Abstract: Merchant Capture Systems (MCS) provide the ability to deposit checks remotely without visiting a brick-and-mortar bank. The adoption of this technology is increasing rapidly; however, security threats exist with merchant capture systems. This paper examined two prominent merchant capture architectures to determine and prioritize common security threats and mitigating controls. Threats were identified for three components of a typical merchant capture system: bank, merchant and technology service provider. The paper communicates common MCS threats and controls as gathered by a questionnaire, evaluated by security experts and refined by IT auditors and bank examiners. The study determined the likelihood and impact of each threat, calculated an asset threat score and an inherent risk score for a merchant capture system, and concluded data loss as the top security risks when checks are deposited remotely through a merchant capture system.
Keywords: risk assessment, Risk Management, Remote Deposit Capture (RDC), Merchant Capture System (MCS), Banking industry, Security Threats
Download this article: JISAR - V7 N4 Page 50.pdf
Recommended Citation: Streff, K. F., Shrestha, S., Delzer, C. (2014). Risk Assessment & Management in Merchant Capture Systems: A Threat Analysis Perspective. Journal of Information Systems Applied Research, 7(4) pp 50-65. http://jisar.org/2014-7/ ISSN: 1946-1836. (A preliminary version appears in The Proceedings of CONISAR 2013)