If this ever happens to you, immediately call bank, say “Electronic transaction posted in error.”, specifically identify the transaction, and ask what address the bank takes Regulation E written complaints at. If the CSR doesn’t know that answer, their supervisor does, or in the alternative FedEx HQ addressed to chief counsel or head of compliance. The letter just needs to state transaction details, date you first called them, and your desired action (“Credit me back $X.”), but it’s marginally more effective to say Regulation E in it since that will put the fear of God into whomever opens it.
You’ll get the money back.
It has been my experience that when working at a company, even if you didn't know or care about the industry/field that company does business in before starting there, you can't help but learn the ins and outs of that field or industry while working there, to at least a partial degree. The particulars of that field will necessarily influence business operations, and therefore, what you do in that company in some form or another. How much one absorbs, and how much he is aware of this will depend on both the individual and the duties of his position, and whether this comes from deliberate training or cultural osmosis. But I don't think that a person could remain completely ignorant of the particulars of an industry after being employed by a company in that space.
That's my theory, anyway. Watch Patrick prove me wrong by describing how he came into knowledge of Regulation E by some other path than training or cultural osmosis while working at Stripe
* Step 1: Transfer funds from each Employer's account to Cachet's holding account
* Step 2: Transfer funds from Cachet's holding account to each Employee account
Both of these steps are handled with an 'instructions file'.
The crime (or horrible mistake that really looks like a crime):
Step 1's file was changed so that the funds went to an account at Pioneer Savings Bank (controlled by MyPayrollHR)
Step 2's file was sent as it normally would be.
Mistake 1: The file for Step 2 was processed, and funds from Cachet's holding account were transferred to employees, despite funds from Employers not coming in.
Apparently Cachet had at least $26M extra in their holding account for this to work.
As a result of this, Cachet tried to reverse these transactions, since basically they hadn't actually been paid.
Mistake 2: The reversal file was improperly formatted. NACHA rules say these files should be ignored or rejected, but..
Mistake 3: Some financial institutions processed the improperly formatted file anyway.
To fix Mistake 2, Cachet submitted a new reversal file, which was then also processed by the companies.
It sounds like this "reversal file" was actually just a transfer in the other direction (as opposed to "undo transaction ID 937641745"), so of course it would make sense that it was processed.
As a result, all employees paid via MyPayrollHR were paid, then had that payment removed. Some also had the same payroll amount removed a second time.
One thing I haven't figured out, is apparently the MyPayrollHR account at Pioneer Savings Bank is 'frozen' -- but I can't find any reporting about whether it has $26M in it or not. Meanwhile the CEO has disappeared.. So did he get the money, or just cause a massive life disruption for thousands of people?
There should not be a way for money to leave an account without the account owner's explicit permission.
Given how many people live paycheck to paycheck... It's a pretty big deal.
In Europe (with SEPA Core) we have 8 weeks to reject any debit even if the entity issuing the debit has a signed mandate to debit the account.
There’s a lot of technical nuance here which I’d ordinarily geek out on but don’t quite have the time to today.
This is partly why banks are strict with merchant processing, holding back variable reserves to cover refunds/fraud based on your history and business type.
As you might imagine, some people use that to steal money...
Your pay is yanked, life doesn't stop and the bills keep coming. A few days, a week later, it's corrected and the pay reappears. Who's on the hook for your overdraft fees?
Words which are close to magic here: “The bank assessed this fee incident to an overdraft caused by an EFT which was subsequently reversed under Regulation E. Will the bank waive this fee for me?” (If you are less in a Dangerous Professional mood or don’t have a hobby interest in banking regulation, my next best suggestion is “Can the bank waive this fee since I’m a good customer?” hear no “I would be disappointed if we can’t fix this, because I have been a loyal customer for years. What can we do here?”
Not only did they not get paid, they got the equivalent amount of their paycheck stolen from them twice over. The larcenous criminals should be the ones to pay back the overdraft fees that were the direct result of their larceny of 4 figure dollar amounts stolen from their accounts.
So looking at this case, let's say you have to go 7 days until this issue is resolved and the employees are given their paychecks. If they got automatic payments they could find that itunes, spotify, bills, etc, automatically charge them during that period. EACH charge might be 45$. Say 5 services do it, boom over 200$ in the hole in fees alone.
(If you're ever in the situation listen to the other comments about how to approach the bank about reversing over-draft fees)
If the couple had left it in their account and returned it when asked, there would not have been an issue.
If you earn 3k a month, one month you get paid 100k, and you spend 95k on stuff you don't normally buy, you are going to be arrested.
If you pick up 20 centrs from the floor and spend it, you won't be arrested.
If you find $50k in a bag and spend it, you will be.
"the person saving or finding the property shall, if the property is of the value of one hundred dollars ($100) or more, within a reasonable time turn the property over to the police department of the city"
The UK has a similar system for fines. Laws are written that if a particular offence occurs, a "Band A fine shall apply", and a separate bit of regulation says what each band of fine or punishment entails.
Sure, but we all know that never happens until a sufficient number of easy to feel sorry for people get screwed real hard. Those people are getting needlessly screwed because the legislators were lazy. For example, most states have felony charges as an option for vandalism over a certain dollar amount, in some states these dollar amounts are low. This results in teenagers getting threatened with felonies (and the charges inevitably stick sometimes) because cleaning up their mess cost a few hundred bucks. That is a level of draconian-ness that is not ok in a free society.
If you find $10k in cash in a bag
If you find a $10k car parked on the street
If you find the latest iphone sitting on a table
I get what you're getting at but I'm saying that there are plenty of details that matter regardless of ease of proof that the object isn't yours or whether or not it's foreseeable have been left there under "reasonable" circumstances
Cars and phones are trivially easy to track back to their owner, with cash possession is basically ownership. Cars get parked places, phones get left places, cash does not get left lying around and if you leave cash somewhere you basically forfeit ownership of it since that's the cultural norm since ownership can't be proven.
The specific facts and details matter very much. Time and attempts to find the property by the owner are particularly important. There's a very big difference between leaving your phone at a bar and leaving your phone at a bar for a week, in the latter case the bartender has a nice new phone they can use.
I have had to work with the equivalent process for payments in the UK - we where fixing up a problem when the accounts receivable system would not cut the BACS tape for 6 months!
Submitting a BACS Tape required the use of onetime codes and a physical device and this was in the late 80's
If the disappeared payroll company got money from employers, it's possible some employers may not have enough cash to pay a second time.
Then they out of business, or close to it.
The old businessman's phrase "You've never had to meet a payroll" is really meaningful here, the scramble to pay everyone.
I.e., by maintaining an account that serves only as a temporary inbox for direct deposit?
If you have a company it's really important to create a special account solely for auto debits and move money in there manually. This saved my bacon when ADP mis-debited a couple of hundred $K from a payroll run once.
The good security policy is this:
1. Have an incoming account. That's the account number that you would be giving to payroll companies/account into which you would get deposits. You should presume that information about this account is known and all the money in this account is at risk. Which means that as soon as money becomes marked as "available" in this account, you have to move the money away.
2. Have a main funds account that has a positive pay type service turned on if your bank offers it. Positive Pay service is the "Notify customer about pending transactions and wait for customer to acknowledge them. If a customer does not acknowledge them by the cut off window, decline a transaction." This is typically done on a treasury management or cash management website of the bank though as recently as two years ago a certain reasonably well known bank still used a fax as a method of sending positive pay requests to customers and getting it back from customers.
If your bank does not offer a positive pay type service, have this account coded for no withdrawals. This means that all debit transactions against this account will be declined unless someone on a platform side of the bank overrides it ( most banks have teller sides and platform sides -- platform side are people that you go to talk to inside the branch to deal with the issues with your account ).
3. Have a payment account that you would use to pay others. If your bank has a positive pay service, add it to this account as well. This is the account that you will fund from (2) when you know the amounts of outgoing payments. Money in this account is also at risk which is why you should only fund it with the minimum needed to cover the outstanding payments. If you have "enough money not to care if you are out of a few thousand for a couple of months" you can keep $3k-5k here at all times and just replenish it from (2) once or twice a month -- while this would leave you exposed for $3k-5k it will still protect a bulk of your cash and make your life easier. All of this is a matter of convenience vs. risk -- you should know what's your average monthly spend is and you want to expose not more than that plus a few percent for variance.
4. Have a nightly/daily/hourly sweep of all available funds from account (1) to account (2). It can either be done using a service the bank provides, or using online account transfer. Definitely sweep away immediately after a large payment ( such as a paycheck ) or electronic/non-electronic checks post to this account.
5. No debit transactions can post to the account (2) [including bank internal transactions] without an override ( for a coded account) or without a positive pay acknowledgement for a positive pay account. That of course means that if this is not a positive pay account, you would need to show up physically at the bank and have one of the tellers after the teller checks your ID process a transfer of funds from (2) to (3).
If you have a significant amount of money, you should have this setup in several banks.
Remember, your goal is to make issues with money less stressful while you are resolving them. At the end of the day, you will be made whole because we have a fairly strong legal system to get redress. You are trying to make sure that you still have the money while you are using the legal system to deal with the issues.
Source: Did consulting for execs at medium sized banks.
And a bit of cash in case the ATMs all go down.
Do you have suggestions for banks that make it easy to implement this workflow?
National banks ( think Chase/Citi/Boa/WF/HSBC ) offer positive pay on cash management accounts ( corporate/treasury/commercial ) but have very complex workflow so I avoid them.
From regional ones I had a good experience with PNC.
The payroll system is a 3rd party here. Which is pretty normal, there are a lot of different taxes and things that need to be tracked, and it's easier to let a specialist handle that.
If the employees had somehow set up whatever the USA calls a direct debit, then sure, I can see a reason for this to happen. But through mistake or malice they are still able to dip into peoples account - that's the real issue here, surely?
If you mean that this could be implemented, then great I'm all for it. From a technical perspective it doesn't seem like it should be difficult. I'm under the impression it doesn't exist most likely because the banks don't want it to. Hence the benefit of using cryptocurrency.