An ACH pull is merely a check converted into an electronic format, and your signature (either a written signature or an electronic signature) is supposed to be required to execute it, just as is required of a check.

Thats the point- the bank doing the pull ought to verify a signature, but they don't - they take their account holder's word for it and do whatever they want. A better system would use crypto, with the requirement that you perform an independently verifiable cryptographic signature to authorize transactions. This could be done with your credit card (smartcard). ACH/Checks are a relic of the past and ought to be properly dispensed with.

nosatalian said:An ACH pull is merely a check converted into an electronic format, and your signature (either a written signature or an electronic signature) is supposed to be required to execute it, just as is required of a check.

Thats the point- the bank doing the pull ought to verify a signature, but they don't - they take their account holder's word for it and do whatever they want. A better system would use crypto, with the requirement that you perform an independently verifiable cryptographic signature to authorize transactions. This could be done with your credit card (smartcard). ACH/Checks are a relic of the past and ought to be properly dispensed with.

but the banks don't take the account holder's word. if the check turns out to not be valid, they just ask the person for the money back. they don't eat the loss.

RS3RS said:Let's use some logic people. You guys aren't stupid.

OK, so they can sit there and randomly generate account numbers.

Or, they can go get a retail job (not hard to do) and copy down tons of 100% guaranteed first try legit account numbers, every single day.

Your information is thrown out into the world every time you write a check. Every time. I wouldn't worry about someone randomly generating it and that being more of a threat.

I don't think it's anything to worry about, either.

Even if your bank account is completely drained of all the money you have on deposit, you're going to get it back.

Bankers love to scare consumers about credit card and bank fraud, so that the consumer does the bank's job of protecting accounts. It all boils down to one thing: If your CC or bank account # is stolen, YOU aren't going to be the one who pays for the criminal's theft. Well, unless you let the bank intimidate you.

Any money that comes out of your account, that you didn't authorize, is money that's going to be returned to you.

Of course, the above doesn't apply to a business account. If someone steals your business account money, you're out of luck.

I believe Bof A allows you to set up an email alert when any money is ACH pulled from your account. If it can be set to a one penny threshold than you don't have to log in every day.

codename47 said:but what if the cops don't care...

Cops don't need to even get involved. I'm willing to bet that since the money crosses state borders or country borders, the FBI will run after them.

So, the average fatwalleter should check her/his 10+ accounts everyday?

If not every day then every few days. That is the best defence.

hdpq said:codename47 said:but what if the cops don't care...

Cops don't need to even get involved. I'm willing to bet that since the money crosses state borders or country borders, the FBI will run after them.

Other than taking a report over the phone (which they probably won't do, and will instead refer you to your local police), the FBI isn't going to get involved in any sort of financial crime that involves such small amounts of money.

If your report leads them to uncover a pattern of small crimes that amount to $50,000+, then they'll get involved.

There are so many scammers out there these days, that the FBI doesn't have the resources to go after the small change.

aeiouy said:I suspect there will eventually be some kind of pin or code required to initiate ach transactions in the future.

As soon as the banks start to lose more money than it costs to fix the system...

The "source" of the story, a woman at an institution whose name has been improperly used in connection with the withdrawals, is hardly credible. How on earth would she know that deposits of one penny were made to randomly generated accounts and routing numbers before withdrawals were made when she does not work for any of the institutions from where the deposits and withdrawals were made.

One is not liable for electronic transactions made from their account so long as they notify their bank of unauthorized activity. Basically one has 60 days to advise of an unauthorized transaction, and then you are only liable for losses that take place AFTER the 60th day if the bank can prove they could have stopped someone from taking the money if they can prove that they could have stopped someone from taking the money if you had told them in time. So yeah, monitor your accounts. But you don't have to do so every single day for fear of someone depositing a penny into the account or withdrawing money without your permission.

When I did my CW push to HSBC, CW rejected it because they suspected fraud. I complained that I verified the trial deposits, and set up the transfer a few days in advance. The fraud guy told me that they didn't have any way to verify the name on the HSBC acct, and that also invalidates the trial deposit verification. This ACH thing is pretty scary.