Many banking apps for smartphones have a feature that lets users deposit checks by taking a photograph of them—which, as a Louisville, Kentucky bank learned the hard way, could become a serious vulnerability.
This feature is called mobile remote deposit capture, or mRDC, and in terms of convenience it works great—as long as you have a working network connection, you can deposit a check from pretty much anywhere.
But there's a catch: because the deposit is processed from a photograph and not the check itself, people who use mRDC still have the physical paper check even after depositing the money.
Last week a Kentucky man was arrested for allegedly exploiting this fact of mRDC to cash a number of checks twice.
The suspect, 34 year old Boma Robert Spero-Jack, is accused of purchasing several Western Union money orders from Kroger, a regional supermarket. According to the police report, Spero-Jack deposited these money orders into his Bank of America account by taking a picture of them with his smartphone. Then he'd take the money orders back to the Kroger and cash them, effectively doubling his money.
Louisville police say Spero-Jack stole a total of $12,620 before he was caught. [See also: Top Mobile Banking Security Tips ]
This isn't the first case of someone allegedly exploiting mRDC. But security blogger Brian Krebs said that until recently there have been very few such cases, mostly accidental instead of criminal.
Bankers and security experts have worried about the potential for abuse since banks first started rolling out mRDC a few years ago. Only in the past year has the feature become widespread, however, which means criminals have had just about enough time to figure out how to exploit it.
Banks have more to worry about than simple theft, as well. Part of the regulation around mRDC states that if a checkis deposited twice—whether accidentally or intentionally—and that second deposit harms the person who wrote the check, the bank is responsible for the damages.
Julie Conroy, a research director at boston-based research firm Aite Group, explained the worst case scenario surrounding this regulation to Krebs :
"Say I write you a check, and you deposit it once via mRDC, and a second time at a bank branch….The second deposit causes my account to go into overdraft status, and the very next check that would have cleared was my homeowners insurance check. That check bounces, and the next day my house burns down. Technically, the bank where that second presentment occurred could be on the hook for the cost of my house."
There haven't been any cases of banks encountering serious trouble due to this regulation, said Conroy, but it is a possibility of which banks, and customers, need to be aware.
- 13 Security and Privacy Tips for the Truly Paranoid
- Forget the NSA: Your Tech Gadgets Are Spying on You
- 10 Best Mobile Security Software Products
© 2012 TechNewsDaily