| > your employer needs to store your account and routing number as another piece of your personal info that they can lose Having grown up with banking outside the US, even that concern seems largely bizarre to me. Bank account numbers are routing identifiers, which have no business being used as bearer tokens! To be fair, the same thing (i.e. direct debits that can be initiated using only somebody's account and routing number) is possible in many other countries as well, but usually it's only used for very low-risk payments, since reversals are usually just a click away, with no recourse for the (former) payee. > Like, the system should be that you give your employer your banks name, plus a UUID associated with your account that allows entitys to deposit but not withdraw funds for you account. That UUID is just the account number. What needs to change is being able to initiate debits from somebody's account using only the account number; being able to make credit transfers to them is usually not a problem. For example, I don't see why banks can't offer two forms of account numbers: One that's only usable for inbound payments (and automatically bounces debits of any form, whether (fraudulent) check or ACH), and one that allows debits as well, possibly even limited to a single payee. |