This is part 3 of a 3-part series about BankShield. Read part 1 and part 2 for context.
Introduction
In part 1, we explored the vulnerability in our old-fashioned payment system that enables criminals to make unauthorized withdrawals from your accounts via checks, wires, EFTs, and credit cards.
In part 2, we described how BankShield works within the current system to protect the money in your bank account.
In this article, we are sharing our vision for a radical change in payment systems. First, we're going to describe the new concept in detail. Next, we'll compare it with how things work today. We'll conclude with how you can get involved to make this vision a reality.
A new concept
Let's review how our current system works: You give someone a piece of paper (or an electronic message) with information on how to pull money out of your account.
When you pay for something by check, wire, EFT, or using a credit or debit card, you're giving both a permission and instructions on how to pull money out of your account. There are entire categories of fraud that hinge on having the instructions handy and then trying to do it without permission.
To make payments secure and eliminate these kinds of fraud, we need a radical change in the design. We need to change from pull to push.
The way we do that is by reversing the flow of information: When you make a payment, instead of giving out YOUR NUMBER to a general account from which the payee can pull money, payees have to give you THEIR NUMBER to a deposit-only account and you contact your bank to authorize the payment to them.
A deposit-only account is different from today's general accounts because it comes with a built-in rule that money only flows a certain way: anyone can deposit money into it, and once there's money in there the only place it can go is into your main account.
Your main account would also be different from today's general accounts because it comes with a built-in rule that only you (or an authorized delegate) can get the money out.
Let's get into some details about how things will work.
Open an account
Here's how you would setup a deposit-only account:
- You open a new deposit-only account at your bank, which gets an account number like any other checking account.
- This number is public, because it cannot be used to withdraw money from your account. You could put this number on your social media accounts, it won't matter.
- You will also need a regular account at the same bank, so you can transfer your money there to do something useful with it.
You could have multiple deposit-only accounts at the same bank, just like you can have multiple checkig or savings accounts. You could set up your account so that money stays in there until you transfer it to your main account, or to have all the deposits automatically transferred to your main account as soon as they arrive.
Receive money
When you authorize a direct deposit with your employer or the government benefits office, you can use a deposit-only account to make sure money only flows one way.
When you get paid by customers, you get paid to a deposit-only account to make sure money only flows one way.
Here's how you receive money with a deposit-only account:
- You use the deposit-only account number on all forms that require an account number to make deposits to you -- at your employer, at your credit card merchant account, etc.
- If you're filling out the form online, use your deposit-only account number instead of a regular checking account number.
- If you're submitting a paper form that requires a "voided check" to be attached, or if you're submitting an online form that (for some reason) requires you to attach an image of a voided check, just ask your bank for a "voided check" with your deposit-only account number on it. It can't be used for withdrawals, it's just a formality for institutions that need the old format. Your bank might even make this available as a self-service download.
- Only you can transfer money from your own deposit-only account to your regular checking or savings accounts. The bank might even do that for you automatically.
Send money
Here's how you can pay people using their deposit-only accounts:
- Instead of writing checks to people (with your "take money out of my account" number) you REVERSE the transactions: they give you their deposit-only account number, and you send them the money!
- Instead of paying for a stack of checkbooks for the privilege of unsafely sending people money with your account number on there, THEY should be sending YOU a deposit request with THEIR information on it
- Then, you give that deposit request to your bank, and indicate the amount you want to pay (and from which account you want to pay), and your bank will then withdraw money from your account and send to them. It's check clearing, in reverse, and this simple change resolves a bunch of security issues.
- Your bank will place a hold on the amount that you indicated you're sending, so that you don't spend it and cause your payment to bounce. If you don't have the funds, your bank should be kind enough to inform you without charging you a $35 fee, but they could still charge you for submitting payments for which you don't have the funds.
- If you got a paper deposit request from someone and gave it to your banker in person, or mailed it to your bank, your payee would have to wait to receive the payment just like they have to wait for a traditional check to clear.
- For online payments, your bank could send the payee's bank an instant notification that funds are available and reserved for their payment, even if the money won't be sent until the next day.
What about automatic payments?
- Instead of you giving the payee permission to withdraw money from your account whenever they want to, you give your own bank directions to pay using the payee's deposit-only "check" with some additional information: how frequently to pay, and what is the range that can be paid without a special approval from you (for example, home utility bills typically do have a normal range, or that gym membership is the same amount every month).
- If you decide to end the business relationship with the payee, you visit your bank (website) where you can see the list of authorized payments, and just revoke the permission. Stop those shady businesses from continuing to withdraw money after you've told them you're canceling. Obviously, if they didn't listen to you when you said you're canceling, they'll figure it out when they stop getting paid. Your bank can even notify them that no more payments will be coming, and because you're in control you can send that notice immediately or you can schedule it for the day before the next payment is due.
Notifications
How do we know the money is going to the right place?
When implementing deposit-only accounts, banks must also implement a notification system to alert the receiving bank that funds have been reserved and will be sent with the next batch.
The receiving bank can then alert its customer (a person, or a merchant) that an inbound payment is pending, similar to how a credit card authorization works, and also provide the additional information sent by the transmitting bank, such as the sender's name, customer number, or order number. This allows the recipient to check the incoming funds against pending orders, and notify the sender that the money is pointed at the correct account. The merchant can then safely close the sale.
Holding period
Sometimes an employer or other depositor makes a mistake, and they put too much money into your account. There are already rules in place today about being able to reverse a direct deposit within a few days, which is why the funds appear as "on hold" in your account and may not be available to withdraw until the holding period is over. Similar rules could apply to personal deposit-only accounts.
Credit cards
To understand how deposit-only accounts work with credit card payments, we need to look at the three aspects of a credit card: as a source of funds, as a payment mechanism, and as a network of banks and merchants following a specific set of rules for commerce.
A credit card is a source of funds, which is actually the credit account that it's linked to. You're getting a small loan every time you use the credit card. This aspect would not change when using deposit-only accounts. When you pay someone who has a deposit-only account, you essentially connect directly to your bank or credit union with their info and you say "send money to this account". So when you want to pay using your credit card account, you'd just connect to the bank where you have the credit account and specify that account as a source of funds, instead of a regular bank account.
A credit card is a payment mechanism. This is the part that would change when using deposit-only accounts. Instead of carrying around a card that tells people how to withdraw money from your account, you'd carry a digital wallet that lets you send money to a merchant's deposit-only account.
A credit card can only work when there's a payment network in place, where banks and merchants agree on a specific set of rules for commerce. Those rules include how to submit charges for a product or service, what happens when a customer disputes a transaction, or when a bank indicates the customer's credit limit has been exceeded. These payment networks would continue to function in very much the same way to provide easy access to credit and also consumer protection.
Digital wallet
A digital wallet is a device, such as a feature phone, smartphone, or a separate widget about the size of a credit card, that helps you send money to family and friends, or to pay merchants who use a deposit-only account.
You only need one digital wallet to access a multitude of accounts, but if you need to separate some of your accounts you could get two or more digital wallets to organize your accounts however you need to. For example:
- keeping personal and business accounts separate
- keeping a separate travel wallet to limit potential damage if it's lost or stolen
A digital wallet is better than using a debit or credit card because the security features are better and they're always active, whether you are buying in person or online. In contrast, credit card "smart chips" only work for in person transactions and don't protect you online at all.
You won't be giving your digital wallet to a waiter or a cashier, because it works differently than a card.
Even if you hand it to someone, or it is snatched from your hand while you're using it, a digital wallet can automatically lock in response to certain conditions, and a good digital wallet will let you set different security levels for using each of your accounts. The security features are there to give you time to call up your bank and report a stolen digital wallet the way you'd report a stolen credit card. Your bank can then temporarily freeze access to that account while you recover access to it with a new digital wallet.
Refunds
Sometimes a customer cancels an order after paying, or is unhappy with the product or service they received and demands a refund.
If you are a merchant, this can be easily handled by obtaining the customer's deposit-only account information and sending them the refunded amount. You'd want to verify their identity by ensuring they have the order number information, and possibly some identification, before you send the refund so that you're not sending a refund to a fraudster. The verification can also be handled by an e-commerce platform or your merchant payment gateway so it won't be any more work for you than issuing a refund with the old system.
If you are the customer, refunds would be just as easy (or hard) as they are today, because as you know the hard part is convincing someone to get you that money back, not actually getting the money. You'd need proof of purchase just like today. You'd also need to provide the merchant with your own deposit-only account number so they can send you the money. If you used a credit account to buy the item, your credit account might already have a linked deposit-only account that is used for refunds so you wouldn't even need to provide any more information than you do today.
How does this compare?
Wire transfers
How is this different from wire transfers?
Wire transfers are already offered by banks as a way to transfer money to someone else's account. You have the account number of the recipient, which could be combined with other information to forge a withdrawal authorization.
Deposit-only accounts should be available as destinations for wire transfers. Instead of forcing people to continuously check for money that arrived in their account and move it to a more private account (whose number they don't give out to anyone), banks can offer deposit-only accounts to achieve the same result in a more safe and convenient way.
The system of payment using deposit-only accounts here is intended for popular use, at a large scale, for each transaction to be inexpensive, and to be used with companion applications for both sender and recipient that utilize the notifications and make it safe and convenient for commerce. In this regard, deposit-only accounts will be much better than wire transfers.
Scams, frauds, and social engineering attacks that use wire-transfers can be divided into two categories:
- Attacks that trick the person into paying for something that isn't real, so they never get the benefit from the purchase; these attacks are also possible with all other payment methods but wire transfers are popular with scammers because they are not reversible; in this case, deposit-only accounts are a better solution because they can also be used with credit accounts
- Social engineering attacks that trick the person into switching an account number from a legitimate vendor's account number to the scammer's account number can be caught using the notification system; in this case, deposit-only accounts are better for making both one-time and regular payments to vendors
ACH transactions
Let's consider each kind of ACH transaction separately:
- ACH withdrawals
- ACH deposits
If you need to give someone permission to withdraw money from your account directly, you could still do that with a regular checking account, but in most cases it would be better to reverse the direction of the transaction: instead of letting them pull money out of your account, you do an ACH deposit to their deposit-only account.
If you get direct deposits from someone (like your employer), then it doesn't change except that you could use a deposit-only account instead of a regular account to make sure that they can't pull money out. Specifically, if their records are compromised and a criminal gets your account number, using a deposit-only account would prevent a situation where someone can forge an ACH withdrawal authorization and take money out of your account.
Deposit-only accounts don't replace ACH transactions -- they just make them safer.
Cashier's check
When you get a cashier's check, the bank takes money out of your account and puts it into their account, and then give you the paper that you can hand off to the payee to get the money. This is more secure for the payee because they know the check won't bounce -- except that cashier's checks can still be forged, so payees should still wait for them to clear.
When sending money to someone's deposit-only account, the bank will put a hold on that amount of money in your account, or remove it from your account while the transaction is pending, making such payments just as "safe" for the payee as a cashier's check. Payments to deposit-only accounts are safer than cashier's checks because there is no cashier's check to forge. The two banks interact via the interbank system, and your payee will receive a notification when the funds have been reserved.
Cryptocurrency
Cryptocurrency uses asymmetric cryptography, which has something called a public key, which acts as the recipient's address for sending money -- and therefore acts as a deposit-only account number. That is a good idea, and can be done with and without privacy, or any of the other typical cryptocurrency features such as blockchains and consensus protocols.
So deposit-only accounts and cryptocurrency have a core concept in common: that money should be transferred based on the recipient's deposit-only account number, because this gives senders control over their own money and prevents unauthorized withdrawals.
Get involved
We are currently developing BankShield, a unique service to help you protect your bank account from unauthorized checks, wires, and EFTs.
We are also developing the digital wallet app and the necessary APIs that banks, merchant payment gateways, and credit card processors will need to modernize their payment systems and make the vision possible.
Visit our community page for more information about how you can get involved!