of thing will get you busted in a hurry, but IQ is a bell curve distribution.

I agree completely. This really isn't exploitable easily without a big risk of prosecution so long as there is any significant verification of account holder's ID.