Hacker News new | past | comments | ask | show | jobs | submit login
MyPayrollHR CEO Arrested, Admits to $70M Fraud (krebsonsecurity.com)
401 points by headalgorithm on Sept 27, 2019 | hide | past | favorite | 244 comments

From the article:

“... a person could open checking accounts at bank A and bank B, at first depositing $500 into bank A and nothing in bank B. Then, they could write a check for $10,000 with account A and deposit it into account B. Bank B immediately credits the account, and in the time it might take for bank B to clear the check (generally about three business days), the scammer writes a $10,000 check with bank B, which gets deposited into bank A to cover the first check. This could keep going, with someone writing checks between banks where there’s no actual funds, yet the bank believes the money is real and continues to credit the accounts.”

I still don't understand how is it possible for a bank to not see a balance on another account right at the time they saw a check deposited? I mean it's not like they have to call someone to get a paper records of an account balance, it is all digital anyway, so why is there such a big delay?

As discussed in the OP, this is cheque kiting:"


It is a scheme that goes back literally centuries in commerce. I'm amazed that I can hit send on an iMessage now and within seconds (or fractions of a second!) somebody's phone gives out a "ping!," anywhere in the world, yet cheque kiting hasn't been eliminated in 2019.


(I am speaking rhetorically. Yes, I understand about legacy systems and legacy processes. I'm not surprised that it works with what we have running today, I'm surprised that it hasn't been fixed in the 40-odd years that I've been old enough to have a bank account.)

Because nobody profits off the time/value of money nearly as much as the banks do.

If transactions were "instant" the bank wouldn't be able to kite your money.

There really is no reason transactions need to take as long as they do other than that money disappears from one account and re-appears two days later in another account. In the meantime those funds are still a part of the bank's bottom line. It's not technically yours, and it's not technically the other account holders.... but the bank still possesses it. And the amount of money the bank has "floating" around probably coincidentally lines up pretty closely with a sum of money the bank has invested in high-risk investments.

Banks are essentially legal "Kiting centers" where they get to kite everyone elses money because it's federally insured anyway.

> There really is no reason transactions need to take as long as they do other than that money disappears from one account and re-appears two days later in another account.

Well, that and legacy systems that run batch jobs in COBOL at midnight to do the bank-to-bank transfers:

> Roughly 80% of their systems are batch jobs. These are jobs that runs at a certain time or interval, doing some processing on their data or sends data to other banks/agencies/etc. For example when I buy a can of Coke, the money is withdrawn from my account balance, however the money is not actually transferred anywhere until one of their batch jobs does so. These jobs are usually executed during the night, which is usually why it takes a day before transactions between banks are completed. Transactions to the same bank are usually instant because it executes immediately.


Also, that interview convinced me that the busfactor of the entire Swedish economy is a handful of old Cobol programmers.

These batch jobs are not necessary COBOL. It can be anything from modern Python, Scala, Java to more esoteric choices like Smalltalk, K and bash. I know because I worked in large investment bank writing Smalltalk for risk management.

Banks need to follow regulatory regime. Batch jobs are very convenient, they usually produce flat files that can archived, easy readable by humans and can be consumed in downstream systems regardless of programming languages. My biggest beef with CSV format is multiple specification and poor tooling.

Transaction can completed instantly but risk, reporting, regulatory and reconciliation would be performed later as batch job.

Thanks for sharing!

Given its debugging capabilities Smalltalk sounds like it could be a surprisingly sane option for banks actually, all things considered. Was it like that in real life too?

Smalltalk is amazing to work with, shame it did not get wider adoption.

I've had cognitive dissonance for years, because in every basic database programming class, they tell you about transactions, and use the example of transferring money from one account to another, where you don't want the system to be in an inconsistent state. Yet nothing in the real world works like that! I've particularly noticed how money being transferred between two different financial firms can either disappear for a few days, or be in both places at once. Not sure if it's happening more or I'm noticing it more.

Yes, banking is always mis-used as an example for transactions and ACID but in reality it's eventually consistent, often spanning hours, days, and sometimes weeks.

The real-world needs to account for laws, geographies, timezones, physical movement of goods and cash, risk management, etc. that is not modeled in a simplistic database class. I do wish they would pick a different domain to avoid this confusion.

If US banks wanted free, instant inter-bank transfers, it would exist already. Moving out of legacy systems is an engineering problem that can easily be solved with enough willpower. Don't let banks blame their legacy systems -- that is an excuse.

Bank user here. Free is fine but instant inter-bank transfers are bad. That means somebody can just empty the account with limited ability for the owner/bank to intercept the transaction. I'm quite happy with the current semantics, so far as I understand them.

Liability and reversibility have nothing to do with how quickly or slowly the operation happens.

Your reasoning is so far off. Banks don’t control how long it takes to move money, the fed does. Move money between accounts at the same bank, money transfer is instant.

Banks can’t kite money with ACH either, that’s why overnight lending market exists to cover between debits and credits even if they are break even for the bank.

> Your reasoning is so far off. Banks don’t control how long it takes to move money, the fed does. Move money between accounts at the same bank, money transfer is instant.

Banks can be pretty silly with accounts at the same bank, too.

A friend of mine finished a contract job at a major defense contractor, which had a lump sum payment at the end. The company wrote him a large check, drawn on their account at the local branch of a major bank.

What he wanted to do was (1) open a checking account at that bank, (2) deposit about 95% of the check in that new account, and (3) take the remaining 5% as cash, for first and last month's rent at an apartment he wanted to rent that afternoon.

The bank could not do that. Even though the check was drawn on an account at that branch, they said it would still take three days to clear, so he would have to wait for the cash.

Finally, he ended up going to a teller and asking to cash the check. That, of course, worked, although it was a big enough check that it apparently triggered some safeguards that required getting a couple of levels of management above the teller involved, and so it took about an hour for them to actually hand him the cash.

He then took his cash, set aside 5% for getting that apartment he wanted, and took the remaining 95% back to the new accounts desk, and said "I want to open a checking count here, and deposit this cash".

> Banks don’t control how long it takes to move money, the fed does.

If the banks really wanted to lobby the government and change whatever laws or regulations keep them from offering instant, free transfers.... they'd have done so already.

The fact that the US doesn't have instant, free inter-bank transfers is 100% on the banks. In fact, I bet they lobby the shit out of the government to keep it slow and expensive.

You don't understand how the banking system works. Fed holds the balance of every bank. That is what is getting updated every night when you move money between banks. Banks want faster processing and settlement time because it de-risks them. There is less risk of check kiting and other scenarios where customer is spending money that doesn't exist. Bank listed in article is on the hook for $26 million because transfers and settlements aren't instant.

That's a pretty wild claim. Do you have any sources to support it?

I work at a major bank in Canada and can confirm this is the case.

There is - confirmed here by a dev - at least in our instance, absolutely no technical reason why transactions can not happen immediately.

It is an intentionally-staggered process for bureaucratic purposes, certainly.

Banks don't put your cash in high-risk investments, they put it in market funds to gains a few points

The point is, in this window they haven't put it anywhere yet.

One of the many reasons is that you don't want to see your money withdraw from an account on error, without a reasonable way to stop the process. That's why account owners are not interested in a system that immediately draws the money without recourse. The price to pay on potential abuse of the current system seems to be a small inconvenience.

Ha, this makes me think of PingFS [1] where the data is in the latency of the network, whereas here the money is in the latency of the banks.

1 https://github.com/yarrick/pingfs

Checks are, quite literally the least secure mode of non cash transacting. Yet the banking system is built in a way that checks are often either the fastest way to get someone money, or the only way certain merchants accept payment.

This technology should have been sun-setted years ago, and wire transfers should be free and instant.

My naive explanation is it must be really really really scary to modify a banking routine that affects an entire country's currency or even most of the world in some way or another.

If your iMessage doesn't get sync'd 1 out of 10,000,000 times because of some software bug then there's really no harm but if your balance isn't correct because of a bug in the software, that's a whole different category level of concern that has cascading negative effects.

I work as a senior iOS dev at a major bank here in Canada, and I can say this is by far the most likely scenario.

First off, killing cheques would have to be a Universal - global - and immediate, thing.

For as long as the technology is still in use (everywhere) - even for obscure purposes - it will remain supported and thusly these issues will remain.

Nobody in the bank industry is stupid enough to self-sabatoge by not accepting or pressing cheques, because when your landlord wants a stack of post-dated cheques (still) - you’re going to be flying to the next bank.

Updating a new system, yes, we’re careful, as all hell, but we push iOS updates consistently.

Destroying an old one that is still in place by unfortunate necessity? We can’t do that yet. Doesn’t matter how insecure it is.

We just focus on making the apps and web and the new technology that we have a lot more control over as secure as possible.

My bank makes it prohibitively expensive to cash/write checks. I think even SWIFT wires are cheaper, and those are _expensive_. SEPA wires are free though.

Risk is always an interesting thing to consider in software, especially with complex systems.

Let's say there are two bugs in our banking code. Bug A means that every once in a while, it fails and a user can't log in. Bug B means that the system always works, but every once in a while, it shows an incorrect balance on an account.

Hmmm... Which one is worse?

Well, that depends. Obviously B is very bad in some very obvious ways. But A could be catastrophic if one of the system's uses is doing something like making payroll for hundreds or thousands of people.


Sure it's something to consider. But what's worse...a system that may have minor bugs while upgrading; or one that lets low level criminals easily swindle the system for millions on an everyday basis?

Well, there's always been a huge difference between predictable small losses, and unpredictable ones with no limit. Variance matters a lot. Millions are negligible if you're processing trillions and the losses are shared by everyone.

You’re right, we can’t let low-level criminals swindle the system, we need that money for the really elite criminals running our multi-year system modernization IT projects.


Perhaps the reason it's not "solved" has to do with who benefits from the latency of check cashing process?

What do you have in mind? Who might benefit?

It is incredible how much banking system still runs on COBOL and nightly ETL processes running on mainframes!

Not really. Once the software works, there is no reason to change it (and cost incentives not to).

Indeed. Cheaper to keep COBOL folks on staff and the mainframe running than to rewrite it (millions vs tens or hundreds of millions of dollars in costs).

Honestly, that is not true. As someone who had to interface with these systems, the cumulative cost of keeping them running is far greater. There are number of layers which run of top of them to support modern age use cases. The problem is no CEO/CTO at big banks who wants to keep their job is going to pull the trigger and transform it, as most likely that project will run over budget and is risky.

You also need to pay to keep the new system running. That’s the real ‘hidden’ cost that you need to be aware of. COBAL may not be sexy, but it’s stable in ways most new systems can’t hope to match.

The experience in the UK of the TSB porting to some Java system written by Santander is a good lesson of why this is risky

You seem to be implying risk is not a cost.

True. And if you decide to re-write the software then you will be eternally re-writing that software to keep up with whatever is trendy.

> Once the software works, there is no reason to change it

Well, except it doesn't work and banks are no doubt lobbying the government to avoid having to actually offer "innovative" new products.

Their excuses to the government are no doubt "waaaaaahhh... we have all this legacy COBOL code and it would cost us MONEY to offer new services.... please protect us from any competition!!!"

(where "innovative" means something other countries have had for decades)

https://engineering.gusto.com/how-ach-works-a-developer-pers... (How ACH works: A developer perspective - Part 1)

https://engineering.gusto.com/how-ach-works-a-developer-pers... (How ACH works: A developer perspective - Part 2)

https://engineering.gusto.com/how-ach-works-a-developer-pers... (How ACH works: A developer perspective - Part 3)

https://engineering.gusto.com/how-ach-works-a-developer-pers... (How ACH works: A developer perspective - Part 4)

My note: The Federal Reserve is working on an ACH modernization program (Real-Time Gross Settlement [RTGS]) to move towards real time settlement. It is still several years off. Financial infrastructure requires the same cautious handling as say, air traffic control systems, when modernizing.

As someone who has sadly spent many hours of my life with my nose in the ACH regulations and trying to wrap my head around ACH ops I can confirm that the entire system makes zero sense for the modern world. Unfortunately, the system we’ve built up is so unbelievably & needlessly complex from both a legal perspective and a technology perspective that it’s hard for anyone to even make progress on the important stuff - like basic security. But the system is so interconnected and important that even “disruptive” new fintech companies are forced to find a way to get their tech to work with the ACH network rather than the ACH network figuring out how to modernize.

I have spoken with responsible parties at the Federal Reserve about the modernization process, and while they take it seriously (Powell was harassed about it during congressional testimony about Libra when Zelle was brought up), one must understand the momentum and inertia of systems of this scale. These are not "startupy" scale problems. Financial plumbing is boring and stakeholder, not technology, driven. As it should be: as a stakeholder, you shouldn't care what the underlying is (there are no tracks for a hype train here; these are systems that must run reliably for decades), all you should care is your money gets to you fast, the person who sent it can be assured it'll get there fast, and that the system is secure and cost efficient.

Basically, banks charge each other per each transaction. To minimize the amount they have to pay, instead of requesting thousands of small transactions, they batch things up into larger overnight jobs. The other problem is that banks can only directly deal with other banks that they have a relationship with. So to transfer money from bank A to bank C, where A and C don't have an account with each other, they have to go through bank B that they both mutually trust. It's kind of like a computer network where each hop between routers can take up to a day.

That's a mechanistic explanation though, not an explanation of why they don't share the information that would reduce fraud.

(they could batch the transactions/fees and still share information about the members of the batch…)

They're competitors.

You'd be surprised how often that is not true for secondary and support services.

In Canada we have many service providers (Interac and Symcor being two big examples)that are joint ventures between all the banks they service.

So things like (historically) bill printing and mailing and more currently fraud detection and various digital transformation initiatives are being done by these service providers, so that the banks don't all have to spend money on the same stuff separately (and can interoperate more easily).

As a bonus, they can also offer those services to other parties and increase profit for the bank owners.

In the US, it's FiServ and Early Warning Systems ("Zelle").

Without thinking too hard about it, it sure seems like sharing the information would be mutually beneficial, so I'm not sure why that would matter.

(it wouldn't be an antitrust problem, the communication would also benefit their customers)

This is comprehensible and I believe it but... it's stupid - and stupidity may explain an action, but it should never excuse an action.

See also J.K. Galbraith's "bezzle", from The Great Crash, 1929:

In many ways the effect of the crash on embezzlement was more significant than on suicide. To the economist embezzlement is the most interesting of crimes. Alone among the various forms of larceny it has a time parameter. Weeks, months or years may elapse between the commission of the crime and its discovery. (This is a period, incidentally, when the embezzler has his gain and the man who has been embezzled, oddly enough, feels no loss. There is a net increase in psychic wealth.) At any given time there exists an inventory of undiscovered embezzlement in – or more precisely not in – the country’s business and banks. This inventory – it should perhaps be called the bezzle – amounts at any moment to many millions of dollars. It also varies in size with the business cycle. In good times people are relaxed, trusting, and money is plentiful. But even though money is plentiful, there are always many people who need more. Under these circumstances the rate of embezzlement grows, the rate of discovery falls off, and the bezzle increases rapidly. In depression all this is reversed. Money is watched with a narrow, suspicious eye. The man who handles it is assumed to be dishonest until he proves himself otherwise. Audits are penetrating and meticulous. Commercial morality is enormously improved. The bezzle shrinks.


Would you want a bank to be able to see the balances in an account at another bank? Why? That seems like a security risk (in that that information is much more than is required for the banking system to function).

All you really want to know is "is this check good?" If I write you a check for $4.69, I don't want you or your bank getting access to the fact of my bank balance, just the fact of whether or not my bank will settle that $4.69 check.

Yeah also that's not how the process of check clearing works (instant account-to-account payments). Banks batch checks payable to the same counterparty institutions and then compare their liabilities against one another to transfer only the net. It's an extension of the historical process where banks would physically go to a clearing house with bundles of paper checks and tally the differences between institutions.

This is a laziness that really shouldn't exist anymore - it solved the problem of jim having to run over to that other bank twenty times a day, but now that jim is just electrons we should send him everywhere instantly.

You say that like writing testing, integrating with existing systems and maintaining the software to do that. The additional hardware. The insurance to cover losses and lawsuits when new system breaks is hacked. All the managers, Lawyers and others needed to craft agreements and contracts between thousands of banks across jurisdictions.

Is free.

Protip, it costs a lot of money. More money than it is worth.

So let's not do it because it's hard? I think it's a ridiculous attitude. It's an instance of where people that have the ability to change things don't have the incentives to do so because they aren't the ones bearing the cost. This is one example where the government could do some good by creating a spec for an instant money transfer system and say that they'll accept it at all government institutions by some time in the future. I think people would then do the rest.

No, it's not do this because it has negative ROI.

Who do you imagine the "us" is, in let's? It's not me and you, nor people in this forum. The banks that have negative financial incentive? The regulators who just caught this guy with the existing system as is and would never win the political battle to roll out this expensive system addressing a rare issue that already is handled? The average powerless citizen? Who will likely never be victim to this.

Calls for pie in the sky actions don't stop being pie in the sky just because they are just, reasonable, "good" for society. We live in a greedy capitalist society. At the society scale. If it's not causing so much problems it can't be ignored or if it doesn't make someone money. It doesn't happen.

You could still use that feature to enumerate how much is in the account by using a series of requests but that would be very easy to spot.

There's no need to know the actual balance, just a boolean value that is returned true if the account balance is above the amount requested, and false if it isn't. It's true that it could be abused by "bruteforce", but this could be throttled or put in a cooldown if too many requests are made to avoid such a scenario.

> All you really want to know is "is this check good?"

There's no way of knowing whether a cheque is good. The banks can always claw back the money from a fraudulent cheque.

There's some scams around that make use of the fact that people think a cleared cheque is a good cheque and that they money is now theirs. That's wrong, it isn't.

Not just a security risk; a securities risk. Banks are forbidden by antitrust and securities laws from some classes of collective trading action, and being able to see each other's account balances openly really skirts that law.

No, but it should be rather trivial to see if the issuing bank has enough on the account balance through an API. Plus the whole money transfer should be near instant, not take days for transfer and months to settle.

While attending college, I worked as a mainframe operator in the evenings at a data center for a bank. There are parts of the financial system which are most definitely not digital and not 'online' at all. For instance, each night I would have to dial in to a national server to download the transactions from ATM cards, then load those into the banks system. I don't know if that has changed, but that introduced a great deal of lag. The bank only operated on weekdays. And not on holidays. So anything done on those days didn't update the account information until the night after the next bank day. So if you went and withdrew money via ATM after 5PM or so (this is assuming the national system WAS online and realtime... I don't actually know that for a fact) on a Friday and there was a bank holiday on the following Monday, your account at the bank would not reflect that until Tuesday evening (I worked in the evening, and it was my responsibility to do that).

This was awhile ago, up until 2001, so things may have changed but I strongly doubt they have changed very significantly given that even then they were using an NCR mainframe which was literally the very last operational one of its kind (the owner of the 2nd to last one gave us theirs for free when they replaced it with a PC, so we got a DR site!). Their policy was to never change anything that cost a penny if it still functioned. When I left, the bank had been acquired by a larger bank and the plan was to move the smaller banks processing into the larger ones data center. I ran into one of my coworkers 5 or so years later and none of that had happened. Everything was still as it was.

I remember reading a semi-apocryphal story from the 70s where a criminal group rented a minicomputer w some logistics software package and used it to pyramid a huge check kiting scheme. They had some tech problems which caused the whole thing to implode, given the tight time constraints they had in keeping the money moving.

I think I've heard of that program.

"‘...Gordon’s great insight was to design a program which allowed you to specify in advance what decision you wished it to reach, and only then to give it all the facts. The program’s task, which it was able to accomplish with consummate ease, was simply to construct a plausible series of logical-sounding steps to connect the premises with the conclusion.

‘And I have to say that it worked brilliantly. Gordon was able to buy himself a Porsche almost immediately despite being completely broke and a hopeless driver. Even his bank manager was unable to find fault with his reasoning. Even when Gordon wrote it off three weeks later.’"

This is not a new scheme, anyone with time and patience can do this. The problem is how to make the scheme work on a large scale. This is what makes this case different.

I think the problem is how not to get caught.

Seriously. How did he actually think he was going to get away with this? Something doesn't seem right. What was his plan?

I wonder that about pretty much any case of embezzlement these days. With conventional larceny, a thief can appear clean after fencing the stolen goods, but moving money around other than as cash leaves a paper trail indefinitely. There's no point where you can say, "Now I've escaped with the loot, and everything's done."

Agreed, the timing was so precise in this case I just expected that he'd be out of the country by the time they came to his house a few days later. Maybe his plan was foiled when the banks froze his accounts almost immediately.


When I deposit a check in an account only a portion of it is immediately "available".

So I'm guessing they're just using that available proportion all the time?

Your bank is floating those funds to you until they settle from the other account. If the check bounces, you're on the hook for it. Hence the scam where someone sends you a fake check for a large amount, and asks for you to return the excess funds after you deposit it but before your bank has fully settled the funds transfer.

If you don't think a check will clear, don't deposit it. Ask for cash or a wire from the sender (cashier check fraud is a thing).

>>cashier check fraud is a thing

Indeed! Many people are not aware that even valid cashier checks can have a stop-payment put on them if someone claims the check has been 'lost'

Even when the rest of it is "available" it can be taken back after weeks if it doesn't actually "clear."

There's what you see as clearing vs. actual clearing.

I've also had, with very large deposits, to call my bank and insist they call the other bank because they only way they'll clear the check is through manual verification. (This was a big bank and a smaller credit union -- 15 days later the big bank would only clear the check with a phone call from the credit union, but wouldn't tell me why/how and took a lot of digging from me to get the hold lifted. It also turned out the credit union had given the big bank the OK two days in, but big bank's system didn't "read" it somehow).

In other words, things can still VERY manual when it comes to check clearing, particularly large checks.

This must explain why banks are so interested in blockchains.

I feel bad for those people who Paychecks got stolen, I wonder if they'll end up getting that back or did already since it mentioned "briefly pull"... People who work paycheck to paycheck probably struggles the most and then overdraft fees, stress, couples often fight over money, etc... So pretty shameful if you are working hard, and stuff like this happens. You feel like you are doing everything right and things still go wrong.

Even if they did put it back, still overdraft fees during that time if someone had a check cashed or automatic payment sent due to those funds being removed.

I don't know why anyone would think they could get away with a fraud this large. I just think this stuff highlights how outdated the banking system is.

I've always hated the idea of checks, I rather the money be gone right away then keeping track of it... Since checks still show on your balance even if not cashed yet. Then checks have your entire account number people could misuse. I have never wrote a check in my life though, but I know my family does for bills but I know more and more places have online bill pay... They trust mailing their entire account info than doing it online.

However I feel both banking and the whole social security number thing needs to be rethought. it's insane you use the same number for everything and you pass it around to employers, contracting jobs freelancing or affiliate programs that pay commissions, credit cards, cable company, satellite tv, cell phone, doctors, dentists, etc. Well I know for doctors and stuff they say you can refuse to give it, but pretty sure they'll give you a hassle for exercising your rights. I know a while back there was some dentist storing patient information in a unsecured FTP account.

> I've always hated the idea of checks, I rather the money be gone right away then keeping track of it... Since checks still show on your balance even if not cashed yet. Then checks have your entire account number people could misuse. I have never wrote a check in my life though, but I know my family does for bills but I know more and more places have online bill pay... They trust mailing their entire account info than doing it online.

Your reasoning isn't flawed but one big reason why I still write some checks is this: they're accepted as payment for free by the receiver where most electronic methods are charged. For example, my apartment's management company charges me $12.95 for a one-off direct debit payment, $6.95/payment for an automatic recurring debit payment, $32.50 for a payment made by debit card, or a whopping $109.55 for a payment made by credit card.

(This means that the free--or at least "included in my rent"--payment option is for me to write a physical check and put it in the night drop box the day before rent is due and then their employees have to deal with the check, as opposed to the computers handling it all. Since the night drop is right there on my way out the door, the convenience factor is still high for me.)

I don't like checks but I flatly refuse to pay money to pay a bill. If I owe you money, you will figure out how to accept it in a way that doesn't cost me more. What I owe is already figured into the balance; charging me more to hand you money is obnoxious. My apartment company isn't the only company like this so I still hand out about 20 checks per year. Fortunately, my credit union gives me one box of checks for free every year and I only use less than one book of them per year so there's no added cost there, too.

Check if your credit union has online bill pay. Mine does. I used to have a landlord who was the same way about checks. I could set it up so that the bank mailed them a check every month for no extra charge. It was like paying online, and they handled all details.

With some banks, you don't even need the recipient to set up anything. The bank will just mail the check to whatever address you enter.

It's mind-boggling that this is cheaper and lower hassle for me than the alternatives.

Everyone says to do this but the blocker is that my rent must be paid on the 1st of the month and my paycheck arrives on the last business day. Because of the archaic system that we in the United States call "how to move money between accounts," and my credit union outsourcing its bill pay feature, the check will not be mailed until the funds are present and it is sent from the East Coast when I live in the Pacific time zone so I stick with the 52-second walk from my apartment to the drop box.

Yes, I could leave sufficient money in that account to deal with it but I send most of my paycheck to savings and retirement accounts that earn much better interest than the paltry 0.05% my credit union's checking account gives me. Plus, the walk is good for my health.

the only way to fix this is to save enough money to haver "another" rent payment on your bank account. sadly that does not work for everybody (thats even more sad than the banking system the us has. I live in germany and I never seen a check)

The average hn reader who works at a well paying professional job has no concept of how many people in the USA live literally paycheck to paycheck with no buffer of savings.

well thats what I meant. It's really sad that some people do not got enough money to have savings.

take a look at plastiq.com

They have a 2.5% fee, which again means you're paying to have the privilege of paying someone.

Money costs money.

My town is the same way. They use some outside service that charges for paying online. Checks are free--stamp aside. In practice, I mostly pay online through my bank which cuts them a check--which is mostly the same thing for me and is free.

I assume the deal is that an outside service sets up these things for municipalities for "free" but they take a cut so the person paying the bill pays for the free service.

Those ‘convenience charges’ seem absolutely bonkers living outside of the US. Surely you’d want to incentivise a direct debit if it meant you got paid on time, regularly? No excuses about lost cheques, less risk of late payment...

My utility providers (Ireland) charge 2-5% less if you setup payment by direct debit here, so they at least agree with you.

> Your reasoning isn't flawed but one big reason why I still write some checks is this: they're accepted as payment for free by the receiver where most electronic methods are charged.

And it's not just monetary charges. It's also a desire to not demonstrate consent when I'm blasted with a CAPTCHA. The instant I get a CAPTCHA, I reflexively hit Ctrl-W to close the tab and either (1) take my business elsewhere or (2) mail a check in.

It's especially infuriating when they wait to hit me with a CAPTCHA at the very end of the process, after I've already copied over account numbers and other information from the paper bill they sent me. I'll find any way I can to waste the time of that company's employees at that point.

I'm confused. Why do you hate captchas so much? I can't see why anyone would draw the line there. I mean, how else are electronic forms supposed to prevent spam?

Not my problem. Don't make me play stupid and infuriating Google-AI-training games just to pay you.

Why would they want to prevent spammers from sending them money?

Don't hate the player, hate the game. That captcha probably exists to prevent some kind of automated fraud that you aren't aware of.

If you have a better means of stopping automated fraud, you could make yourself a tidy amount of money...

That is quite insane. Card payment fees are illegal in the EU for the consumer, and interchange fees are capped at 0.2/0.3% for the merchant. It should cost the merchant less than 2% all in.

Add in the cost of chargeback risks and dealing with that.

Checks are far less risky for the payment receiver, it’s much more difficult dispute it and yank the money back.

For rent/mortgage checks, it would take 10 minutes to write 12 post-dated checks, put them each in a (pre-stamped) envelope and file them in a locked drawer. Comes that time each month, walk to Drawer, pick up envelope and drop at Location.

Yep, you've correctly deduced what I do. At lease renewal, I write out twelve more checks and drop them in a convenient location. When my phone reminder chirps, I take the next envelope to the drop box, usually along with the recycling to the hopper in the adjacent room.

All that assumes you don’t travel a lot. Anything that requires me to mail a physical check is definitely in exception processing territory. Mostly I either setup payments through my bank or pay well in advance if due dates. Means I cover a fairly big float but don’t have much of a choice.

Those fees are outrageous.

Just last December, I mindlessly selected my credit card to pay my quarterly property tax, and was hit with a $97 fee. Yeah my fault for quickly clicking through and using my browser autofill, but I was watching a TV show thought it'd be just a few dollars.

I had something like that for utility charges at an apartment.

The apartment staff would not take a check...and there was no posted mailing address to send it too either. There was no way to pay the bill except to also pay them a fee. I hated that just on principle the entire time i stayed there, and is, in fact, my biggest complaint about that apartment complex (which otherwise was a delight to live in)

Yeah, I heard that's with the water bill they charge extra to use a card... I still am at home, but things like that sound annoying when I get my own place... However since doing programming can be remotely, my dream is to be a nomad or full time RVer instead. I think the idea of staying in one place all your life is boring and can follow the weather too.

However I know some phone and satellite tv companies give you a tiny discount if you pay online. Also another thing that annoys me, with satellite radio in the car apparently you can't cancel online. You have to call and be put on hold and then they try to retain you. Seems so unfriendly, I know they don't want people to quit but people sell cars, etc... and knowing that it makes me kinda not want to signup in the first place on a new car, but it is a nice service at least using it.

My landlord used to accept paper checks only.

They he set up some form of electronic payment that took something like 1.5% of the amount paid; it seemed to be largely ignored because paying extra $20-30 feels like more expense than spend time to write and mail the check.

By now the landlord set up another electronic payment system that takes a fixed $2.99 fee for the transaction. I've never written him a paper check since then.

So, if you want to not walk to the bank with a wad of checks, find a payment provider with a right price.

"Computers handling it all". Not quite. You would be surprised how big of an effort it is to reconcile cash in the bank compared to what you charged on a credit card. This is before even accounting for chargebacks and fees.

How much is your rent, if you don’t mind my asking? Those fees sound exorbitant.

I used to do ACH transfers since those were free at the last place I rented. The management company only charged a $3 debit/credit card fee...

My rent is $2,385/month but they are flat fees charged by the electronic payments processor. (I've confirmed with a friend who lives in the same set of apartments but who has rent that is half of mine that the fees she sees online are identical down to the penny.)

I use a check when I want to preserve a record of payment. Mortgage and rent are perfect examples.

It's pretty mental that the US still uses cheques for paying employees. I'm 26 and have never been given a cheque and all payments have been electronic.

By and large, the US doesn't use physical checks for paying employees. (we use the word "paycheck" colloquially) It's required by (possibly state?) law that companies allow direct deposit if you so choose. But it's an extra step the employee has to take, and many don't. It's technical debt for the employer to just give the employee a physical check and say "it's your problem now" than to pester them to provide their bank account information.

My first paycheck from my first summer job in high school was a check, and my severance from my last company was by check. Other than that, it's all been electronic. My previous three jobs don't allow regular paychecks by physical check, you have to have direct deposit. Physical paychecks are definitely the exception, not the norm.

There's also a lot of resistance to electronic banking in... certain circles. I'm not sure what they think "normal" banking when you speak to an actual teller is.

A lot of unbanked people are not crazy or freedom nuts or anything, but just dirt freaking poor. It costs a lot of money to run a bank account with only a few hundred dollars in it. Add to that the fact that many banks purposely reorder transactions to force you to take as many overdraft fees as possible, banking for those living paycheck to paycheck is not cheap

> A lot of unbanked people are not crazy or freedom nuts or anything, but just dirt freaking poor. It costs a lot of money to run a bank account with only a few hundred dollars in it.

Where? Everywhere I've banked offered checking accounts for completely free with no minimum balance, and I know many credit unions operate this way. If you're paying money to your bank, stop it.

> Add to that the fact that many banks purposely reorder transactions to force you to take as many overdraft fees as possible, banking for those living paycheck to paycheck is not cheap

This is really scummy but many banks allow you to, for debit cards, deny the transaction instead of overdrafting. That won't help with bounced checks or electronic transfers but it can make a big difference.

I own a restaurant in the SF bay area, and nearly all of my employees prefer cash or paper checks even if I offer direct deposit. (Not paying under the table - I still withhold and issue W-2s...)

Most major banks in the US require something if not a minimum balance to waive the monthly fee. Something like $x threshold for certain direct deposits, or you're a student/young adult, or you use your debit card x times a month.

Smaller banks and credit unions can have problems too: locations or lack of participating ATMs or the same problems as the big banks. There are absolutely scenarios where it can be easier (time and money-wise) to just go to the check cashing store.

Some unbanked people are undocumented and afraid to open accounts that might be closed/seized. Some have piss poor credit. Some of those folx won't be able to open new accounts because their chexsystems report has some negative item on it. A single issue like your car breaking down once can snowball into a much bigger situation.

> deny the transaction instead of overdrafting

Honestly, for paycheck to paycheck folx, this can still hurt. There won't be $200 in overdraft fees, but imagine, your PG&E bill is now past due because they couldn't charge your card. Now they want $20 for reconnection on top of the past due bill and 2x more in the form of a deposit due to bad credit. Welp, maybe the $200 in overdraft fees would have been easier to deal with.

Living paycheck to paycheck sucks for so many reasons, and so many of those reasons out of the individual's control.

>There's also a lot of resistance to electronic banking in... certain circles

In the USA as of 2017, 8.4 million households (6.5% of households) don't have any bank account. [1]

[1] https://www.fdic.gov/householdsurvey/

Undocumented immigrants are about 5% of the workforce, so that could account for most of them.

We have a small business and print checks manually for employees. With 50+ employees and majority of them working less than 10 hours per pay period, the per employee cost to use a direct deposit/payroll service is cost prohibitive. With our employees being typically over 40, it's been rare to even have someone request direct deposit. Just thought I'd share a different perspective than the typical HN crowd.

Direct deposit has been a thing for literally decades. Someone over 40 has likely had direct deposit as an option their entire working life.

Yeah. I've worked for many thousand person employers down to those with less than 10. I haven't had physical payroll checks to deposit since at least the mid-eighties. (Probably longer but I just don't remember.) Probably took longer for all expense etc. checks to go direct though as they're often through a different system.

I ran payroll for a 20 person company (US) for seven years, not a single person asked for or received a manual check in that time frame. This was between 2005-2012. I was the only person there under 40 years old.

"for a 20 person company (US) for seven years"

That's an odd way to phrase it, since it doesn't seem like a particularly large sample as you state it. So how many individuals are you talking about, given your turnover?

Back up here. OC said "we run a small business and print checks manually". OC also said "With our employees being typically over 40, it's been rare to even have someone request direct deposit." So I responded from my own experience running payroll at what was also a small business, with employees who were also all 40+ years old. Where the heck does sample size come into this? It’s completely beside the point. We’re sharing anecdotes here, not research projects.

The issue is that the cost of direct deposits should be lower, so that they can be more widely adopted

Never dealt with finance/payroll. What is the typical per-user cost associated with direct deposit? I figured being as pervasive as it is that the cost was negligible.

We also have high turnover so maintaining direct deposit info doesn't make sense either. It ends up being around $10/mo per employee for a low-end payroll service which includes direct deposit/year end taxes/forms/etc.

The vast majority of paychecks are electronic transfers. these weren't physical checks that were stolen, it was a diversion of digital transfers.

Except that as a result of that, the people were actually debited their entire paycheck, or even two! So it was stolen in this case, even if temporarily.

The (retail) US financial system is archaic and competes with Healthcare in regulation creep and backwardness. The first time I ever saw a check in my life was in the US.

Once I was buying a house, and my bank would write a cashier's check for free, but charged $50 for a wire transfer.

So I walked a $300K check from my bank two blocks to my escrow company to save the $50. The check must have been more expensive for everyone to handle (even at the bank, they had to wait for a manager to operate the special "check typewriter" - not everyone was allowed to operate it), but for whatever reason, it was "free".

When we bought our house, we also went the cashier's cheque route for the downpayment, but had a tremendous surprise: the cheque bounced when the lawyers tried to deposit it! I called the bank, and a manager met me at the door. He couldn't figure out what happened, but they re-issued the cheque and it all went through...

I once tried to speed up a transaction and got a cashiers check. Only to find out that a hold was placed on it because it slightly was more than typical for the account. The hold was for 7 business days which turned out to be 2 weeks (it was a Friday). Of course they couldn’t reverse the hold not giving me back the check. I said ‘don’t you think people will start walking around with cash if you keep doing this’ - they said yes, cash would be faster. Meanwhile spacex is building starship. And Suntrusts wire fees are $60 last time checked and take an hour to complete (in the branch because you pay extra to have that as an online feature). Also, did you ever try to amend a wire transfer because of a misspelled letter? That’s a procedure. What a waste of capital in a digital age.

I'm in the US and haven't been paid (payroll) by check in at least a decade.

Also MyPayrollHR did have direct deposit:

> This communique came after employees at companies that depend on MyPayrollHR to receive direct deposits of their bi-weekly payroll payments discovered their bank accounts were instead debited for the amounts they would normally expect to accrue in a given pay period.


Most people get paid electronically. A lot of things people don’t realize is that at 330M+ people, the US has a lot of legacy systems due to the sheer size of the population.

I don’t buy this argument at all. The EU is 500mm people across 24 different countries, speaking many languages, and I had no problem paying and receiving money from anyone in any of those countries.

US banking is a decrepit mess because the treasury allows it to be.

> and I had no problem paying and receiving money from anyone in any of those countries.

And no one in the US has problems sending and receiving money from anyone else in the US either...

The parent's point is that legacy systems still exist in the US, as I'm sure they do in the EU. That doesn't mean that getting paid by a paper check is particularly common for regular workers. The vast majority of people are paid electronically. No one likes dealing with checks and for the most part no one really has to. The only times I ever do that is when I'm paying a contractor many thousands of dollars for e.g., work on my house. Usually those guys are older and self-employed, and either don't know how to accept money electronically or don't want to because of fees (and I don't blame them). In those instances I get a cashier's check made. That's the only time I have to deal with it.

There are of course instances where an employer might not provide direct deposit because they find the added expense too much to bear (as another poster pointed out). We're not living 50 years in the past, as you might imagine. Checks are not particularly common.

> The parent's point is that legacy systems still exist in the US, as I'm sure they do in the EU.

And the actual point is that no, they don't, they were cleared away because their existence is a pox on everyone.

Having seen both systems upclose, for the average consumer the European banking system is about a hundred years in the future from the American one, which is a steaming hot cesspit of legacy systems and banking institutions that spend all their time figuring out ways to milk more money out of consumers.

Case in point:

> or don't want to because of fees

It's not okay to charge people fees to send or receive money.

(Technically, European banks still can do that, but since the EU has forced all banks to accept transfers from each other using a common system, and that all money transfer are executed as "shared fees" where the sender pays the fee to their institution and the receiver pays the fee to theirs, free and open competition has driven the price of sending and receiving money to 0€.)

> And the actual point is that no, they don't, they were cleared away because their existence is a pox on everyone.

You’re telling me checks don’t exist in the EU anymore? Forgive me for being skeptical.

> where the sender pays the fee to their institution and the receiver pays the fee to theirs, free and open competition has driven the price of sending and receiving money to 0€.)

You’re gonna have to elaborate, because that sounds like both parties pay money to perform an exchange, which is even worse than what we have, where one party does.

Are you saying that if I wanted to pay someone $100 I have to cough up an additional $5 and the receiving party has to pay $5 to get their $100? In what way is that “no fees” unless the receiving party is reimbursing the paying party directly? Unless I’m missing something here, a transfer of $100 cost $110 under this system.

> Are you saying that if I wanted to pay someone $100 I have to cough up an additional $5 and the receiving party has to pay $5 to get their $100? In what way is that “no fees” unless the receiving party is reimbursing the paying party directly? Unless I’m missing something here, a transfer of $100 cost $110 under this system.

You pay the fee to your banking organization, which is 0€. The receiver pays the fee to their banking organization, which is also 0€.

Or in other words, there are no fees.

The idea being that the EU has made it very easy to switch banks, and forced a regime where a customer can freely pick the bank that has the lowest fees, which lead to a situation where no bank that wants to retain customers can bill them for transferring money.

> You’re telling me checks don’t exist in the EU anymore? Forgive me for being skeptical.

They still exist in a couple countries but have completely disappeared in most. When wire transfers are free to consumers and cost cents to business account holders, why would anyone use something else?

I just did a Google search for caching checks in my native language. All the top hits were for forum posts on the theme "I just got a check from the US, how do I deposit it?" I suppose I could deposit a check with some hassle. If I really wanted to, I also suspect I could figure out out to write a check. But I really doubt I could find anyone who would accept it. I am also certain there is no way I could deposit it without it being cleared first. The check float thing still boggles my mind.

Yes, in most EU countries checks are nearly nonexistent, and a large portion of population have never ever seen (much less used) a check even once in their life, it's something you read about in literature and hear mentioned in American media. IIRC they're quite popular in United Kingdom still, though.

I worked in a bank for a bunch of years, a decade ago we were processing <100 checks a year, which was an unusual (and expensive) service; about half of the checks was companies doing international sales to unusual countries and the other half was scams; so that business was shut down - some banks do offer a service of cashing checks, but many banks will not.

A wire transfer to an account in another banks is (depending on your bank) either free or something like 0.15-0.30 eur, certainly cheaper than a stamp if one would need to send a paper check.

Yeah, a lot of places offer direct deposit. Then some employers even offer like some type of prepaid debit cards with your pay loaded on it, I guess for the unbanked.

I remember 10~ years ago when I worked in the U.S., every month I'd get an envelope with a check. I'd stop by my bank on my bike ride home to deposit it. Now that I think about it, not sure why it couldn't have been done bank-to-bank directly.. Possibly there was an associated cost that the employer couldn't be bothered to cover.

~21 years ago I worked for a small company who didn't offer direct deposit because of the cashflow implications -- having to transfer money to the payroll processing company several days in advance -- and often we'd be handed our physical checks before they'd put the money in their payroll account, so if I'd walk over to their bank at lunch they often would not cash them.

All of which is disturbing to me now but I was young and dumb and didn't stay with them long.

(A few years earlier, I had an after-school job at K-Mart and they paid everyone with actual cash in an envelope!)

They don't (usually), you usually set up direct deposit to get your paycheck deposited into your bank account electronically. In fact, my employer actually requires direct deposit - it's the only way they will pay you.

Also, the government no longer sends out physical social security checks, they stopped doing that like five years ago.

A cashier's check was required as my first payment for an apartment, every payment after can be done through online. I still don't understand what the purpose of the initial payment was.

A cashiers check is cut by the bank and not you. You pay the bank, bank writes the check, landlord gets a check they draw from the bank, not your account. It’s very hard to reverse cashiers check so the chance of it bouncing is extremely low.

A cashiers check is known good funds, online transfers aren’t.

Perhaps some form of bizarre ID verification, or the simplicity of handing that cheque back to you at the end (assuming it’s a security deposit?)

It's just an idiom. When you hear a financier talking about being in cash it doesn't mean they have a giant stash of currency notes piled up in the corner of their office.

Usually, you fill out a form giving direct deposit information, and then they give you a paper check for your very first payment. Once you deposit that, verifying your account information, all further payments take place electronically.

I'm 35 (I think!), the last time I received a cheque in the UK was 2001

Little bit older. Never in my whole life used a cheque in Germany. Then I moved to canada, and learned it's a common thing here. Salaries are by default paid with cheques, people pay their rent with them, etc. I was genuinely surprised when I opened a bank account and they wanted to give me cheques (and even charge for them!). I however got around using them - things can also be paid electronically by setting up direct deposit. It however always feels like the non-standard way.

At 25 the only check I receive is worth £24.82 from the second settlement (money held "in case") of a will. I tried getting them to just BACS it like the first settlement... but they won't BACS less than £25

They also refuse cash and donation as a settlement, so in the spirit of the deceased I don't cash it, and a new one arrives every six months.

I guess I'll find know the Solicitor has retired when the cheque stops coming...

I get dividend cheques twice a year from some shares I hold and about four expenses cheques

Does Japan still give people cash in envelopes? Or are they electronic now?

> I know a while back there was some dentist storing patient information in a unsecured FTP account.

There are thousands, if not millions, of people doing business like this. When I was shopping around for a home mortgage, a broker that I knew by personal family recommendation had me send tax returns to hername@isp and I, figuring that this stuff could land anywhere regardless of whether the broker operates so sadly, applied AES to the PDF and sent it on over, calling by phone to provide the password. I guarantee 99% of her clients don't bother. And I wouldn't be the least bit surprised to learn that she renamed the saved file on her computer to include the password.

Probably doesn't matter now, but including #, %, < and similar characters in password helps with that. :)

"Cachet ultimately decided to cancel all of those reversals and absorb that $26 million hit, which it is now trying to recover through the courts."

So I don't think anyone is out, right?

Yeah, but wonder if people got any overdraft fees, etc during that time since the money was temporary missing because they expected it to be there for the checks or automatic payments. Usually $35 a pop, so could add up. So your money missing and overdraft fees sounds so devastating.

I know a while back the local news was talking about this issue and interviewing workers, and some of them were unsure about their money. but sounds like they got it back at least. So sounds like now just a court battle, but at least the individual workers aren't involved in the nightmare directly it looks anymore.

Sounds like it probably was days before putting it back, as they had to call and talk to someone - told them it was a mistake then later yet another disappeared... Then call again, etc... Even a Facebook group was started with many employees who all had the same issue.

Here's the clip https://youtu.be/ELZaXpJiMFU

Those overdraft fees are absolutely reversible, it's just a pain to contact the bank to have them reversed.

Just make it the company's responsibility to do that on behalf of the people it inconvenienced. Dumping the responsibility for those things on the injured party is fundamentally unethical.

Yeah, it'd be nice since this became major news nationwide news for banks to forgive any overdraft fees. Probably a bank by bank thing, maybe even case by case thing.

> Well I know for doctors and stuff they say you can refuse to give it

You can refuse to give it to anyone who doesn't need it for tax purposes. Which is almost everyone. But, this is the stupid part, they can refuse to do business with you on that basis.

> I feel bad for those people who Paychecks got stolen

Per the article, Cachet Financial Services ended up holding the bag. They tried reversing a bunch of payroll account payments, but ultimately relented. Presumably some of that money will eventually be recovered.

> I don't know why anyone would think they could get away with a fraud this large.

Given the M.O., it's likely that this started small (as most fraud does). He cheated once with a float to cover a shortfall, then started making larger and larger bets. And eventually he lost a bet too large to cover, and had to try cheating in a different and more dangerous way with money in the payroll account, and got caught.

the bank ended up taking the hit and is attempting to get the money back through litigation.

1) this guy will spend many years in prison

> That action caused so much uproar from affected companies and their employees that Cachet ultimately decided to cancel all of those reversals and absorb that $26 million hit, which it is now trying to recover through the courts.

2) Cachet is as useless bank ran by useless apes that don't know the basics about banking, their internal audit must be a bunch of untrained monkeys. I have investigated financial frauds for quite a while, and removing the funds from the employees, is the best way to make them walk out and never come back. This story has so many holes, a $20m+ was diverted from a corporate account to a personal account and systems didn't go off???

I see on Catcher's website: "The World's Most Convenient ACH Payroll Processing Services" yups, well played Cachet!! Key word there is "convenient" which always makes me run to the opposite direction when it comes to financial services and security. That website needs a "military grade security" to be complete!

Edit: I know my sarcasm is all the way to 11 but this story has has so many control points broken (or worse non-existent) for all these to happen, that I am getting a headache just by thinking of this story.

Matt Levine's take from a few days ago. As usual, humorous and insightful.


I love it this part: "The guy with a button that says “Steal $30 Million of Paychecks” doesn’t press it the first chance he gets. That would be stealing! He is a moral human being, he has standards, he stays well away from that button even if he is also simultaneously running a bunch of complicated frauds. You can look yourself in the eye when you’re running a complicated fraud;"

He's bang on.

I'm curious what his "other companies" were, that they became a source of such financial pressure. One would think a payroll middleman has the easiest job in the world next to printing money. Companies put money in the kitty, you disburse the monies to other parties and take a cut. HN crew could probably set up an event-sourced system with Lambda to automate it all. 8000 employees, that does not seem like a lot?

> One would think a payroll middleman has the easiest job in the world next to printing money. Companies put money in the kitty, you disburse the monies to other parties and take a cut. HN crew could probably set up an event-sourced system with Lambda to automate it all. 8000 employees, that does not seem like a lot?

Oh falling into the "could built it in a weekend" trap? Go right ahead, start a payroll company from scratch that can correctly pay, with proper auditing, checks and balances, any employee in the US (nevermind international) as quickly as possible, deal with wage garnishments, special deductions (401Ks, IRAs, FSA, HSA, and so on, part-time hourly and full-time salaried, bonuses with net-to-gross and gross-to-net, commissions for sales people along with "draw").... annnnnnnnd go!

Wage garnishments! Nobody mentioned anything about wage garnishments! :washes hands:

Heh, I beg your indulgence for my cheeky comment, I of course know nothing of this matter, it seems easy, as all those task you mentioned can be converted to single rules. Not a weekend worth of work, but perhaps 20 weeks worth of work for a prototype?

The hubris of this is wild - a payroll system that is compliant in every US state and accounts for the many, many nuances of the US financial system is no small project.

> it seems easy, as all those task you mentioned can be converted to single rules.

Single rules, yes. For each State in the US. And every other country in the world. And that can change at any time of the year. Oh, and nobody form those various state and federal government agencies are reaching out to tell you when and what is cahnging.

And GP just listed a few things off the top of his head - there are literally hundreds of complexities in doing this that he glossed over...

Have you ever seen how hourly employees get paid? Especially ones at union shops with crazy rules about overtime? And employees grandfathered in under older "legacy" rules" Or employees operating under one-off rules? And each employer you take on has their own set of crazy rules?

Dude. Stop while you are ahead. Payroll is edge case upon edge case upon edge case. And if you fuck up any of those edge cases, you are fucking up some poor soul's livelihood (or maybe making their day and the expense of their employer!).

C’mon, I think the right response here is for you to realize there are some serious unknown unknowns here and now out before you become the next “you can build a system yourself quite trivially...”

Sure, you can create a non-union, full-time, no overtime, citizen/permanent resident, no taxable benefits, CA resident and company location only payroll company “trivially,” but who the hell would use your software when there are ones that handle much more complex situations?

Is there a non-paywall way to read this?

Outline works: https://outline.com/ktXMjW

The easiest, though, is to simply subscribe to his newsletter, which has all the articles in full. There is rarely an edition I find myself immediately archiving.

He sends the full articles on his mailing list - the link is at the bottom of that article but if that's behind the paywall too it's here: https://link.mail.bloombergbusiness.com/join/4wm/moneystuff-...

You should be able to read it by disabling javascript.

Thank you!

You can subscribe to this newsletter and get the full texts by email

>Check-kiting is the illegal act of writing a check from a bank account without sufficient funds and depositing it into another bank account, explains MagnifyMoney.com. “Then, you withdraw the money from that second account before the original check has been cleared.”

Can someone explain why banks don't have systems in place to detect this kind of fraud? It seems like even the most minimal communication between banks would help detect it.

Because in some parts of the world banking is a historical pile of hacks on hacks on hacks held together with bailing wire and twine.

Also banking is a hugely complex problem involving two of the hardest things to deal with, money and people.

It's particularly the case where you have a lot of small banks geographically spread out running a variety of legacy systems all of which talk to each other in weird and whacky ways.

I'm surprised kiting still works though.

It would be amazing if someone could come with a useful technology that solves this particular set of problems. Something like a public distributed ledger where all transactions are validated by a majority of actors in a trustless system ... oh wait.

Gosh, if only that system didn't have its own huge set of drawbacks.

If the world used that system, we'd run out of electricity

And probably ruin the planet in under 10 years if everyone got on the mining craze

Yeah, I can't even imagine. haha.

You don't have to mine Bitcoin to send and receive Bitcoin.

> wait

I'll wait! 'Cause if it got even remotely adopted and mainstream, I'll be waiting... for years or decades.... before I can ever hope to make a single transaction.

Yup. Nothing like Satoshi's Glorious Blockchain and its blazing fast 4 transaction per second reference implementation that is Bitcoin.

Yeah and we can secure it by requiring people to waste huge amounts of electricity to prove their stake in the system!

More or less the same reason as to why the USA still uses checks as much as it does: the USA’s banking system lives in the 1950s or thereabouts.

Example: https://en.wikipedia.org/wiki/Paycheck says

”A paycheck, also spelled pay check or pay cheque, is traditionally a paper document (a cheque) issued by an employer to pay an employee for services rendered. In recent times, the physical paycheck has been increasingly replaced by electronic direct deposit


A salary statement, commonly called a payslip, pay stub, paystub, pay advice, or sometimes paycheck stub or wage slip, is a document that an employee receives either as a notice that the direct deposit transaction has gone through or that is attached to the paycheck.“

The French and Swedish versions (sorry, can’t check the other ones due to language issues) of that page only discuss the pay slip, I think because “recent times” started half a century ago in those countries.

I think it also is telling that that page doesn’t even have a German or Dutch version linked to it, while https://de.wikipedia.org/wiki/Entgeltabrechnung (German for ‘pay slip’) exists

It might be interesting for a poll: when did you last receive a physical pay check, and in which country?

Early 80's in London and that was a special case of a Lebanese /Arab company - they had had some problems in the past with direct debit and the Majority of staff wanted cheques.

I just used to walk over the road to my Natwast branch and deposit it at lunch time.

It's the price you pay when being the first to try something out. You figure out all the issues for the next generation.

For the majority of professional Americans, we receive our pay via direct deposit so we never see a pay check. The working lower-class still uses pay checks since they're paid on a weekly basis. I think when margins are thinner, it's cheaper to write checks than to set up direct deposit.

Lots of lower-income people don't have a bank account into which direct might be deposited. They can still pay Wal-Mart a nominal fee to cash the check. No employer is willing to pay cash because IRS are such hardasses: they claim that cash payments can't be audited. Also, a cashed check is proof that an employee actually got paid, which is important for certain types of employees.

”The working lower-class still uses pay checks since they're paid on a weekly basis.”

How does that follow? People make electronic payments of a few dollars millions of times a day, with the banks still somehow making money on it. Now, paying a few hundred a week isn’t feasible?

”I think when margins are thinner, it's cheaper to write checks than to set up direct deposit.”

From what I know about automation and American banks, I (perhaps too cynically) think it’s less about being cheaper than about being more profitable for the banks.

How would maintaining the infrastructure to move pieces of paper around, check them for validity, moving the necessary cash around, etc. be cheaper than scaling an existing digital system to handle 10% or 20% more customers?

I meant cheaper for employers. My brother works for a small tile laying company and they all prefer to get checks. It's kind of a blue collar/white collar divide in the US

I currently get paid weekly, and it's by direct deposit. The last time I got a check and took it to a check cashing place they charged quite a bit.

It seems to me that the obvious reasons for not using a bank account are not the ones people mention in these threads. The ones that occur to me are:

- You're not a legal resident

- You're in ChexSystems

- You're subject to some sort of legal judgment or garnishment

> Can someone explain why banks don't have systems in place to detect this kind of fraud? It seems like even the most minimal communication between banks would help detect it.

The US banking system is built on a foundation of batched communication, with batches arriving via mail several days later.

Each bank is operating as an independent ledger, with no global awareness; so, while each bank can see the deposits may be coming from the same account, they wouldn't necessarily see that the check redemptions were going into the same account. It's not unreasonable to get a series of checks from the same person, or to make a series of payments to the same bank.

Because of the delays are inconsistent and sometimes complex, it's more convenient to act on the shared fiction of deposits being immediate, and take escalating punitive action when the fiction unravels. Ex: large fees for both despotiting a check that is not honored, and writing a check that is not honored when presented. If it happens frequently, your account may be limited to transacting only in fully cleared funds, and you may be blacklisted from banking through credit reporting companies, or referred to law enforcement.

However, there have been several changes to shorten clearing times in (somewhat) recent times, including Check 21 in 2004, which allowed all checks to be processed as images instead of paper, and Same Day ACH starting in 2016, with planned enhancements through 2021. As the clearing window shortens, kiting becomes less feasible and useful.

Banks do sometimes verify funds manually, but keep in mind that verifying a balance still isn't a guarantee that a check will clear. The balance can change between the time of balance verification and check clearing.

What's needed to fully solve something like this is to put a block or reservation on a chunk of funds. So when bank A checks whether there's sufficient balance at bank B to clear a check, they'd need to put some kind of hold on those funds at bank B to have confidence that the check will clear. This is basically what credit card authorizations do, especially if the credit card is attached to a checking account.

> if the credit card is attached to a checking account

Isn't that a debit card (rather than a credit card)?

This will not work well unless the bank account has some age to it and previous transactions. They are legally required to make $200 available immediately. Most major banks will clear it all to you overnight after 30 days if you deposit it in time for the ACH to process overnight. That will require the account it is written from to actually have the funds in the account.


As a long-time Raymond Smullyan fan, I was delighted to read the different article about Ghosn and Nissan and undisclosed compensation.

Matt raised a Smullyan-esque question:

If the act of prosecuting Ghosn meant that the undisclosed compensation would no longer be paid, does that mean that prosecuting the crime prevents the crime from occurring?

I suppose the rational answer is that the crime is in the conspiracy to attempt to do the thing, not the successful carrying out of the thing, but still, it is amusing to imagine a crime that is only a crime if it isn't revealed to be a crime.

$200k bail seems low for the crime. He tried to disappear - why offer bail?

You are generally entitled to bond, unless there you are: a) a danger to the community; or b) a flight risk.

Obviously, if he tried to "disappear" previously you could argue that, but now his passport has been confiscated. And usually the higher profile you are the easier it is to argue you aren't a flight risk.

Because someone perpetrating massive frauds, or whatever, couldn't buy a fake passport and hire a private plane to a non-extradition territory?? /s

If there's any indication a perp might fly then you should keep them inside, passport or no.

>If there's any indication a perp might fly then you should keep them inside, passport or no.

I'll stick with the case law. The Court looked at the risk of flight here with all the evidence (which is more than you or I can say) and determined he is not a significant flight risk, I'll side over your gut feeling since he fraudulently took money, he can get a fake passport (1 has nothing to do with the other).

It can easily be argued any criminal defendant "might fly", so essentially under your proposed standard no defendant would be entitled to bond (you wouldn't be the first to argue such a thing). Innocent until proven guilty and all that jazz. And yes even with a confession you are still innocent until adjudicated/convicted, its not like police don't have a history of obtaining false confessions or making confessions up out of whole cloth (I know, that's not applicable here).

As I said the higher profile you are/the case is, the more difficult it is to abscond anyway. If he gets a fake passport (which is unsupported by any facts) and is caught, his bond is revoked. Also he likely has a GPS tracker as a condition of bond, so if he violates his travel restrictions/curfew restrictions, his bond is revoked. Not to mention, the people involved in fake passports are not generally going to supply a guy in the middle of a high profile criminal case involving the FBI, who is out on bond with a GPS tracker. Then even if he gets a fake passport, good luck buying a plane ticket or going to an airport.

I was clearly being loose in my post, I'm sure you're more than capable of reading the jist in a manner consistent with legal orthodoxy.

Do you think passport forgers only supply to law abiding citizens who don't have lots of money and want to flee a country?

You say people held over on a bond following confession "are innocent" [here's me thinking it was 'considered innocent before the law', otherwise there would never be any sound convictions].

If you think a GPS tracker is any limitation to someone who can afford to leave the country then you've a serious lack of imagination.

OT: I liked the "gut feeling" bit where you attempted to disparage my position with an appeal to emotions whilst simultaneously presenting your own position with no more factual backing, and IMO a good deal less believability.

It was his house and cars. Doesn't seem unreasonable under the assumption he is innocent.

He confessed to the crimes (per Bloomberg's piece referenced by certmd in this thread).

He still hasn't been found guilty and thus the courts should treat him as innocent. There is no shortage of innocent people who plea guilty for any number of reasons so the court cannot just automatically accept the plea and must go through specific motions to do so (I would even argue those motions don't go far enough to protect innocent people from being coerced into a guilty plea).

Now that's what I call disrupting the payroll industry!

I'm trying to make sense of the scheme here, I understand he used the money to fake business income to make loans. But what was the end game?

I'm guessing he thought he'd make enough money off the loans by "buying businesses" that he could pay back the millions he was borrowing?

Or did he just hope to Ponzi the various loans for as long as possible? The next bigger one pays off the last one type of thing.

You used the magic word, "Ponzi:"


Not only did Ponzi bring this scheme (which is far older than him) to the public's attention, but he also "got in over his head." He wound up running the scheme far longer than he wanted or needed, for the (correctly divined) fear of it suddenly collapsing.

A similar thing happened with Bernie Madoff, if his account is given credence:


I read this article, the previous one, and this blog post that explains ACH: https://engineering.gusto.com/how-ach-works-a-developer-pers...

This is such a fun and interesting rabbit hole. And now I get how the whole thing worked from a computing perspective. I'm now just confused as to why the scam broke down the way it did. From my understanding, it seems that Pioneer was going to freeze his account (and they did). So in order to fix that issue, he temporarily diverted funds to his Pioneer account, settle debts(?), and continue trying to get money to cover the money he now owed to Cachet. But that doesn't make sense, does it? Because this fraud was going to be detected instantly (most likely) or ~3 days later. But that is nowhere near enough time to settle debts with Pioneer and get enough money to cover the Cachet debt.

It seems to me like it was an extremely long Hail Mary that was likely never ever going to be successful.

I just don't get why businesses are so afraid of outsourcing critical business functions like payroll to a random startup.

Earlier discussion about the $35M fraud from a couple weeks ago: https://news.ycombinator.com/item?id=20941039

Question after reading comments here on how check-kiting works, does the promise of Zelle combat this technique? or is it just a fancy digital wrapper around ACH and is still vulnerable to check-kiting as a concept?

Zelle uses ACH, though their faster front end process may combat kiting. Other banks are moving to RTP which will not use ACH for the actual money transfer.

You sure? There is more than one way to clear funds between banks. I remember banks using Fedwire between each other.

I'm surprised he got away with it for as long as he did.

+1 for surety bail bond. "Cash Only" bonds are a racket for bail bondsmen.

I got railed. The postal inspectors stated in court that they wanted me released the day of my arrest. The judge still gave me $50k bail. Keep in mind I was 24 years old and made $55k annually with a net worth of about... $25k and most of that being in my personal vehicle.

What they also don't tell you is how difficult it is to find a federal bail bondsmen. I called every where in the Hampton Roads area to no avail. I ended up being rescued by one from several hours away. $9,500.... never to be seen again.

Would you mind helping me understand this better?

My understanding is that bond from a bail bondsman works kind of like a loan. The bail bondsman puts up the money ($50k in this case) and if you show up to court he gets his $50k back. This works kind of like a loan between you and the bondsman, I would expect you to pay some amount on the total, something akin to extremely high risk loan interest, but $9,500 is almost a quarter. Is that a standard rate for a bond?

It's just the best, and only option I could get. You need to be federally licensed.

The bail bondsperson did not even have an office. When I did get out and had to pay her she asked me to meet her in a Harris Teeter parking lot. She pulled up in an Audi R8 spyder. It's ridiculous. There was absolutely no way I could be considered a flight risk. I only did it because my parents were on vacation and I was responsible for keeping their pet alive for 3 weeks. It came down to a dead animal or $9,500.

The fee or 'premium' for most bonds in various jurisdictions in the USA is typically between 10% to 15% of the bond value. His while his fee of $9,500 is slightly higher than most, it's not a surprise.

wow. how can I be one? seems very lucrative.

It's lucrative as long as your clients actually show up to court. If they don't, you (or someone you hire) is running around trying to drag their ass in so you get your money back from the court.

Which lets you play out your man hunt fantasy. Sounds like a win-win.

time for some data mining then. but that 10% return is probably 5% for 50% good behavior of criminals?

No. Let's use the $50k bail example. If the guy returns, you are up 19%. If he disappears you're -100%. It will take you 5 more good behaviors just to get back to zero. So you need less than 1/6 fleeing to make any profit at all.

Your numbers are off, though your point still remains. If the client jumps bond you lose $50k, but you got $9.5k from it for a net of -$40.5k or an 81% loss. It would thus take ~4 good bonds to cancel that one out.

Good catch

It's probably easier to become a bail bondsman, all effort considered, than to become a developer. Now ask yourself why everyone's not doing it. I'll start you out: your profit hinges on the behavior of alleged (or plain ol' "known") criminals.

You need a massive bank roll and licensing.

Kinda, on the first point. Many courts/states have different rules for bondsmen than they do for us, where the bondsman is only required to put up a fraction of the amount that you or I would have to put up for our own bond.

I remember seeing my mother writing a check once. It must have been in the late eighties. I'm quite confident that nobody I know of my age has ever written check. That check floating is still a thing is quite amazing to consider.

I write checks. I like writing checks and I like cash. Online payments feel impersonal and doesn't hurt as much as the physical action of writing a check and cash. I'm more frugal when I spend cash. If I write a check for a large amount it physically hurts and causes me to try to figure out a way to eliminate or reduce the cause of such a large amount.

I saw someone write a check at a supermarket just a couple of weeks ago. I think it's the first time I've seen a checkbook in the wild in 5 or 10 years.

My landlord four years ago set things up so that the cheapest and lowest-latency way to pay rent was to walk to his bank and deposit a check into his account. Kind of weird. Sometimes I have weird professional things I pay for that need checks (tax attorney, and some real estate stuff). Fortunately, my credit union will print 3 checks if I walk by and ask nicely. And they have Saturday hours.

I’ve always payed rent in cash. Landlords seem to like it more than checks.

Was surprised to see that the car dealership would accept personal cheques but I wrote one this week.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact