Hacker News new | past | comments | ask | show | jobs | submit login

This was confusing to understand, because multiple bad things happened. Normally:

* Step 1: Transfer funds from each Employer's account to Cachet's holding account

* Step 2: Transfer funds from Cachet's holding account to each Employee account

Both of these steps are handled with an 'instructions file'.


The crime (or horrible mistake that really looks like a crime):

Step 1's file was changed so that the funds went to an account at Pioneer Savings Bank (controlled by MyPayrollHR)

Step 2's file was sent as it normally would be.


Mistake 1: The file for Step 2 was processed, and funds from Cachet's holding account were transferred to employees, despite funds from Employers not coming in.

Apparently Cachet had at least $26M extra in their holding account for this to work.

As a result of this, Cachet tried to reverse these transactions, since basically they hadn't actually been paid.


Mistake 2: The reversal file was improperly formatted. NACHA rules say these files should be ignored or rejected, but..


Mistake 3: Some financial institutions processed the improperly formatted file anyway.


To fix Mistake 2, Cachet submitted a new reversal file, which was then also processed by the companies.

It sounds like this "reversal file" was actually just a transfer in the other direction (as opposed to "undo transaction ID 937641745"), so of course it would make sense that it was processed.


As a result, all employees paid via MyPayrollHR were paid, then had that payment removed. Some also had the same payroll amount removed a second time.

One thing I haven't figured out, is apparently the MyPayrollHR account at Pioneer Savings Bank is 'frozen' -- but I can't find any reporting about whether it has $26M in it or not. Meanwhile the CEO has disappeared.. So did he get the money, or just cause a massive life disruption for thousands of people?

Thank you for explaining it, you did a great job at helping me understand what happened. The whole process seems way too convoluted for something as serious as paychecks. It really relies on everybody acting in good-faith and in the proper fashion. By Cachet working Step 2 before Step 1 and possibly assuming Step 1 was going to happen, they already were too far gone and only made the situation worse for them and a bunch of employees.

The whole idea of ACH transfers and giving everyone write access to everyone's account in this day and age is crazy to me.

There should not be a way for money to leave an account without the account owner's explicit permission.

We insisted that our bank provide positive pay for ACH. If you are a business you should consider this if you hold large balances. It works very well. Only authorized ACH entities up to authorized limits can debit (or I can set it to notify and someone has to approve each one).

There are lots of multi-day delays in the ACH system. It's common to pay money out of an account on the expectation that a matching amount of money will be paid in the same night.

Thanks for the explanation, based on the way Krebs worded the post I couldn't tell what actually happened.

One final step: Cachet is cancelling all of the reversals so everybody should finish up with their usual pay. Of course, this leaves Cachet with a $26 million problem, but this seems to be the least worst short term solution.

If Cachet is doing that then I'm very glad. I don't know what their legal obligations look like, but I imagine they could have said "We weren't paid to perform our service" and left the employees without a paycheck.

Given how many people live paycheck to paycheck... It's a pretty big deal.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact