I.e., by maintaining an account that serves only as a temporary inbox for direct deposit?
If you have a company it's really important to create a special account solely for auto debits and move money in there manually. This saved my bacon when ADP mis-debited a couple of hundred $K from a payroll run once.
The good security policy is this:
1. Have an incoming account. That's the account number that you would be giving to payroll companies/account into which you would get deposits. You should presume that information about this account is known and all the money in this account is at risk. Which means that as soon as money becomes marked as "available" in this account, you have to move the money away.
2. Have a main funds account that has a positive pay type service turned on if your bank offers it. Positive Pay service is the "Notify customer about pending transactions and wait for customer to acknowledge them. If a customer does not acknowledge them by the cut off window, decline a transaction." This is typically done on a treasury management or cash management website of the bank though as recently as two years ago a certain reasonably well known bank still used a fax as a method of sending positive pay requests to customers and getting it back from customers.
If your bank does not offer a positive pay type service, have this account coded for no withdrawals. This means that all debit transactions against this account will be declined unless someone on a platform side of the bank overrides it ( most banks have teller sides and platform sides -- platform side are people that you go to talk to inside the branch to deal with the issues with your account ).
3. Have a payment account that you would use to pay others. If your bank has a positive pay service, add it to this account as well. This is the account that you will fund from (2) when you know the amounts of outgoing payments. Money in this account is also at risk which is why you should only fund it with the minimum needed to cover the outstanding payments. If you have "enough money not to care if you are out of a few thousand for a couple of months" you can keep $3k-5k here at all times and just replenish it from (2) once or twice a month -- while this would leave you exposed for $3k-5k it will still protect a bulk of your cash and make your life easier. All of this is a matter of convenience vs. risk -- you should know what's your average monthly spend is and you want to expose not more than that plus a few percent for variance.
4. Have a nightly/daily/hourly sweep of all available funds from account (1) to account (2). It can either be done using a service the bank provides, or using online account transfer. Definitely sweep away immediately after a large payment ( such as a paycheck ) or electronic/non-electronic checks post to this account.
5. No debit transactions can post to the account (2) [including bank internal transactions] without an override ( for a coded account) or without a positive pay acknowledgement for a positive pay account. That of course means that if this is not a positive pay account, you would need to show up physically at the bank and have one of the tellers after the teller checks your ID process a transfer of funds from (2) to (3).
If you have a significant amount of money, you should have this setup in several banks.
Remember, your goal is to make issues with money less stressful while you are resolving them. At the end of the day, you will be made whole because we have a fairly strong legal system to get redress. You are trying to make sure that you still have the money while you are using the legal system to deal with the issues.
Source: Did consulting for execs at medium sized banks.
And a bit of cash in case the ATMs all go down.
Do you have suggestions for banks that make it easy to implement this workflow?
National banks ( think Chase/Citi/Boa/WF/HSBC ) offer positive pay on cash management accounts ( corporate/treasury/commercial ) but have very complex workflow so I avoid them.
From regional ones I had a good experience with PNC.