Why we need deposit-only bank accounts
Jonathan Buhacoff


Here's a simple question: why do banks ask us to share our account number with the world, and let anyone who has our name and account number to just ask the bank for our money?

Ever heard of credit card theft? Check fraud? Unauthorized ACH transaction? The shady business that keeps charging your subscription every month even after you told them you're canceling? These are all possible because we're doing it wrong.

If you've ever given a credit card to a cashier, or paid for something online with a credit card, you may have noticed that all they really need is a copy of your credit card information and they can authorize any charge they want -- that's why many online merchants ask you if they can save your credit card info. And since those new "smart chip" cards don't cover online purchases, if someone copies your physical credit card information they can use it to make an online purchase. They just have to do a little bit of research on you to get your zip code. They might already have it.

If you've ever filled out an automatic deposit form, you may have noticed that, even though the purpose of the form is to DEPOSIT money into your account, the SAME information on that form can be used to WITHDRAW money from your account.

And if you've ever written a check to someone, or provided a "voided check" to authorize automatic withdrawals, you may have noticed that all the information they need to forge a new ACH withdrawal form is right there.

Uh oh

They don't actually need to have the piece of paper, they just need your routing number and account number. That's how it's possible to set up ACH transactions online.

A legitimate business would never do that without permission, which might be in the fine print. But what if they get hacked and someone steals all that data? A criminal is not going to be deterred by having to forge a little form saying they have permission from you. And who actually compares paper signatures these days? I know I've signed a multitude of forms and payment orders in a variety of ways and I've not seen a single one rejected due to a signature mismatch.

Should our financial security depend on the good intentions of people? Good natured people won't be causing trouble anyway. It's the scammers, fraudsters, and criminals we need to be concerned about, and we already know they don't have good intentions, and that they don't mind breaking the law, so we need a system that protects us better.

Uh oh

Since it hasn't happened yet, I'm asking you to join me in this online petition to all banks to adopt a very simple idea called deposit-only accounts.

How it works

The new concept here is that we reverse the flow of information: Instead of letting anyone with YOUR NUMBER be able to withdraw your money, payees have to give you THEIR NUMBER and you authorize the payment to them. This also protects you when you receive money -- when you authorize direct deposit you can use a deposit-only account to make sure money only flows one way.

Instead of relying on paper signatures and good behavior, we should be using a system that has the built-in rules that we need.



Open an account

Here's how you would setup a deposit-only account:

  • You open a new deposit-only account at your bank, which gets an account number like any other checking account.
  • This number is public, because it cannot be used to withdraw money from your account. You could put this number on your social media accounts, it won't matter.
  • You will also need a regular account at the same bank, so you can transfer your money there to do something useful with it.

Open a deposit-only account

Receive money

Here's how you receive money with a deposit-only account:

  • You use the deposit-only account number on all forms that require an account number to make deposits to you -- at your employer, at your credit card merchant account, etc.
  • If you're filling out the form online, use your deposit-only account number instead of a regular checking account number.
  • If you're submitting a paper form that requires a "voided check" to be attached, or if you're submitting an online form that (for some reason) requires you to attach an image of a voided check, just ask your bank for a "voided check" with your deposit-only account number on it. It can't be used for withdrawals, it's just a formality for institutions that need the old format. Your bank might even make this available as a self-service download.
  • Only you can transfer money from your own deposit-only account to your regular checking or savings accounts. The bank might even do that for you automatically.

ACH deposit is the same

Send money

Here's how you can pay people using their deposit-only accounts:

  • Instead of writing checks to people (with your "take money out of my account" number) you REVERSE the transactions: they give you their deposit-only account number, and you send them the money!
  • Instead of paying for a stack of checkbooks for the privilege of unsafely sending people money with your account number on there, THEY should be sending YOU a deposit request with THEIR information on it
  • Then, you give that deposit request to your bank, and indicate the amount you want to pay (and from which account you want to pay), and your bank will then withdraw money from your account and send to them. It's check clearing, in reverse, and this simple change resolves a bunch of security issues.
  • Your bank will place a hold on the amount that you indicated you're sending, so that you don't spend it and cause your payment to bounce. If you don't have the funds, your bank should be kind enough to inform you without charging you a $35 fee, but they could still charge you for submitting payments for which you don't have the funds.
  • If you got a paper deposit request from someone and gave it to your banker in person, or mailed it to your bank, your payee would have to wait to receive the payment just like they have to wait for a traditional check to clear.
  • For online payments, your bank could send the payee's bank an instant notification that funds are available and reserved for their payment, even if the money won't be sent until the next day.

How to pay with a deposit only account

What about automatic payments?

  • Instead of you giving the payee permission to withdraw money from your account whenever they want to, you give your own bank directions to pay using the payee's deposit-only "check" with some additional information: how frequently to pay, and what is the range that can be paid without a special approval from you (for example, home utility bills typically do have a normal range, or that gym membership is the same amount every month).
  • If you decide to end the business relationship with the payee, you visit your bank (website) where you can see the list of authorized payments, and just revoke the permission. Stop those shady businesses from continuing to withdraw money after you've told them you're canceling. Obviously, if they didn't listen to you when you said you're canceling, they'll figure it out when they stop getting paid. Your bank can even notify them the moment you revoke the permission to pay, so they can avoid unpleasant surprises by canceling their service to you immediately if your balance with them is zero or negative.

How to manage automatic payments


How do we know the money is going to the right place?

When implementing deposit-only accounts, banks must also implement a notification system to alert the receiving bank that funds have been reserved and will be sent with the next batch.

The receiving bank can then alert its customer (a person, or a merchant) that an inbound payment is pending, similar to how a credit card authorization works, and also provide the additional information sent by the transmitting bank, such as the sender's name, customer number, or order number. This allows the recipient to check the incoming funds against pending orders, and notify the sender that the money is pointed at the correct account. The merchant can then safely close the sale.

Holding period

Sometimes an employer or other depositor makes a mistake, and they put too much money into your account. There are already rules in place today about being able to reverse a direct deposit within a few days, which is why the funds appear as "on hold" in your account and may not be available to withdraw until the holding period is over. Similar rules could apply to personal deposit-only accounts.

Credit cards

To understand how deposit-only accounts work with credit card payments, we need to look at the three aspects of a credit card: as a source of funds, as a payment mechanism, and as a network of banks and merchants following a specific set of rules for commerce.

A credit card is a source of funds, which is actually the credit account that it's linked to. You're getting a small loan every time you use the credit card. This aspect would not change when using deposit-only accounts. When you pay someone who has a deposit-only account, you essentially connect directly to your bank or credit union with their info and you say "send money to this account". So when you want to pay using your credit card account, you'd just connect to the bank where you have the credit account and specify that account as a source of funds, instead of a regular bank account.

A credit card is a payment mechanism. This is the part that would change when using deposit-only accounts. Instead of carrying around a card that tells people how to withdraw money from your account, you'd carry a digital wallet that lets you send money to a merchant's deposit-only account.

A credit card can only work when there's a payment network in place, where banks and merchants agree on a specific set of rules for commerce. Those rules include how to submit charges for a product or service, what happens when a customer disputes a transaction, or when a bank indicates the customer's credit limit has been exceeded. These payment networks would continue to function in very much the same way to provide easy access to credit and also consumer protection.

Digital wallet

A digital wallet is a device, such as a feature phone, smartphone, or a separate widget about the size of a credit card, that helps you send money to family and friends, or to pay merchants who use a deposit-only account.

You only need one digital wallet to access a multitude of accounts, but if you need to separate some of your accounts you could get two or more digital wallets to organize your accounts however you need to. For example:

  • keeping personal and business accounts separate
  • keeping a separate travel wallet to limit potential damage if it's lost or stolen

A digital wallet is better than using a debit or credit card because the security features are better and they're always active, whether you are buying in person or online. In contrast, credit card "smart chips" only work for in person transactions and don't protect you online at all.

You won't be giving your digital wallet to a waiter or a cashier, because it works differently than a card.

Even if you hand it to someone, or it is snatched from your hand while you're using it, a digital wallet can automatically lock in response to certain conditions, and a good digital wallet will let you set different security levels for using each of your accounts. The security features are there to give you time to call up your bank and report a stolen digital wallet the way you'd report a stolen credit card. Your bank can then temporarily freeze access to that account while you recover access to it with a new digital wallet.


Sometimes a customer cancels an order after paying, or is unhappy with the product or service they received and demands a refund.

If you are a merchant, this can be easily handled by obtaining the customer's deposit-only account information and sending them the refunded amount. You'd want to verify their identity by ensuring they have the order number information, and possibly some identification, before you send the refund so that you're not sending a refund to a fraudster. The verification can also be handled by an e-commerce platform or your merchant payment gateway so it won't be any more work for you than issuing a refund with the old system.

If you are the customer, refunds would be just as easy (or hard) as they are today, because as you know the hard part is convincing someone to get you that money back, not actually getting the money. You'd need proof of purchase just like today. You'd also need to provide the merchant with your own deposit-only account number so they can send you the money. If you used a credit account to buy the item, your credit account might already have a linked deposit-only account that is used for refunds so you wouldn't even need to provide any more information than you do today.

How does this compare?

Wire transfers

How is this different from wire transfers?

Wire transfers are already offered by banks as a way to transfer money to someone else's account. You have the account number of the recipient, which could be combined with other information to forge a withdrawal authorization.

Deposit-only accounts should be available as destinations for wire transfers. Instead of forcing people to continuously check for money that arrived in their account and move it to a more private account (whose number they don't give out to anyone), banks can offer deposit-only accounts to achieve the same result in a more safe and convenient way.

The system of payment using deposit-only accounts here is intended for popular use, at a large scale, for each transaction to be inexpensive, and to be used with companion applications for both sender and recipient that utilize the notifications and make it safe and convenient for commerce. In this regard, deposit-only accounts will be much better than wire transfers.

Scams, frauds, and social engineering attacks that use wire-transfers can be divided into two categories:

  1. Attacks that trick the person into paying for something that isn't real, so they never get the benefit from the purchase; these attacks are also possible with all other payment methods but wire transfers are popular with scammers because they are not reversible; in this case, deposit-only accounts are a better solution because they can also be used with credit accounts
  2. Social engineering attacks that trick the person into switching an account number from a legitimate vendor's account number to the scammer's account number can be caught using the notification system; in this case, deposit-only accounts are better for making both one-time and regular payments to vendors

ACH transactions

Let's consider each kind of ACH transaction separately:

  • ACH withdrawals
  • ACH deposits

If you need to give someone permission to withdraw money from your account directly, you could still do that with a regular checking account, but in most cases it would be better to reverse the direction of the transaction: instead of letting them pull money out of your account, you do an ACH deposit to their deposit-only account.

If you get direct deposits from someone (like your employer), then it doesn't change except that you could use a deposit-only account instead of a regular account to make sure that they can't pull money out. Specifically, if their records are compromised and a criminal gets your account number, using a deposit-only account would prevent a situation where someone can forge an ACH withdrawal authorization and take money out of your account.

Deposit-only accounts don't replace ACH transactions -- they just make them safer.

Cashier's check

When you get a cashier's check, the bank takes money out of your account and puts it into their account, and then give you the paper that you can hand off to the payee to get the money. This is more secure for the payee because they know the check won't bounce -- except that cashier's checks can still be forged, so payees should still wait for them to clear.

When sending money to someone's deposit-only account, the bank will put a hold on that amount of money in your account, or remove it from your account while the transaction is pending, making such payments just as "safe" for the payee as a cashier's check. Payments to deposit-only accounts are safer than cashier's checks because there is no cashier's check to forge. The two banks interact via the interbank system, and your payee will receive a notification when the funds have been reserved.


Cryptocurrency uses asymmetric cryptography, which has something called a public key, which acts as the recipient's address for sending money -- and therefore acts as a deposit-only account number. That is a good idea, and can be done with and without privacy, or any of the other typical cryptocurrency features such as blockchains and consensus protocols.

So deposit-only accounts and cryptocurrency have the following idea in common: that money should be transferred based on the recipient's deposit-only account number, because this gives senders control over their own money and prevents unauthorized withdrawals.

The plan

We are currently developing BankShield, a unique service to help you protect your bank account from unauthorized checks, wires, and ETFs.

Go to BankShield and register to show your support and to stay informed about our progress.


We are here to help you protect your privacy and security.