Hacker News new | past | comments | ask | show | jobs | submit login

This was confusing to understand, because multiple bad things happened. Normally:

* Step 1: Transfer funds from each Employer's account to Cachet's holding account

* Step 2: Transfer funds from Cachet's holding account to each Employee account

Both of these steps are handled with an 'instructions file'.

---

The crime (or horrible mistake that really looks like a crime):

Step 1's file was changed so that the funds went to an account at Pioneer Savings Bank (controlled by MyPayrollHR)

Step 2's file was sent as it normally would be.

----

Mistake 1: The file for Step 2 was processed, and funds from Cachet's holding account were transferred to employees, despite funds from Employers not coming in.

Apparently Cachet had at least $26M extra in their holding account for this to work.

As a result of this, Cachet tried to reverse these transactions, since basically they hadn't actually been paid.

----

Mistake 2: The reversal file was improperly formatted. NACHA rules say these files should be ignored or rejected, but..

----

Mistake 3: Some financial institutions processed the improperly formatted file anyway.

----

To fix Mistake 2, Cachet submitted a new reversal file, which was then also processed by the companies.

It sounds like this "reversal file" was actually just a transfer in the other direction (as opposed to "undo transaction ID 937641745"), so of course it would make sense that it was processed.

----

As a result, all employees paid via MyPayrollHR were paid, then had that payment removed. Some also had the same payroll amount removed a second time.

One thing I haven't figured out, is apparently the MyPayrollHR account at Pioneer Savings Bank is 'frozen' -- but I can't find any reporting about whether it has $26M in it or not. Meanwhile the CEO has disappeared.. So did he get the money, or just cause a massive life disruption for thousands of people?




Thank you for explaining it, you did a great job at helping me understand what happened. The whole process seems way too convoluted for something as serious as paychecks. It really relies on everybody acting in good-faith and in the proper fashion. By Cachet working Step 2 before Step 1 and possibly assuming Step 1 was going to happen, they already were too far gone and only made the situation worse for them and a bunch of employees.


The whole idea of ACH transfers and giving everyone write access to everyone's account in this day and age is crazy to me.

There should not be a way for money to leave an account without the account owner's explicit permission.


We insisted that our bank provide positive pay for ACH. If you are a business you should consider this if you hold large balances. It works very well. Only authorized ACH entities up to authorized limits can debit (or I can set it to notify and someone has to approve each one).


There are lots of multi-day delays in the ACH system. It's common to pay money out of an account on the expectation that a matching amount of money will be paid in the same night.


Thanks for the explanation, based on the way Krebs worded the post I couldn't tell what actually happened.


One final step: Cachet is cancelling all of the reversals so everybody should finish up with their usual pay. Of course, this leaves Cachet with a $26 million problem, but this seems to be the least worst short term solution.


If Cachet is doing that then I'm very glad. I don't know what their legal obligations look like, but I imagine they could have said "We weren't paid to perform our service" and left the employees without a paycheck.

Given how many people live paycheck to paycheck... It's a pretty big deal.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: