Ever use your smartphone to make an electronic check deposit? Many banks have recently introduced this feature; you simply use your smartphone’s camera to snap a picture of your check and upload the money into your account.
Easy? Sure. Convenient? Of course! Just waiting for scammers to abuse? Unfortunately, also yes. It’s how one 34-year-old Kentucky man was able to do what’s called “double-dipping,” and steal thousands of dollars.
By essentially cashing out money orders more than once, a man named Boma Robert Spero-Jack didn’t even need to pick up a weapon or have any advanced computer skills to steal a whole lot of money. This new type of fraud simply takes advantage of a pretty big loophole in one of mobile banking’s newest features.
Here’s how this digital deposit scam works and what the authorities are doing to make sure it doesn’t happen again.
Spero-Jack’s Double-Dipping Extravaganza
It’s called “mobile remote deposit capture,” or MRDC. MRDC lets consumers snap a photo of a check with a smartphone, or run it through a special scanner, to deposit the money straight into their accounts without a trip to the teller. Many banks have incorporated this feature and it’s been a big hit.
Unfortunately, Spero-Jack figured out how to use MRDC to steal $12,620 from his bank by using Western Union money orders. Sophos’ Naked Security blog has the details:
“…Spero-Jack went into several Kroger stores and bought at least 32 Western Union money orders, each for between $195 and $500. He allegedly then left the store and deposited the money into his Bank of America checking or savings account via mobile remote deposit capture.”
As soon as made the MRDC deposits, he’d march straight back into his local Kroger and cash that very same money order.
He was eventually caught, of course, and charged with theft by unlawful taking, which sounds a bit like the most redundant charge ever. Isn’t all theft unlawful taking? Anyway, the bigger question is how Spero-Jack was able to actually pull this off in the first place.
Why didn’t the bank notice that he was cashing the same check twice? Shouldn’t there be safeguards in place? Could a new generation of check forgers exploit MRDC technology and pull a modern Catch Me If You Can style heist?
The Problem with MRDC (and the Solutions)
As MRDC becomes more popular and widespread, consumers and experts alike are growing concerned about the potential for more fraud. Currently, there isn’t a good system to track MRDC fraud.
For all its convenience, MRDC carries a serious built-in vulnerability. The vendors that process MRDC transactions have processes in place designed to catch duplicate checks, but these processes don’t operate immediately.
The lag time enables thieves like Spero-Jack to double-deposit checks and make off with the extra cash.
One possible solution would be a deposit database that operates in real-time to catch the fraud instantly. Similarly, some experts are also suggesting that banks should put parameters in place to ensure that only “trusted” customers are able to use MRDC.
Anti-Fraud Solutions are On the Way
Of course, MRDC vendors are working very hard to close these security loopholes, so it’s likely that we can expect better security measures soon. Spero-Jack’s case has drawn attention to this type of fraud which means experts are developing new ways to combat it and stay one step ahead.
Until then, what do think banks should do to prevent mobile checking deposit fraud? Do you use MRDC technology and if so, what’s your opinion? Share your thoughts with us in the comments.
Work From Home Scam: Identity Thieves Promise Jobs with Google or Facebook to Steal Credit Card Info
200 Thousand Dollar Tip: Waitress’ Lucky Day or Just a Scam?
Hashtag Dumb: Fugitive Fraudster Taunts Cops on Twitter, Then Gets Caught