Here's a simple question: why do banks ask us to share our account number with the world, and let anyone who has our name and account number to just ask the bank for our money?
Ever heard of credit card theft? Check fraud? Unauthorized ACH transaction? The shady business that keeps charging your subscription every month even after you told them you're canceling? These are all possible because we're doing it wrong.
If you've ever given a credit card to a cashier, or paid for something online with a credit card, you may have noticed that all they really need is a copy of your credit card information and they can authorize any charge they want -- that's why many online merchants ask you if they can save your credit card info. And since those new "smart chip" cards don't cover online purchases, if someone copies your physical credit card information they can use it to make an online purchase. They just have to do a little bit of research on you to get your zip code. They might already have it.
If you've ever filled out an automatic deposit form, you may have noticed that, even though the purpose of the form is to DEPOSIT money into your account, the SAME information on that form can be used to WITHDRAW money from your account.
And if you've ever written a check to someone, or provided a "voided check" to authorize automatic withdrawals, you may have noticed that all the information they need to forge a new ACH withdrawal form is right there.
They don't actually need to have the piece of paper, they just need your routing number and account number. That's how it's possible to set up ACH transactions online.
A legitimate business would never do that without permission (or an appropriate amount of small print saying they can basically take out whatever money they decide at any time), but what if they get hacked and someone steals all that data? A criminal is not going to be deterred by having to forge a little form saying they have permission from you. And who actually compares paper signatures these days? I know I've signed a multitude of forms and payment orders in a variety of ways and I've not seen a single one rejected due to a signature mismatch.
Should our financial security depend on the good intentions of people? Good natured people won't be causing trouble anyway. It's the scammers, fraudsters, and criminals we need to be concerned about, and we already know they don't have good intentions, and that they don't mind breaking the law, so we need a system that protects us better.
Since it hasn't happened yet, I'm asking you to join me in this online petition to all banks to adopt a very simple idea called deposit-only accounts.
The new concept here is that we reverse the flow of information: Instead of letting anyone with YOUR NUMBER be able to withdraw your money, payees have to give you THEIR NUMBER and you authorize the payment to them. This also protects you when you receive money -- when you authorize direct deposit you can use a deposit-only account to make sure money only flows one way.
Instead of relying on paper signatures and good behavior, we should be using a system that has the built-in rules that we need.
Here's how you would setup a deposit-only account:
- You open a new deposit-only account at your bank, which gets an account number like any other checking account.
- This number is public, because it cannot be used to withdraw money from your account. You could put this number on your social media accounts, it won't matter.
Here's how you receive money with a deposit-only account:
- You use the deposit-only account number on all forms that require an account number to make deposits to you -- at your employer, at your credit card merchant account, etc.
- If you're filling out the form online, use your deposit-only account number instead of a regular checking account number.
- If you're submitting a paper form that requires a "voided check" to be attached, or if you're submitting an online form that (for some reason) requires you to attach an image of a voided check, just ask your bank for a "voided check" with your deposit-only account number on it. It can't be used for withdrawals, it's just a formality for institutions that need the old format.
- If an employer or merchant account makes a mistake in the amount they sent to you, they can ask you to send the money back or they could withhold the appropriate amount from their next deposit, or make another arrangement with you.
- Only you can transfer money from your own deposit-only account to your regular checking or savings accounts. The bank might even do that for you automatically.
Here's how you can pay people using their deposit-only accounts:
- Instead of writing checks to people (with your "take money out of my account" number) you REVERSE the transactions: they give you their deposit-only account number, and you send them the money!
- Instead of paying for a stack of checkbooks for the privilege of unsafely sending people money with your account number on there, THEY should be sending YOU a deposit request with THEIR information on it
- Then, you give that deposit request to your bank, and indicate the amount you want to pay (and from which account you want to pay), and your bank will then withdraw money from your account and send to them. It's check clearing, in reverse, and this simple change resolves a bunch of security issues.
- Your bank will place a hold on the amount that you indicated you're sending, so that you don't spend it and cause your payment to bounce. If you don't have the funds, your bank should be kind enough to inform you without charging you a $35 fee, but they could still charge you for submitting payments for which you don't have the funds.
- If you got a paper deposit request from someone and gave it to your banker in person, or mailed it to your bank, your payee would have to wait to receive the payment just like they have to wait for a traditional check to clear.
- For online payments, your bank could send the payee's bank an instant notification that funds are available and reserved for their payment, even if the money won't be sent until the next day.
What about automatic payments?
- Instead of you giving the payee permission to withdraw money from your account whenever they want to, you give your own bank directions to pay using the payee's deposit-only "check" with some additional information: how frequently to pay, and what is the range that can be paid without a special approval from you (for example, home utility bills typically do have a normal range, or that gym membership is the same amount every month).
- If you decide to end the business relationship with the payee, you visit your bank (website) where you can see the list of authorized payments, and just revoke the permission. Stop those shady businesses from continuing to withdraw money after you've told them you're canceling. Obviously, if they didn't listen to you when you said you're canceling, they'll figure it out when they stop getting paid. Your bank can even notify them the moment you revoke the permission to pay, so they can avoid unpleasant surprises by canceling their service to you immediately if your balance with them is zero or negative.
How do we know the money is going to the right place?
When implementing deposit-only accounts, banks must also implement a notification system to alert the receiving bank that funds have been reserved and will be sent with the next batch.
The receiving bank can then alert its customer (a person, or a merchant) that an inbound payment is pending, similar to how a credit card authorization works, and also provide the additional information sent by the transmitting bank, such as the sender's name, customer number, or order number. This allows the recipient to check the incoming funds against pending orders, and notify the sender that the money is pointed at the correct account. The merchant can then safely close the sale.
How is this different from wire transfers?
Wire transfers are already offered by banks as a way to transfer money to someone else's account. You have the account number of the recipient, which could be combined with other information to forge a withdrawal authorization.
Deposit-only accounts should be available as destinations for wire transfers. Instead of forcing people to continuously check for money that arrived in their account and move it to a more private account (whose number they don't give out to anyone), banks can offer deposit-only accounts to achieve the same result in a more safe and convenient way.
The system of payment using deposit-only accounts here is intended for popular use, at a large scale, for each transaction to be inexpensive, and to be used with companion applications for both sender and recipient that utilize the notifications and make it safe and convenient for commerce. In this regard, deposit-only accounts will be much better than wire transfers.
Scams, frauds, and social engineering attacks that use wire-transfers can be divided into two categories:
- Attacks that trick the person into paying for something that isn't real, so they never get the benefit from the purchase; these attacks are also possible with all other payment methods but wire transfers are popular with scammers because they are not reversible; in this case, deposit-only accounts are a better solution because they can also be used with credit accounts
- Social engineering attacks that trick the person into switching an account number from a legitimate vendor's account number to the scammer's account number can be caught using the notification system; in this case, deposit-only accounts are better for making both one-time and regular payments to vendors
Let's consider each kind of ACH transaction separately:
- ACH withdrawals
- ACH deposits
If you need to give someone permission to withdraw money from your account directly, you could still do that with a regular checking account, but in most cases it would be better to reverse the direction of the transaction: instead of letting them pull money out of your account, you do an ACH deposit to their deposit-only account.
If you get direct deposits from someone (like your employer), then it doesn't change except that you could use a deposit-only account instead of a regular account to make sure that they can't pull money out. Specifically, if their records are compromised and a criminal gets your account number, using a deposit-only account would prevent a situation where someone can forge an ACH withdrawal authorization and take money out of your account.
Deposit-only accounts don't replace ACH transactions -- they just make them safer.
When you get a cashier's check, the bank takes money out of your account and puts it into their account, and then give you the paper that you can hand off to the payee to get the money. This is more secure for the payee because they know the check won't bounce -- except that cashier's checks can still be forged, so payees should still wait for them to clear.
When sending money to someone's deposit-only account, the bank will put a hold on that amount of money in your account, or remove it from your account while the transaction is pending, making such payments just as "safe" for the payee as a cashier's check. Payments to deposit-only accounts are safer than cashier's checks because there is no cashier's check to forge. The two banks interact via the interbank system, and your payee will receive a notification when the funds have been reserved.
Cryptocurrency uses asymmetric cryptography, which has something called a public key, which acts as the recipient's address for sending money -- and therefore acts as a deposit-only account number. That is a good idea, and can be done with and without privacy, or any of the other typical cryptocurrency features such as blockchains and consensus protocols.
So deposit-only accounts and cryptocurrency have the following idea in common: that money should be transferred based on the recipient's deposit-only account number, because this gives senders control over their own money and prevents unauthorized withdrawals.
Here's our plan for transforming the world to use deposit-only accounts:
Step 1. Sign this petition
Step 2. Share it with friends, family, and everyone you know
Step 3. Get banks to make deposit-only accounts available
Step 4. Open deposit-only accounts, and share the info with everyone who pays you already via direct deposit
Step 5. Get everyone else to accept payments via their own deposit-only accounts, too
Are you with me? Please sign the petition!