[really3452]

Yeah, so the problem is that the account number plus short code had no checksum validation. This is the banks fault for implementing a rubbish account system. A proper system would look more like this sudo code:

1234567890-1234-checksum(1234567890-1234).substring(0, 6)

where 1234567890 is the account number, 1234 is the short code, and then 6 characters are typed in at the end are a checksum.

The short code is unique. So if you type in the correct checksum but not the correct short-code the fully-qualified unique identifier does not pass the validation step. Like-wise, if you type in the correct short-code but not the checksum then the unique identifier also does not pass the validation step. Thus, the user is protected against typing in an incorrect short code.

[erincandescent]

UK Sort Code + Account Numbers _do_ have check digits (Its not precisely a check digit as such: they have rules that they have to obey to be valid). Because of the age of the system, there isn't one _consistent_ rule for all sort code and account numbers, but instead a document listing the various methods and a couple of tables saying which rule(s) to apply and how

In most cases the sort code is included in the checksum

https://www.vocalink.com/media/3513/vocalink-validating-acco...

[gmueckl]

6 digits are far, far too extreme from a usability perspective. We have IBANs as world wide unique account identifiers. They are very unwieldy with up to 34 digits, depending on country. And only 2 of them are checksum digits. Most mistakes are one or two wromg digits or missing/extra digits and that can be caught with 2 properly designed checksum digits.

[kwhitefoot]

This s unbelievable. My Norwegian bank account number has a check digit as does my Norwegian social security number.

The bank account numbers have had check digits since 1967!