Bank routing number security?

[mpeirce]

We don’t keep that much in checking, why would anyone?

When we write checks or do a ACH transfer we move that exact amount from the savings account at the same bank to the checking account. Otherwise there is a trivial amount of cash in the checking account.

We don’t really use that checking account much.

 

[teejayevans]

We’ve never had a fraudulent charge. And if someone cleaned out our checking account it wouldn’t be the end of the world - we deliberately keep a low balance for that reason, while using autopay when convenient. We don’t need to care what scammers know. Those who have concerns could keep balances low to limit risk…

Of course every time they submit a check or ACH request, you’re going to pay overdraft penalties. If they automatically attempted different amounts that could add up.

 

[pacergal]

We have been using debit card and ACH auto payments for years. Have never had any problems with it.
I also have notices whenever anything over $50 is debited

 

[teejayevans]

We have been using debit card and ACH auto payments for years. Have never had any problems with it.

You haven’t been murdered for years but that doesn’t mean there are no murders.

 

[walkinwood]

You haven’t been murdered for years but that doesn’t mean there are no murders.

We're sharing our experiences with you. No need to be snarky!

 

[Midpack]

Of course every time they submit a check or ACH request, you’re going to pay overdraft penalties. If they automatically attempted different amounts that could add up.

Except it’s never happened, ever. But if you choose to sacrifice the convenience that’s perfectly fine.

 

[SecondCor521]

I love autopay and paperless. I will have 23 automatic payments drafted from my checking account in the next 30 days. Of those, at least 21 are paperless. For all the paperless ones, I get an email in advance with either the amount owed and the date the payment will be drawn or a link to login and check my statement.

I think it's very safe. I've been on autopay for as much as possible for at least a decade. I've never had any problems. Zero.

I've been switching over to paperless as well for a while now. I used to feel like CRLLS and wanted to get a paper statement in the mail. I switched over when I realized that an email in my inbox serves all the same purposes, just without the paper.

I like it so much that one financial institution I have that does not do autopay very well is less appealing to me for that reason and I might stop doing business with them.

I still get year end tax stuff in the mail. I keep pretty good track of tax stuff, but I might have a tax effect that I forget about through the year, or didn't make a note of in my tax records, or whatever.

To keep things safe, I do the following:

1. Strong password on my email.
2. Paperless statements on most things.
3. Bank and credit card alerts on card not present transactions, transactions over a nominal amount, etc.
4. Regular Quicken tracking with bills scheduled, so I know what, how much, and when to expect bills.
5. Quicken downloaded transactions for most accounts, so I can confirm the actual debits and credits match.
6. Only a handful of few checking/savings accounts, so I can keep track.
7. Most everything goes into and out of a central checking account.
8. Mail any payments with checks from a postal box rather than my mailbox (bordering on paranoid, I agree).

...

I use a Fidelity Visa for everything and get 2% back plus some tax benefits so I think of it as a 2.66% card.

...

My Dad has had a couple of times where transactions have posted on his checking account that he didn't recall making or were somewhat scammy. Every time, I go to his bank, they immediately issue a full provisional credit, and reissue him a new debit card in about two minutes while I wait. The provisional credit has always become permanent.

So even though this is only a debit card at an FDIC-insured bank, the protection there in our experience has been excellent, and the minor hassle a few times hasn't been any big deal.

(I have full POA on the account so I can legally and properly do those things for him.)

 

[gayl]

I use autopay but can modify it anytime up to 3 days before. I hate autodeduct (for anyone other than USAA Insurance) where they pull it. Synagogue has elected to go with that instead of zelle (yeah, no nope nada). I had an issue with Allstate decades ago where they kept taking it after I switched to my current carrier. Guess I'm either Gary cautious or a control freak. They don't seem to get why I won't sign on

 

[MRG]

Bank routing numbers aren't secure.

 

[teejayevans]

We're sharing our experiences with you. No need to be snarky!

Snarky is my factory default setting.

I understand it’s rare, but wanted to know if it was rare because there are safeguards or no one just thought of it.

When on jury duty, one of the cases was check fraud (stolen checkbook), so I was wondering if the same can be done electronically.

 

[Freedom56]

There is nothing preventing another party from withdrawing funds using a banks routing number and account number. Banks have security measures in place to prevent suspicious transactions from overseas. There is nothing preventing a merchant that you have set up for autopay to continue to charge the account. We had that issue many years ago with a bank that had a software glitch that resulted in erroneous unauthorized withdrawals. The bank acknowledged the error but it took several weeks to get over $8500 returned to us. Several thousand customers were impacted by this error. The bank covered all overdraft fees and compensated us $2000 for the error. Since then, we do not use our bank accounts for auto-pay transactions. All bill-pay transactions from our checking account are initiated manually.

 

[ERD50]

There is nothing preventing another party from withdrawing funds using a banks routing number and account number. Banks have security measures in place to prevent suspicious transactions from overseas. There is nothing preventing a merchant that you have set up for autopay to continue to charge the account. We had that issue many years ago with a bank that had a software glitch that resulted in erroneous unauthorized withdrawals. The bank acknowledged the error but it took several weeks to get over $8500 returned to us. Several thousand customers were impacted by this error. The bank covered all overdraft fees and compensated us $2000 for the error. Since then, we do not use our bank accounts for auto-pay transactions. All bill-pay transactions from our checking account are initiated manually.

You'd think that your bank would allow you to "black list" a specific party from doing an ACH, to cover issues like this.

-ERD50

 

[Freedom56]

You'd think that your bank would allow you to "black list" a specific party from doing an ACH, to cover issues like this.

-ERD50

Except it was another bank (Washington Mutual) and they eventually went out of business in 2008 due to mortgage losses and JP Morgan took control of all the accounts.

 

[Turbo29]

More important than keeping your routing number and account number secret is actually checking your statements in a timely manner.

"Regulation E and the Nacha Operating Rules each have a 60-day period that applies to unauthorized payments. But in complying with both Reg E and the Nacha Rules, understanding the differences in these periods is important.
Regulation E specifies how and when a consumer can be held liable for unauthorized charges."

https://www.nacha.org/news/which-60...ifferent-periods-regulation-e-and-nacha-rules

 

[SecondCor521]

You'd think that your bank would allow you to "black list" a specific party from doing an ACH, to cover issues like this.

-ERD50

Some banks do this exact thing for this exact reason. My Dad's bank does and I think my bank also does.

Some credit card companies offer a similar service for the exact same reason.

 

[jazz4cash]

You'd think that your bank would allow you to "black list" a specific party from doing an ACH, to cover issues like this.



-ERD50

I had a merchant that went out of business but continued to draw $12/mo from my checking account. I had my bank block them from further draws. I assume that’s what tou meant by blacklist.

 

[joesxm3]

Does anyone know how ACH via Plaid works internally?

I got the impression that Plaid would give the company a place holder account number for your account that would be decoded to the actual account number by the bank when the company does an ACH withdrawal, but have not been able to find any confirmation of this.

I used to have a credit card feature that worked like that where it would give me a one-time use credit card number to use to make a purchase.

I was wondering if Plaid did something like that so the company could ask for a place holder account number for an ACH, but would not be able to know the real account number in order to do an ACH at a later time after you had revoked the permission for that company in Plaid.

 

[Sunset]

...... I had a case of fraud with an Alliant credit union account. I had the account as a convenience because they have a better no-fee ATM network than my sticks and bricks bank. I used the ATM card a few times, but did not write any checks or use the account for any auto-payments. About six months went by when I did not check my monthly statements. During that time, someone used my routing number and account number to set up auto- payments for a pre-paid Verizon cell phone account. Alliant reimbursed me for the most recent 60 days of payments but denied liability beyond that time period. They were totally disinterested in tracing the payments and suggested I contact Verizon. Verizon was similarly disinterested and referred me back to Alliant. I closed the Alliant account and chalked it up to an educational cost. Part of what I learned was that the financial institution's ACH liability is only 60 days. ......

I wonder if nobody was interested because that is the job of the police.
It was a crime and it's the job of police to investigate and charge. Neither the bank nor Verizon could charge a person if they bothered to look to see who was doing the charging.

 

[Alan]

We had trouble once with DD many years ago when we signed up for a free trial with AOL. Before the trial ended I canceled it but AOL took the money anyway and it took me over 3 months to get AOL to cancel the DD and refund the payment.

In the UK you can cancel a DD without telling the merchant, although it is obviously a courtesy to do so. Whenever I cancel something like this I inform the seller and also log onto my bank account and cancel the DD. For example we moved into a rental house in 2016 and when we moved out in 2017 I canceled the DDs for the utilities and told them to bill me for the final amount so I could check it for accuracy.

 

[Trailwalker]

I wonder if nobody was interested because that is the job of the police.
It was a crime and it's the job of police to investigate and charge. Neither the bank nor Verizon could charge a person if they bothered to look to see who was doing the charging.

Well, as explained to me by one of the fraud department employees at Alliant, it could have been a crime or it could have been someone who keyed the wrong routing number/account number when setting up auto pay for Verizon. IIRC, the amount not reimbursed was less than $200. The amount Alliant reimbursed was less than $100. If I could have learned the identity and location of the Verizon customer who ended up paying with my money, maybe there could have been a police investigation. Given the amount involved, and the possibility for an honest mistake, I think it's unlikely.

What was frustrating to me was that the electronic fingerprinting to the transaction existed. A sympathetic Verizon rep in their fraud dept. told me she could see the customer's name and that the pre-paid account had recently closed. Without Alliant getting involved, Verizon could not release the identity of their customer to me. I still think it was a possibility that something hinky at Alliant was going on. While the routing number is public, that account number had never been used on a check or auto pay (from me).

The 60 day ACH liability protection would have made me whole if I had monitored the account more closely. That part was my fault.

 

[ncbill]

I pay as many bills as possible with cash-back credit cards.

No problem paying all but one insurance company via credit card...none charge me a fee for paying with a credit card.

That one insurer gets paid annually by check.

Tax refunds get direct deposited to my money market account.

I don't use debit cards.

Mainly because they follow time-based rules similar to what Trailwalker experienced for ACH transfers...wait too long to report and your account can be sucked dry with you having no legal recourse.

 

[Dash man]

I pay as many bills as possible with cash-back credit cards.

No problem paying all but one insurance company via credit card...none charge me a fee for paying with a credit card.

That one insurer gets paid annually by check.

Tax refunds get direct deposited to my money market account.

I don't use debit cards.

Mainly because they follow time-based rules similar to what Trailwalker experienced for ACH transfers...wait too long to report and your account can be sucked dry with you having no legal recourse.

I use ACH withdrawals for all Medicare premiums and utilities. I check my accounts on my apps daily for anything unusual, so I’m less worried about theft than I am about losing insurance coverage because a credit card expired while I’m in a hospital or get dementia.

 

[teejayevans]

I use ACH withdrawals for all Medicare premiums and utilities. I check my accounts on my apps daily for anything unusual, so I’m less worried about theft than I am about losing insurance coverage because a credit card expired while I’m in a hospital or get dementia.

You still have to worry about not having the money in your account.

 

[Car-Guy]

if someone cleaned out our checking account it wouldn’t be the end of the world - we deliberately keep a low balance for that reason, while using autopay when convenient. We don’t need to care what scammers know. Those who have concerns could keep balances low to limit risk…

Me too... Back in the day, not that long ago, I'd keep several hundred k in one of my checking account since I was writing some pretty big checks regularly to support my "hobbies". Nowadays, not so much... I just don't need that type of ready cash flow anymore. But it was a hard habit to quit... Rising interest rates helped me since I've now moved most of it to CD's.

Oh, and I never had a problem with any of my checking accounts, then or now.

I have had a few fraudulent charges to a couple of my credit cards over the years, but it has never cost me a dime.

 

[Dalmore]

My experience is that there is nothing you can do. At some point in time, one of those "magazine renewal" companies tricked us into sending them a check. They used the information to create their own checks, not ACH, stamping them as signature on file for the signature line. The odd thing is they didn't do anything for years. Then about a year ago, I noticed three checks over the coarse of 6 months for $30 - $45. They were for a magazine that we hadn't subscribed to for over 15 years. The bank required a police report and stated that they couldn't do anything to stop them from writing future checks, telling me my only option was to change my account number. A real pain.

If you think about it, it is the same for doing a stop payment on a lost/stolen check. The stop only stays in the system for 6mo and after that, the check can cashed. Banks are set up to stop forged checks, and blank checks can be created by anyone.