Hacker News new | past | comments | ask | show | jobs | submit login

Is it possible to protect one's direct-deposit wages from (unjustified) ACH reversals, by transferring funds into a different account ASAP after the deposit occurs?

I.e., by maintaining an account that serves only as a temporary inbox for direct deposit?

Yes, and if you don't bank with one of the big banks (BofA, Wells Fargo etc) you'll be fine (those bigger banks deal with so many screwups that they'll just debit a different one of your accounts assuming it was a mistake). Or use two different banks if you can move money back and forth easily and for free.

If you have a company it's really important to create a special account solely for auto debits and move money in there manually. This saved my bacon when ADP mis-debited a couple of hundred $K from a payroll run once.

I think that this doesn't protect you and you would just end up over drafting your account, resulting in fees.

Overdraft fees caused by fraud will probably be reversed. I have never heard of it not happening -- it would be a terrible PR for a bank that allowed for it. It will simply take time.

It ought to be a regulatory incident, not just bad PR.

I'm sure it will be, but bad PR triggers resolution much faster than OCC.

Can't you disable overdraft?

Sure, but at least you'll still be able to pay rent etc without late-payment fees. A single overdraft fee is way less bad.

This is what I do. Not sure if it’ll work for this case, but my primary reason was to remove a single point of failure from my “banking architecture” and avoid the headaches publicized by people on HN that lost access or to their only bank. Hopefully I never will have to find out if it works!

Yes, it is a little bit of a pain in the neck however. Basically you are going to implement your own ZBA with a positive pay ( while some form of a PP may be available to non-business accounts I have never heard of a ZBA + PP combination ). You will probably need to chat with the branch manager in a midsized/regional/community bank as everyone else would look at you as if you had two heads.

The good security policy is this:

1. Have an incoming account. That's the account number that you would be giving to payroll companies/account into which you would get deposits. You should presume that information about this account is known and all the money in this account is at risk. Which means that as soon as money becomes marked as "available" in this account, you have to move the money away.

2. Have a main funds account that has a positive pay type service turned on if your bank offers it. Positive Pay service is the "Notify customer about pending transactions and wait for customer to acknowledge them. If a customer does not acknowledge them by the cut off window, decline a transaction." This is typically done on a treasury management or cash management website of the bank though as recently as two years ago a certain reasonably well known bank still used a fax as a method of sending positive pay requests to customers and getting it back from customers. If your bank does not offer a positive pay type service, have this account coded for no withdrawals. This means that all debit transactions against this account will be declined unless someone on a platform side of the bank overrides it ( most banks have teller sides and platform sides -- platform side are people that you go to talk to inside the branch to deal with the issues with your account ).

3. Have a payment account that you would use to pay others. If your bank has a positive pay service, add it to this account as well. This is the account that you will fund from (2) when you know the amounts of outgoing payments. Money in this account is also at risk which is why you should only fund it with the minimum needed to cover the outstanding payments. If you have "enough money not to care if you are out of a few thousand for a couple of months" you can keep $3k-5k here at all times and just replenish it from (2) once or twice a month -- while this would leave you exposed for $3k-5k it will still protect a bulk of your cash and make your life easier. All of this is a matter of convenience vs. risk -- you should know what's your average monthly spend is and you want to expose not more than that plus a few percent for variance.

4. Have a nightly/daily/hourly sweep of all available funds from account (1) to account (2). It can either be done using a service the bank provides, or using online account transfer. Definitely sweep away immediately after a large payment ( such as a paycheck ) or electronic/non-electronic checks post to this account.

5. No debit transactions can post to the account (2) [including bank internal transactions] without an override ( for a coded account) or without a positive pay acknowledgement for a positive pay account. That of course means that if this is not a positive pay account, you would need to show up physically at the bank and have one of the tellers after the teller checks your ID process a transfer of funds from (2) to (3).

If you have a significant amount of money, you should have this setup in several banks.

Remember, your goal is to make issues with money less stressful while you are resolving them. At the end of the day, you will be made whole because we have a fairly strong legal system to get redress. You are trying to make sure that you still have the money while you are using the legal system to deal with the issues.

Source: Did consulting for execs at medium sized banks.

Sounds like for personal use, and if you can afford it, it's much easier to have your funds spread over a number of accounts (e.g. have a main account, a second account at a different bank with at least enough money for expenses until you can withdraw from a savings account, and a savings account at a third bank).

And a bit of cash in case the ATMs all go down.

That's the standard opsec issue. People mess up. Positive pay exists to make that "mess up" less painful.

Thanks for this overview! I've been using parts of this flow for a few years, but it's not 100% automated where it could be.

Do you have suggestions for banks that make it easy to implement this workflow?

I have had a good with with a few community banks that were in the area that I happened to be in. The poor man's implementation ( 3 accounts with the one coded for no withdrawals ) costs about $15/mo and it makes me known to the branch staff, including the managers, which is invaluable. It works for both personal and business accounts but it does not have a good online experience -- there's no positive pay.

National banks ( think Chase/Citi/Boa/WF/HSBC ) offer positive pay on cash management accounts ( corporate/treasury/commercial ) but have very complex workflow so I avoid them.

From regional ones I had a good experience with PNC.

Wouldn't getting physical paychecks instead of direct deposit also work for protecting your account number while receiving payments?

Unfortunately, with the Check21 whoever issued the physical check will get access to the scanned image of the substitute check together with the bank information of the account the check was credited to.

Ah, so you'd have to do something like get it cashed at Wal-Mart for $8 and then deposit the cash into your account. The extra trip and fees make that annoyingly impractical.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact