How bank accounts are vulnerable to fraud
by Jonathan Buhacoff

This is part 1 of a 3-part series about BankShield.

Introduction

Here's a simple question: why do banks ask us to share our account number with the world, and let anyone who has our name and account number to just ask the bank for our money?

Ever heard of credit card theft? Check fraud? Unauthorized ACH transaction? The shady business that keeps charging your subscription every month even after you told them you're canceling? These are all possible because we're doing it wrong.

An old-fashioned system

If you've ever given a credit card to a cashier, or paid for something online with a credit card, you may have noticed that all they really need is a copy of your credit card information and they can authorize any charge they want -- that's why many online merchants ask you if they can save your credit card info. And since those new "smart chip" cards don't cover online purchases, if someone copies your physical credit card information they can use it to make an online purchase. They just have to do a little bit of research on you to get your zip code. They might already have it.

If you've ever filled out an automatic deposit form, you may have noticed that, even though the purpose of the form is to DEPOSIT money into your account, the SAME information on that form can be used to WITHDRAW money from your account.

And if you've ever written a check to someone, or provided a "voided check" to authorize automatic withdrawals, you may have noticed that all the information they need to forge a new ACH withdrawal form is right there.

Uh oh

They don't actually need to have the piece of paper, they just need your routing number and account number. That's how it's possible to set up ACH transactions online.

A legitimate business would never do that without permission, which might be in the fine print. But what if they get hacked and someone steals all that data? A criminal is not going to be deterred by having to forge a little form saying they have permission from you. And who actually compares paper signatures these days? I know I've signed a multitude of forms and payment orders in a variety of ways and I've not seen a single one rejected due to a signature mismatch.

Should our financial security depend on the good intentions of people? Good natured people won't be causing trouble anyway. It's the scammers, fraudsters, and criminals we need to be concerned about, and we already know they don't have good intentions, and that they don't mind breaking the law, so we need a system that protects us better.

Uh oh

Our old-fashioned payment system has the same design flaw in checks, wires, EFTs, and credit cards. I call it old-fashioned because it still works essentially the same way that it did when checks were invented hundreds of years ago: You deposit money with a cashier, and then you write a note and give it to someone, and they later present it to the cashier to get your money.

Let's review how this works: You give someone a piece of paper (or an electronic message) with information on how to pull money out of your account. And you have to trust that they'll only do it that one time, that they won't try to forge a larger amount, that they won't lose the paper and accidentally allow someone else the opportunity to take your money, that the cashier will recognize your signature and reject attempts at forgery, and that you balanced your books correctly and aren't overdrawing your account -- because you get charged a fee if you screw up.

Fraud statistics

According to the American Bankers Association (ABA), fraud against bank deposit accounts is counted in the billions of dollars every year. According to a recent ABA fraud survey report, the attempted fraud was $25.1 billion in 2018, with $2.8 billion in losses (fraud attempts that were not caught by the banks), and doesn't include the resources banks spend trying to catch all that fraud.

According to the same report, check fraud was 47% of the losses that year, so more than $1.3 billion was lost to check fraud. Another 44% was lost to debit card fraud.

Is there a better way?

Unfortunately, it isn't easy to change the way checks, wire transfers, and EFTs work. Because of that, banks spend a lot of money trying to detect and reject fraudulent transactions. According to the ABA report from 2018, banks caught about 90% of attempted check fraud. It's pretty good, but not good enough if you're one of the victims in the other 10%.

We are currently developing BankShield, a unique service to help you protect your bank account from unauthorized checks, wires, and EFTs.

This is part 1 of a 3-part series about BankShield. Continue to part 2 to learn how BankShield works.

BankShield

Our mission: to protect your account from unauthorized checks, wires, and EFTs.

PO Box 1401
Hillsboro, OR 97123