[sneed_chucker]

Honestly, I just hate how insecure and legacy everything involving banking in this country is.

For example, payroll - there's literally no reason your employer needs to store your account and routing number as another piece of your personal info that they can lose when some hacker finds out their MySQL admin password is "admin"

Like, the system should be that you give your employer your banks name, plus a UUID associated with your account that allows entitys to deposit but not withdraw funds for you account. It would be trivial to implement and make things much more secure, but instead we're stuck with the account+routing number system that's basically paper checks but put on a computer.

[lmz]

As a non American, the idea of a bank account number being a kind of secret that is usable to pull money out of the account is the most curious thing to me. I guess something like this can only exist in a high trust environment.

[toasterlovin]

Things aren't actually that simple. In terms of preventing fraud by the merchant, it's similar to credit cards in that the merchant needs to have a relationship with a bank in order to process ACH payments. That bank does underwriting on the risk of the merchant and has fraud prevention mechanisms in place.

For someone other than a merchant to transfer money out of your account with just your bank details, they would have to either try to pass a fake check or set up your bank account as an external account that they can transfer money out of to one of their own financial accounts. But external accounts are typically verified with test deposits before they can be transferred to/from.

[paulddraper]

As an American, I am perplexed by the fill-now-pay-after European gas pumps.

I suppose something like that can only exist in a high trust environment.

[lxgr]

I think it's less a function of a high trust environment, and more one of law enforcement consistently prosecuting even relatively minor theft.

I'd assume that even in the US, video taping everybody's plates wouldn't be that hard either, but actually getting your money back as a gas station owner might not be trivial.

[blacksmith_tb]

Not trying to wade into a continental dispute, but weren't gas pumps in the US also fill-then-pay until maybe 10-15 yr ago? I find it strange that you now have to basically guess about how much it will cost and then authorize a purchase up to that amount, instead of, you know, paying for however much actually got pumped (at today's price).

[ska]

Really you are authorizing some amount above what you will need, but only getting charged what you pump. I guess they consider that anyone who is actually going to overrun their card limit isn't too worrisome to annoy.

Not so long ago it was common enough in some places to have to go inside, give them X cash, then pump, then come back inside to get change - they would set the pump to only dispense up to X. It's basically that system digitized.

If you go back far enough the only record was on the pump itself, so it was either full service, or trust people would come in a pay what they pumped. People did just drive off sometimes in that case, but at least in the full serve case, you still had their gas cap and plate number, which was a disincentive.

[detourdog]

The best old gas pump system I have seen is in the Alfred Hitchcock Movie Young and Innocent.

https://en.wikipedia.org/wiki/Young_and_Innocent

The car is a Morris and the gas pump is a pole coming out of the ground and rotary hand pump at the top of the pole to dispense petrol.

I love old movies for these at glimpses of early technology.

[toasterlovin]

You typically authorize payment with a card before pumping, then the final amount is captured by the gas station after you're done. You only have to guess the amount if you're paying cash or if the pump card reader is broken and you have to pay inside.

It's the same concept as paying for a meal at a sit down restaurant: they authorize your card for the check amount plus some extra, then you write in the tip on the receipt, then the restaurant captures the correct amount later (at least, that's historically how it works, many restaurants are shifting to payment terminals where it's all done at once).

[lmm]

> It's the same concept as paying for a meal at a sit down restaurant: they authorize your card for the check amount plus some extra, then you write in the tip on the receipt, then the restaurant captures the correct amount later (at least, that's historically how it works, many restaurants are shifting to payment terminals where it's all done at once).

You what? That's bizzare.

[toast0]

Depends on where you were. Growing up in orange county, CA, I only remember pay before you pump, even before card readers. Nobody used a credit card for gas back then, but if they did, it would be recorded on a carbon sales slip with an imprint machine and mailed into the processor.

When I went on long driving trips, gas station attendants would be confused when I went in to get $20 on pump three but hadn't pumped. I haven't been out on the road and paying cash for gas in a long time though, I think there's probably some stations where you can pay inside after you pump.

[astura]

>weren't gas pumps in the US also fill-then-pay until maybe 10-15 yr ago?

Yes, you just pumped however much gas you wanted and paid inside. This was before there was credit card readers on the pumps. Closer to 20 years ago.

[paulddraper]

If you pay inside (cash it card), you know the cost and guess the volume.

If you pay outside (card), you control both cost and volume. But it pre auths $100 or something.

[paulddraper]

And most utility/etc bills will require ACH (or a payment fee).

So now Bob's Valley Energy Inc has the information to empty your account.

---

(Though FWIW, probably neither your employer nor your utility company is storing the information themselves in a MySQL db.)

[lxgr]

But if they do, can't you just call your bank and ask for the ACH debit to be reversed?

I've never had to actually do this myself, but as far as I understand, there's a process for that just like for credit card chargebacks, and a legal requirement to do so within 10 days of reporting the problem to your bank.

Of course being out the money for 10 days is not pleasant; I also do wish there were ways to limit ACH payments a bit more proactively.

[lxgr]

> your employer needs to store your account and routing number as another piece of your personal info that they can lose

Having grown up with banking outside the US, even that concern seems largely bizarre to me. Bank account numbers are routing identifiers, which have no business being used as bearer tokens!

To be fair, the same thing (i.e. direct debits that can be initiated using only somebody's account and routing number) is possible in many other countries as well, but usually it's only used for very low-risk payments, since reversals are usually just a click away, with no recourse for the (former) payee.

> Like, the system should be that you give your employer your banks name, plus a UUID associated with your account that allows entitys to deposit but not withdraw funds for you account.

That UUID is just the account number. What needs to change is being able to initiate debits from somebody's account using only the account number; being able to make credit transfers to them is usually not a problem.

For example, I don't see why banks can't offer two forms of account numbers: One that's only usable for inbound payments (and automatically bounces debits of any form, whether (fraudulent) check or ACH), and one that allows debits as well, possibly even limited to a single payee.

[clintonb]

> It would be trivial to implement and make things much more secure…

If it were truly trivial, this would have been implemented long ago. This isn’t a pure engineering problem as much as it’s a “convincing people to do it” problem.

[tjader]

It is implemented in most of the world outside of the US.

It is scary that the info you need to deposit funds into an account in the US also allows you to withdraw funds from it.

[otteromkram]

With approval (eg - PIN or password) you might be able to withdrawal funds.

But, can't you say the same thing about a credit card? Heck, you don't even need a password for that; everything you need is right on the card.

Or, your mobile device (if you pay through near-field tech)?

[dqv]

>With approval (eg - PIN or password) you might be able to withdrawal funds.

Not to sound like someone who wants to get your bank details, but which bank allows you to delay ACH payments until you approve them? All someone needs to get money from my account is the (publicly available) routing number for my bank and my account number. Boom. Now I'm paying someone else's Verizon bill and have to call my bank and say "I can't believe you think I'm someone who would waste money with Verizon!". What I really want is access control for all ACH transactions. They said it wasn't possible for me to do an allowlist for ACH. I basically just have to call any time a fraudulent transaction comes through to stop payment. OTOH, with certain card issuers (AmEx I think?), I can simply press a button to declare a transaction fraudulent.

>But, can't you say the same thing about a credit card? Heck, you don't even need a password for that; everything you need is right on the card.

Checks have that too. Except there are hundreds of copies of them. Someone just needs to see one check to get all the information they need to withdraw from your account.

OTOH, I turn my debit card off, so having that information is useless unless someone knows when it's on. I can actually do this with most of my cards, debit and credit. Coupled with virtual credit cards, it's a really effective way to secure money. Or at least have stricter control than a classic bank account.

[lxgr]

> But, can't you say the same thing about a credit card? Heck, you don't even need a password for that; everything you need is right on the card.

It being replicated widely (see also: SSNs) doesn't make the "account number as a bearer authentication token" approach any less insane!

I believe that the only way to get some momentum in getting away from this unfortunate situation would be regulatory intervention – using market forces alone, convenience and inertia will just inevitably punish whoever moves first by introducing even the slightest amount of friction.

Otherwise, the US would already have PINs for POS payments and 3DS challenges for online payments using credit and debit cards.

[tjader]

If you need PIN or password, why are people so scared of giving out account numbers?

[paulddraper]

OP clearly means "technically trivial"

[chrismcb]

The implementation is trivial. But the regulations aren't.

[spelunker]

I mean, credit cards do it with tokens, so at least part of the industry moved to something like that already.

[dqv]

I mean take a page from cryptocurrencies [0] and allow multiple wallets. Then add on access control. Payroll is always going to want to be able to pull back from the “wallet”, but that doesn’t mean there can’t be some access control mechanism that says “only payroll can push to or pull from this wallet address”.

[0]: or whatever thing one wants to say is responsible for generating the idea of multiple electronic wallets. I get that some people think crypto is dumb. Take your pick on what was responsible for this idea.

[chrismcb]

Laws. The American banking system has to many draconian regulations coupled with "know your customer" and any money laundering laws, it makes banking difficult. And hard to disrupt