|
The visitor had an unusual request. He wondered if the BancTec sorters in the MICR Automation disaster backup center could be used to sort his company’s checks in check number order. After getting a yes, he returned several hours later with his back seat full of boxes of checks.
As the sorting progressed, the story came out. His fairly good sized company had begun finding itself overdrawn frequently, even though it often carried a balance of $150,000 or more. It was then discovered that checks for a number of large debits on the monthly statements couldn’t be found. When copies were obtained from the bank, they were found to be made to the bookkeeper, and signed by her.
She wasn’t on the signature cards, but was the keeper of the blank checks in a locked file cabinet in her office. Her system printed the checks, but the checks could also be handwritten and not go through the system.
Shortly after the introduction of nearby casino gambling, the bookkeeper had had a run of very bad luck. Not one to give up easily, she had decided that if she could just get a stake, she could win it all back. Totally out of money, but with complete faith in her ability to eventually beat the house and win big, she started writing herself checks for several thousand dollars whenever she felt lucky. Her intentions were good. She planned to give a little extra back to the company when she won big.
When the statements came, she would remove her checks from the pile and tell the officer who reviewed the checks that the statement had reconciled. He typically looked through the checks, but never checked them against the multi-page statement himself.
This continued until in a few months she had taken over $160,000 out of the account, and the frequent overdrawn conditions forced a complete examination.
As the backup center staff discussed the situation, their thoughts on how to prevent such things led to the creation of the MICR Automation Secure Automatic Emailer.
If all the check images were automatically emailed nightly to several people in the company, and if they had a very convenient way to quickly look at them, any such fraud would be seen instantly. The fact that the checks were being emailed nightly would remove the temptation to use blank checks improperly.
Since almost all small companies keep their blank checks in file cabinets available to nearly everyone, the exposure is very high. A secure automatic emailer should be valuable to almost everyone. While image statements fill one gap, there is still a month of no notice to tempt the weak, disgruntled, or needy.
As the discussions continued, it was seen that providing daily images of items in deposits would also be very valuable. Knowing who had paid, and also being able to notice whose check hadn’t shown up when expected, would eliminate other temptations. Being able to look up a deposit later if its source was unknown or forgotten was also very convenient.
Since ACH is becoming very common, a technique for creating so-called virtual items was developed. These are images which look like check sized pieces of paper with all the information about each ACH transaction printed on them.
While the system was being tested, the ability to receive checks from multiple accounts was added, and the system was expanded to provide for daily delivery of reconciliation files to update bookkeeping systems automatically.
Being able to receive items on multiple accounts allowed people to get not only their company transactions, but transactions on their personal accounts, and the accounts of their children and elderly parents. Users can receive data on any account they are authorized on, and everything is controlled at the individual recipient level.
A recipient could get transactions for his company, and if he were the Lions Club Treasurer he could also get items on that account and his personal accounts. His viewer allows him to either see everything or selectively view one account at a time. Meanwhile, the bookkeeper could get the company items and the daily reconciliation file.
To provide security, strong PGP public/private key encryption was built into the system. Each user has a unique key set. The bank uses each user’s public key to encrypt the email attachment containing the data, and the program on the customer’s PC uses the private key to decrypt the attachment and store it in the designated folder. Opening the attachment causes the decryption to occur automatically.
The program on the customer PC maintains a database of all items, and allows searching by all fields, printing of items, and creation of files of images. Since most modern PC’s have 100 or more gigabytes of disk, there is enough room to keep years of images online.
The daily emails also provide an almost no-cost place for the bank to put their advertising messages where they will be seen.
It can be a powerful tool for getting new customers, without the need for a loan relationship. Attracting customers away from a bank where they have a loan relationship is difficult, but this service provides a new way to justify opening new accounts. Once their new customers start using the system, banks offering it will find that their new accounts wind up with almost all the customer’s money. Accounts at other banks not offering the service seem unsafe.
The system provides banks with a valuable and low cost new way to interact with their customers. It involves customers in fraud detection to a degree impossible with any other method.
|
|
The Secure Automatic Emailer Story
Lessons From A Major Fraud
|
|
A major fraud led to the creation of an entirely new way to protect bank customers |