Hacker News new | past | comments | ask | show | jobs | submit login

As far as I understand it, Coinbase does not allow a user to fund using ACH unless they first prove control of the bank account by:

1) Providing the username and password for online access to the bank account; or

2) Allowing Coinbase to make two micro-deposits to the bank account, and then providing the correct amounts of the deposits when they are received.




If some nefarious actor has the users credentials (e.g. username / password) won't they then be able to circumvent both of those checks?

Maybe it's possible that so many people are signing up for Coinbase right now that it's flooding out the fraud?


> "If some nefarious actor has the users credentials (e.g. username / password) won't they then be able to circumvent both of those checks?"

They would. However, typical ACH fraud entails pulling money using only the routing and account numbers, which can be found on all paper checks; this mechanism prevents that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: