Hacker News new | past | comments | ask | show | jobs | submit login

In the US anyone with your bank account number can debit your account irreversibly?

In Europe (with SEPA Core) we have 8 weeks to reject any debit even if the entity issuing the debit has a signed mandate to debit the account.

Knowledge of a bank account number is sufficient to attempt to debit it. Whether it will appear to succeed or not depends on the bank and a variety of factors. Regardless of whether it initially successes, it is (very) reversible.

There’s a lot of technical nuance here which I’d ordinarily geek out on but don’t quite have the time to today.

Any other bank can debit your checking account, but they become responsible for refunding in the case fraud/error. Since no access card (atm card, pin, etc) was used, customers have $0 liability for the same 60 days as you do.

This is partly why banks are strict with merchant processing, holding back variable reserves to cover refunds/fraud based on your history and business type.

There are (broadly) similar guarantees in the US. So they will get the money back, at least eventually. The problem is the effect it has when the account has sometimes been debited 2x. If this has made, say your rent or car payment bounce, you have an big hassle at minimum.

In the UK, direct debit (the equivalent to ACH) allows a consumer to request an instant refund of any payment they believe to be in error. The bank must refund first, and ask questions later.

As you might imagine, some people use that to steal money...

NACHA just uses FTP for their file transfers too

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact