The obvious administrivia: somehow the wrong numbers are used.
If money ends up in the wrong account it can be impossible to get it back. Hence my "more than I'm prepared to lose" caveat.
I was originally conditioned by something I witnessed in the late 70s. A secretary had money /repeatedly/ taken from her account without her authorisation. Her bank instantly accepted that and refunded the money, but were unable to prevent it happening every month. It was eventually traced to a merchant bank and a data entry error.
No direct relevance, of course, but the modern equivalents (see the "slow news day" consumer reports) are directly relevant.
My online bank shows the name of the account you are transferring to in most cases - certainly for anything commercial. I don't think it always shows the name for transferring person to person, but I rarely do that outside of my "favourites" list. And with modern bank apps on mobiles, you can transfer the money using the receiver's phone number for identification - it's just their name in your contacts list.
That kind of thing can happen - but you are literally talking about one in a million chances.
I don't know the details either - as long as the money coming in is roughly the same as the money going out, I prefer to remain blissfully ignorant about financial matters!
However, the key difference here is that with a debit card, the money comes out /your/ account at the time of the transaction. With a credit card, the money comes out of VISA's account - /you/ only pay for it when you pay your bill to VISA.
(I say VISA here - the same applies to MasterCard or any other card company.)
Usually cards are /either/ a direct debit card, /or/ a credit card. Credit card companies like VISA support both. So I have a VISA direct debit card (it is "built into" my main bank card), and a MasterCard credit card. I'll use the MasterCard when I want extra security, such as for online purchases, most international purchases, and where I want the free insurance on the purchase, or where there is some sort of special deal. Otherwise, I use the direct debit card for most shopping.
In either case, in shops or restaurants I pay by putting the card in the terminal, and typing my PIN code. Signature authorisation is a backup solution - it is only used if there is a problem with the terminal, the line to the bank, or the bank. Shops and banks dislike it because it means extra manual checking.
This applies in Norway and abroad (though I don't go abroad much, and only within Europe).
Small shops and restaurants know a bit about running themselves, but not all the details. Someone who runs a shop selling bikes does so because they are interested in bikes and in selling bikes - not because they are interested in economics, studying details of "costs to society", tracking where each minute of the day goes, or considering the average financial cost of theft across the industry. They are only likely to know the true cost of using cash if someone tells them (such as their bank or accounts actively offering them lower rates for automated transactions), or if - like me - they make a hobby of collecting mostly useless random bits of information.
In the US, an erroneos transfer just gets pulled back. I had a rent check double-depositied once. No problem. Once the bank (CU, actually) figgured out what happened, they just grabbed the money out of their account. This raises a completely different set of issues, which is why one doesn't give access to an account to someone who isn't trusted (like the government).
So what's the problem with a transfer sent to the wrong account?
For paying a bill with a large corporations, that's sufficient. Even if it ended up in the wrong account within a corporation (e.g. Joe's gas account rather than mine), rectification should be simple.
Not so w.r.t. someone's bank account, for very good reasons.
And a tradesman isn't a large corporation.
BTW, what is this "apps" of which you speak ;} Is it something on a trojan host?
Depends on the quality of the data entry process and error checking mechanisms! Certainly modern equivalents regularly feature in consumer reports.
Just explain to me how such an error can happen with online bill pay. At my bank if the payee is registered, then their information is confirmed on screen when I am adding them to my payee list. Not sure how I could screw that up anymore than sending a check. The actual transfer can't be screwed up at all in any way that would impact me.
I had a friend use autopay for his mortgage. Then one month they deducted it something like four or five times in as many days until checks started bouncing. It was corrected, but a *huge* PITA dealing with all his other checks that bounced. Of course, the fees were waved and compensated, but he had to do all the leg work of proving the fees. That was 15 years ago.
I think paper checks can be much more problematic these days. Paper checks can easily be altered to change a 1 thousand dollar check to a
10,000 dollar check. They wash the ink and rewrite the amount. Very insecure.
You guys seem to be mixing apples and oranges. Yes, debit and credit cards are not the same. But we are talking about the vendors point of view. To the vendor they are the same other than one requiring a signature and the other a PIN.
To me, the big difference is that if there is a problem and money is removed from my account by the debit card, I bounce checks left and right. That's a HUGE mess to clean up.
I had some invalid transactions on my credit card once where charges were coming in every couple of minutes from Brazil for $150 sneakers (very negotiable). I happen to be up at 4AM and saw the email from AmEx. I called and they confirmed with me that I had not placed the charges. They stopped them all. All I had to do was wait for the monthly statement and formally dispute them.
On proper online banking you can send money to anyone else who has a bank account not just to registered payees. All potential payees are possible as well as any typos you might make. If you are unlucky and choose a typo like right account number wrong sort code and the combination is valid then the transfer succeeds but not to the intended destination. It can be very difficult to get it back afterwards.
If it is a major company the banks system will hold details for them and let you select/remind you to fill in the comments field with the right credit card reference number etc. But for Mr R. Andom person it will let you enter anything you like in free form. Up to you to get it right or risk losing money into the ether. I get my wife to check any new sizeable transactions before executing the transfer.
Best one I had was a major fitted kitchen installer accidentally reran a Barclaycard transaction tape about 3 years later and the (large) transaction went through a second time! It was unwound PDQ with compensation but it was astonishing that it was allowed at all!
Only if you use feeble insecure inks. Any cheque I have written will not be modified without leaving obvious signs of damage.
In Europe they have both been chip&PIN for ages. The difference is that with a debit card the merchant fees are slightly lower and the customer assumes all liability if the vendor goes bust without delivering goods.
A credit card gives you a lot more protection buying directly from a supplier. If they go bust then you still get your money back.
But that can happen if the card is skimmed or the numbers compromised (or even guessed). I had one card "compromised" before first use (possibly an inside job - it was never really clear).
Anything with a 16 digit main number and a CCV can be nabbed. 3D-Secure aka Verified by Visa offers largely illusory online protection.
Generally I have found credit card antifraud measures to be very good. They turn down uncharacteristic transactions automatically and then contact me by phone the next business day - if genuine I tell them so and if not then they cancel the card and reissue a new one immediately. Happens in anger about once a decade give or take.
The largest note in Norway has always (since 1877) been a 1000 kroner note - $117 at the moment. There are calls to remove them, and possibly even 500 kroner notes.
In Norway that is nearly only the case for kids cutting the grass for charity, and dodgy "no questions asked, cash under the table" operations. If you get someone in to fix the plumbing, tile the bathroom, paint a room, or whatever, and you want a decent job done, then the tradesman will be part of a business (possibly just a one-man company). You will get a bill, and any necessary paperwork at the end of the job - and if it is big enough, you'll get an estimate at the start of the job. The guy will be qualified and certified, at least for things like electricians and plumbers. This whole process is so that you, the customer, know you have decent work for your money, you know who to blame if there is a problem, and your insurance company will pay out if bad work causes floods or fires. And the tradesman does not need to stand in your doorstep until he gets your cash - he has the paperwork to prove he did the job, and he knows your name and address.
As an aside, as Schneier notes, they authenticate the transaction, not the user. That's much better than any of the so-called national identity schemes.
The quotation marks were an indication that these are not real fees. A small businessman or tradesman might offer you a cheaper rate for something if he pockets the money without filling out the proper accountancy records and paying the appropriate taxes - sales tax, income tax, or whatever. If you want a receipt for the payment, he is going to have to make the proper records and going to have to pay the appropriate taxes. To be tax free, it has to stay off-record. But the tradesman is not going to say "Let's screw the taxman. Pay in cash, nothing on paper, we'll split the difference, and we'll both agree to lie about the tax fraud on our tax returns". He will be more subtle - "this will cost you $30, with an optional $10 receipt and accountancy fee".
It went on for 3 or 4 months without them being able to identify the source of the transaction - which was concerning in itself. But it was the late 70s, so SWIFT hadn't been around too long.
Nowadays SWIFT is so ubiquitous and so poorly secured by modern standards that crooks are using it to take down entire banks!
Precisely.
Precisely.
Just so.
They will do the calculation that it would cost more to prevent such issues than it does to compensate people afterwards.
Having spent a few unpleasant months in a company that wrote bank reconciliation software, I'm only surprised that there aren't more problems. Each bank creates rules that *attempt* to match the details on incoming transactions, and there's only human intervention if "large" amounts are involved.
Think of the rules as being regexps on steroids, and think how easy it is to find your regexp doesn't work in some cases.
The example you are likely to have seen is filling in payment forms which require a card's "first" and "last" name. What do you fill in if your card says "Arthur N Random" or "A N Random"?
Fortunately, I live in Norway where people can't be fired by someone's knee-jerk reaction. Would you fire an electronics designer if he were shown a vacuum tube and he said he'd never seen one before - he'd have to ask one of the old folks how to use it?
For a few decades now, we almost never deposit cheques at all - because they have not been used in this country for decades. On the Norwegian Wikipedia page about cheques, it says "In the 70's, they were a common method of payment...". I believe most banks in Norway no longer accept cheques at all.
Yes, that's true. And since I live in a free democracy, and am not making illegal purchases, I am not particularly worried about it. I find it bizarre that people can have such distrust in the government they pick, and yet are quite happy for commercial companies such as Google and Facebook to track vastly more information about them than the government ever does.
Having the banks know my financial transactions just makes my life easier, because things like taxes are handled automatically - it has been years since doing my tax returns has involved anything more than checking the big numbers and saying "yes, that's right".
Not in the US. You pay the bank that issued the card, *not* VISA. VISA only runs the (credit) network. If you use a debit card as a credit transaction, it's exactly the same process (except that money is bebited from your account). If a debit card is used as "debit" (fairly unusual, anymore), then the transaction doesn't even touch VISA.
VISA has *no* risk. It's the issuing bank that's fronting the money. All Visa is, is a network of banks.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.