Of course this is completely unfounded, but I have a gut feeling its a hack and we will be hearing more about it in the future. Most electronic heists happen at exactly these times because the banks will not reopen until following Tuesday at which time it can potentially be way too late.
One prominent example that I can think off the top of my head is the Bangladesh Bank Robbery , but I am sure there are more example to be found
>National Bank said the first breach began Saturday, May 28, 2016 and continued through the following Monday. Normally, the bank would be open on a Monday, but that particular Monday was Memorial Day, a federal holiday in the United States. The hackers used hundreds of ATMs across North America to dispense funds from customer accounts. All told, the perpetrators stole more than $569,000 in that incident.
This tells me their merchant processing credentials may have been stolen, and since they didn't initiate the debit, they don't have the transaction IDs immediately available to refund/reverse them. (Obviously the processor would be able to provide these on Tuesday when they open back up)
In a system where we turn over our payment information to all these companies and they can accidentally pull any kind of money from your account, it just leads to problems.
Only protection you can offer yourself as a business owner is having a separate account, keeping the absolute minimum required and sweeping balances off to another account as fast as you can. I feel for Etsy, as someone that has built a funding system, the thought of this type of event use to give me nightmares.
I only guarded by testing as if people's live depends on it, because it really does. Screwing up someone's account could mean them not being able to afford food, rent, could be the start of an eviction, job loss, losing their business, not paying employees, many other terrible events or worse taking their own life.
Circuit breakers are also important. If Etsy typically does 2,000 withdrawals on average, and one day their system has to do 50,000 ACH debits. The circuit breaker should kick off so someone can review and manually push it through if correct.
There's a bunch of companies (utilities such as power companies, for example) that allow an individual to set up such direct withdrawals. They also seem to let you do this without any kind of special authorization from the bank -- I've done this many times and I've never been forced through any kind of bank login to authorize them to withdraw money.
In Norway, you have two systems ("avtalegiro" and "autogiro") for direct debit. You have to go through the bank to authorize the setup, and you have to specify a max amount. There's also a system called eFaktura where companies can send digital invoices to your bank account; paying them requires going into your bank's app and approving each one individually.
Someone I know had checks stolen and the people used the info on the checks to pay their electricity bill. The police were notified and even though they new exactly where these people lived, did nothing. The only thing to do is close the account and open a new one. What a stupid system for the user, but the banks don't care enough to change it.
The businesses sends the invoices electronically, and I get an e-invoice in the bank and have to confirm it before it is being paid. Nobody has access to my account but me.
One can also set up auto-payments with limits per business, like one limit for the energy bill and another for rent.
Whole thing is kind of like the imperial vs metric system.
Which makes me wonder - which other countries have banking systems that routinely allow pull-based access to accounts?
(Case in point - a company I'd never heard of set up a Direct Debit on my account, and I didn't notice for about 6 months. One call to my bank, and I had the money back immediately.)
It's part of the Direct Debit guarantee:
> If an error is made in the payment of your Direct Debit, by the organisation or your bank or building society, you are entitled to a full and immediate refund of the amount paid from your bank or building society
> If you receive a refund you are not entitled to, you must pay it back when the organisation asks you to
In the U.S. you can cancel a transaction that you don't believe is legitimate. I did it as recently as last week and as long ago as the 90's when State Farm's auto-debit pulled $2,500 out of my bank account instead of $250. It's nothing new.
Certainly the combination of mandatory arbitration and "we have your banking info" is a no go for me. If you want access to my bank account, you need to have some liability.
At some point I'm probably going to need to bite the bullet and sign up for an actual bank account or credit card with someone who offers it under normal terms -- but even that's been kind of frustrating to find. Capital One requires a browser extension. A bunch of places require phone apps.
I just want a banking site that lets me go to a webpage and click a "generate" button.
Are there any fees associated with that privacy.com service?
To my knowledge, they make money because they act like a credit card (they collect cc fee from the seller), but actually just proxy the charge to your bank account. You basically lose out on any your own cc rewards though since you can't proxy to another cc (then they would lose their profit margin paying your cc provider).
Personal example of when I found it useful:
I used a burner card from them to buy a board game online, turns out the site was hacked, leaked the card info, additional charges were attempted but failed because the burner card settings only allowed the original charge through. Was really glad I didn't use my own cc.
If I need to setup a separate account to isolate privacy.com's use, why wouldn't I just make it a Citi account and use their virtual cards instead of providing all my identifying information to yet another third party open to hacking and diminishing of corporate values?
Why both actions require the same credentials is byond me.
And money refunded is never considered income, so the second part of the article is completely unfounded speculation. Unless Etsy issued 1099s it doesn’t matter how much money they push into the account, it doesn’t mean it will be considered income.
I'd be concerned about the 1099 thing. They've already demonstrated some poor practice in that area, so it's reasonable to raise the issue before they calculate it wrong.
Etsy does issue 1099s to sellers who meet certain criteria although who knows if this will be included.
Generally reimbursements are not income.
And even if your 1099 was incorrect, that doesn't mean you'd suddenly owe taxes on the incorrect amount, you'd just report the error to Etsy for them to fix.
In a way, Feltsewfantastic's Corgi felt keychain key ring / bag charm / ornament is my support animal... etsy has brought me a lot of joy.
I imagine this will be a good chance to see how much of the old Etsy still remains in the DNA and how much has gone CYA corporate.
Really hope everyone affected gets made whole. Unexpected large withdrawals that persist for days can be extremely stressful, and in some cases, affect lives for a long time afterwards.
(I once had a case where a store charged me a ridiculous amount of times, over 40-50 for the same transaction, and then I was charged tons overdraft fees for every duplicate transaction. The store refunded my money but refused to pay for the overdraft fees, the bank refused to refund the overdraft fees demanding the store would pay, and meanwhile I was a 19 year old out of somewhere near $2000 for months and stonewalled by CorpStore and CorpBank.
(They eventually each agreed to cover half, which was a bit of a coup for the bank I thought)
Nothing will make the users happy till their money is refunded and that will not happen till Wednesday. Earliest day they can submit refunds will be Tuesday, it will show up on Wed. Same day ACH is not going into effect till Sep 2020.
The Etsy snafu will be repeated until people and businesses start to require crypto for business transactions.
If it were any sort of meaningful advantage you'd likely see banks adapting pretty rapidly. There's nothing inherently impossible about faster bank transfers - Europe already has 24/7 nearly-instant transfers via SEPA.
> The Etsy snafu will be repeated until people and businesses start to require crypto for business transactions.
I suspect for every one Etsy snafu there's a bunch of "thank goodness I could issue a chargeback" situations.
> Oh, and don't forget the credit score dings that people whose cards went over the limit could potentially suffer.
Getting charged $10,000 abusively can put people in a complicated financial situation.
And there is the issue of trust between the platform and sellers.
They should be bending over backwards to try and restore their users' trust. It's insulting that they expect us to go by faith alone.
Mistakes happen, and I think it's silly to overreact and completely cut ties with a company over a single mistake.
It does suck, and it was hilariously bad timing for us due to some personal stuff going on, but I trust that they will do a good job rectifying the issue.
I do have some issues with how they are handling this (I should have gotten an email when they found out this was a problem and not have had to find the forum post on my own), but at the end of the day it's a mistake and one I hope they will learn from.
The EEA covers over 500M people, way more than the US does, with way more languages. It's not impossible to do such a migration, the difference is that EU legislators were fed up with the brokenness and forced the migration via regulation while the US government believes that "the market will fix everything". No it will not, the market will only deliver what is the lowest acceptable effort.
I was very active in the Etsy community back when they start planning to implement their own payment system. At the time, I perceived them to have a record of continual incompetence paired with insensitive or hostile customer service. I was very wary, along with friends of mine in the community, of something such as this occurring to me. I certainly have never trusted them with my money.
The response is typical of the vague, downplaying way I remember them handling problems way back in 2008.
“We're aware of a bill payment error affecting a small group of sellers which resulted in some cards being incorrectly charged. We don't expect this error to impact additional sellers going forward.”
Why do sellers have to have credit cards on file?
Buyers I can understand, but sellers?
A couple of months ago, for those sellers that use Etsy Payments, Etsy actually switched to deducting the fees from the sales like you suggest. But that still doesn't cover the cases where buyers want a refund afterwards, or if the seller had no sales to cover the listing fees.
But even with Amazon you have to have a credit card on file and they'll charge it if your seller account goes negative. Your seller account can go negative if you have a return or if you paid for FBA shipping and haven't made sale since or paid for FBA removal.
A lot of serices are structured this way, anyway. Download services, hosting services, even marketplaces like Etsy. Really, Etsy's model sounds more like an exception from my POV. But I'm not in the US.
Also if I were to connect bank accounts, I have several buffer accounts which are low on purpose
If, through an accident, you acquire the property of another, and don't give it back, that can be theft. This is called "theft by conversion."
If you don't know you're breaking a law there can be no mens rea, can there?
Certain crimes do require knowledge of the law, like tax evasion: the tax code is assumed to be so complicated that to be guilty of criminal tax evasion it must be proven that you knew you were evading taxes. Wikipedia has a summary: https://en.wikipedia.org/wiki/Mens_rea#Ignorance_of_the_law_...
The standard varies by jurisdiction, but it's quite common for "intended to cause non-lethal injury but accidentally killed the victim" to be treated as murder; this arises for example in the "eggshell skull rule".
Some states also have what is referred to as "constructive murder" whereby you can be convicted of murder if you commit a serious crime and someone dies, regardless of whether the possibility of a death was reasonably forseeable; in Canada this has been ruled unconstitutional on the grounds of lacking mens rea but in the USA courts generally accept that having the intent to commit a serious (but non-lethal) crime meets the requirement.
“For example, 20-year-old Florida resident Ryan Holle was convicted of first-degree murder for lending his car to a friend, who used the car in a burglary during which a murder was committed.”
> A person’s appropriation of property belonging to another is not to be regarded as dishonest if he appropriates the property in the belief that he has in law the right to deprive the other of it
An honest mistake as to the law would not be considered theft.
I have 1 special account for these type of things, and I keep it empty or with just enough $ to cover what is rightfully owed.
I am no genius. I have learned my lessopn (from PayPal).
> ATM and everyday debit card transactions that would cause an overdraft may be declined at no cost to you.
I have never had to confirm any details with Amazon as far as I can remember.
Edit: Oops, just noticed that point was also posted twice in sibling comments. Oh well, third time's the charm I guess?
Some sites only require re-entering the card when shipping to a new address.
This is what Amazon does, in my experience.