Hacker News new | past | comments | ask | show | jobs | submit login

The author here seems to have a pretty shallow understanding of how banking infrastructure actually works (ex. ACH vs. wire vs. direct deposit), which is the root of a lot of these complaints. The other misconception is why banks continue to operate this way, which I personally believe comes down to prioritizing risk aversion and fraud resistance over other attributes. If you've never had to deal with large amounts of fraud as a business operator, a lot of things banks do (like require in-person verifications/transactions) probably won't make much sense or will seem really antiquated.

Edit: also worth noting is that a significant portion of a large bank's customers are over middle age and still want high-touch in-person and phone interactions in a financial institution.






Why would a customer need to know anything about banking at all? Imagine if you were stopped in a supermarket because you beeped on the way out, and then they leave you to wait for hours before someone finally comes to tell you it's well-known that their door gates' sensors are just too sensitive and you can go. You'd probably sue them or at least never go there again, certainly no one would tell you that you don't understand how shoplifting is a complex problem.

If a fraud detection system is known to detect false positives (and they're designed that way on purpose, to provide a better protection to the institution), then there should be measures in place to contain the possible damage to clients, and also an easy procedure for clients to resolve these issues quickly and painlessly. That's a bare minimum. One of the main reason why people moved to Stripe from PayPal and similar services in the first place (beside an api that works) is exactly this type of problems where payment gateways would block your money in the name of some arbitrary "fraud risk" and you couldn't do anything about it. Fraud is their business problem, not mine as a customer. If I'm doing business legally why would I need to care or know anything about it?


The government requires banks to do some of these things. Not just to prevent fraud, but to prevent money laundering, funding terrorists, giving money to entities controlled by sanctioned countries and other criminal activity.

If you don't understand any of these issues, the bank's behavior will seem willfully incompetent and spiteful, and raises some of the feelings expressed in the SP. But you won't find it different at "new tech" bank.


> If you don't understand any of these issues, the bank's behavior will seem willfully incompetent and spiteful, and raises some of the feelings expressed in the SP.

Yeah it will. Unless the bank communicated with you or could tell you what's going on, which apparently they are unable to. As this article illustrates perfectly, the problem is exacerbated by how frustratingly difficult it is to find out what's happening or the fact that seemingly no employee of the bank that you can talk to has any idea of what the issue is.


They're often required by those laws not to inform you of the laws...

Please back extraordinary claims with evidence. From where I live, there is nothing in the law that says the bank must leave you hanging dry in case they detect fraud. If it’s different elsewhere, I sure would like to see concrete proof of it.

If you make a large cash transaction, the teller is not supposed to tell you they are filing a Currency Transaction Report (CTR). If you ask about the CTR threshold and then change your transaction size, the teller is then obligated to file a Suspicious Activity Report (SAR). Both CTRs and SARs are reported to Treasury.

It's not about fraud, it's about money laundering. They often look like the same thing.


The thing is: yes the law may require you as a bank to do some certain things. But that does not excuse you from providing shitty customer support.

The analogy falls short considering the OP's initial point: The sums involved make a big difference in the reaction.

Issue is not if there should be fraud screenings - of course, they're required both by law and a common sense. Question is do you treat your own system's false positives like customers' problem, or you actually do something pro-active to help them? In my experience most banks and payments services just don't care. It's up to customer to complain and push repeatedly for it to be resolved, and banks make it harder, rather than easier. To get access to your own money you have to go through tones of bureaucracy to prove you didn't do anything wrong. Exactly because of the sums in question the treatment should be different, bank is using that money while it's locked and pays you no interest on that.

Re: high-touch -- it's not an age thing.

It's a user experience thing. People sometimes go into a bank knowing exactly what they want. More often, people don't really know what they want. i.e. they know they want a savings account, but they don't know if they want a 529 or a roth ira or just a money market checking account. You can think of bank branches like stack overflow: when someone asks "how can i do X" the answer is often often "do Y instead." Most people aren't taught financial literacy, and it varies over time and by geography.

Also, most of the population isn't as comfortable with technology skills in general, which developers and professionals often overestimate.

For commercial or investment banking (where banks make most of their profit) it's a whole 'nother story, but the author was trying to deal with consumer / small business stuff seems like.


But I think this is one of the points of the article: the human system are thoroughly broken and convoluted.

I've recently switched between banks and done just what you said: I went in to a branch knowing roughly what I wanted, but unsure exactly how to setup it up.

The end results was _months_ of back and forth. The agents in person or in call centres did not know answers to fairly simply questions (can I have an overdraft on an offset account) and were unable to answer questions about applications (my credit card application continually gave me notice online saying 'proof of other funds required', no one was able to tell me what this meant our what I had to provide).

These problems are not related to the deep legacy issues of interbank transfers and settlement or fraud.

They are failings in organisational design and management, information design, customer service design. I'd guess they are a symptom of continuous churn and restructuring, of flipping from in sourcing to outsourcing and back again.

They are all problems that are within their power to resolve (yes, at great cost )


Oh, you nailed it with “symptoms of continuous churn and restructuring”.

Just yesterday I was chatting with my manager about the “legacies that never die” which dramatically multiply complexity and spread the teams even more thinly...


Using a bank's services shouldn't require knowing how banking infrastructure works.

That would be ideal. But building non-leaky abstractions over banking infrastructure is extremely difficult.

This due to the simple fact that banking infrastructure is a super complicated pot of badly combined standards created before the internet really existed, and equally complicated regulatory requirements that don’t map well onto the technical standards.


If the infrastructure is so poor that building good abstractions over it is essentially impossible, that's another nail in the coffin for the notion that it's reasonable to expect end users to understand it.

The idea of banking isn't particularly complicated. Basically, you take deposits, use those deposits to make loans, and keep some on hand for liquidity. If you're not getting enough deposits, raise rates. If you're not getting enough stable deposits, you sell products that reward long term deposits (CDs). If you have too many deposits relative to loan demand, you reduce interest rates on both deposits and loans. Rates fluctuate along with supply and demand.

This works quite well in the stock market, so why is banking so different?

My guess is that it's regulated like crazy, so maybe simplifying those regulations would be a good idea. I'm not very well informed on the particulars of those regulations, but I have looked into building something that involves financial data and it's far more complicated that it needs to be. I should be able to automate money transfers just as easily (if not more easily) as doing stock trades, yet the opposite is true. It's needlessly complicated and expensive to get anything done.


> My guess is that it's regulated like crazy, so maybe simplifying those regulations would be a good idea

Most of those regulations are in there for either a.) FDIC compliance to make sure there's enough liquidity in the case of a run (aka the "don't repeat 1929" rule) b.) anti-fraud/money laundering c.) because ACH rules are still there for a ton of legacy reasons

The stock market is volatile because it assumes that those investing understand the risk involved. Bank accounts on the other hand should, really have to, be super stable. Treating liquidity like the stock market means a bad bet by the bank managers and everyone loses their college fund.

> I should be able to automate money transfers just as easily (if not more easily) as doing stock trades, yet the opposite is true.

The reason is because of money laundering. Despite how bad it seems the US has the best anti-money-laundering (AML) rules in the world and yea, this causes friction, but it's what's necessary.


A lot of those regulations are in there to patch up the unintended side effects of other regulations.

Eg FDIC makes depositors not monitor their banks' riskiness. So they piled in other regulations.

The worst offender in the US used to be unit banking requirements, ie branch banking was all but verboten. So most banks used to be horribly fragile, tiny, single branch entities.


> makes depositors not monitor their banks' riskiness

It's impossible for depositors to do this. It's almost impossible for national banking regulators to do this, but at least they're in a position to try.

Deposit insurance is a requirement for a functioning system. You cannot ask ordinary members of the public to shoulder the risk for the system.


It is very possible. In fact, it happened.

There were very successful banking systems without deposit insurance. Less crisis prone than our current systems.

I can provide some sources, if you are actually interested.

See eg https://www.alt-m.org/2016/08/12/capital-and-cash-reserves/ but I can look for something more appropriate:

> Of course, not all banks catered to depositors whose primary interest was safety: there was a market for riskier bank deposits also. But, despite what apologists for central banking and deposit insurance claim, it was not especially difficult to tell safer banks from less safe ones. The problem in places like the U.S. before 1934 and England before 1826 was not so much one of distinguishing relatively safe banks from relatively risky ones, but one of legal restrictions that prevented well-capitalized banks from emerging in many communities. In the U.S. the restrictions consisted of laws preventing branch banking; in England they consisted of laws preventing English banks other than the Bank of England from having more than six partners. (In 1826 other public or "joint-stock" banks were permitted, but only if they did not operate in the greater London area–itself a major limitation; while in 1833 other joint-stock banks were admitted into the London area, but only provided they gave up the right to issue banknotes.) These regulations limited the capitalization of U.S. and English banks while at the same time limiting those banks' opportunities for financial diversification–a recipe for failure. In both instances the regulations were products of politicians' catering to rent-seeking behavior on the part of banking industry insiders. Yet the resulting, unusual frequency of bank failures and substantial creditor losses stemming from such failures helped to sustain the belief that fractional reserve banking could only be made safe by means of further government intervention.

> Where laws did not prevent banks from diversifying their balance sheets, especially by establishing widespread branch networks, or from securing large amounts of capital by "going public" (or, in the case of some Scottish and most Canadian banks, by making shareholders liable beyond the par value of their shares, which from creditors' point of view is equivalent to having more capital), bank failures have been relatively less common, and losses to creditors stemming from occasional failures that did occur have been relatively minor. Indeed, even such a spectacular failure as that of Scotland's Ayr Bank did not ultimately prevent the bank's creditors from being paid in full, without need for any sort of bailout.


That pre-war environment is a very different world from the financial crisis of 2008 and the Northern Rock event. Or Iceland. In the end the UK central government had to bail out local governments with uninsured deposits in the Icelandic banks: https://www.independent.co.uk/news/business/news/uk-councils...

They didn't have to. Especially if they set a few precedences of NOT bailing out.

If you want government guarantee, you can already invest in government debt.


Knowing helps calibrate your expectations so they’re realistic. Stripe can perform magic because they’re a very small piece of the entire puzzle, the banking sector can’t because of the very same decrepit financial infra foundations.

Disclaimer: I work in financial services. If you want the plumbing fixed, lean on the Fed and the banking industry as a whole through Congress. You’re delusional if you think you can fix this with a startup (see: BankSimple and Standard Treasury). The industry inertia is overwhelming.


> If you want the plumbing fixed, lean on the Fed and the banking industry as a whole through Congress.

Easier and faster to just give up preemptively.


Yeah! But the work worth doing is never easy, nor fast to get done. Not the best attitude to have Barry!

How do unrealistic expectations take root, could it be the gap between reality and advertising? That said, they weren't saying that the knowledge can't help.

Difference between only experiencing the 99% happy path, and experiencing the 1% extremely unhappy path.

There’s a few types of checks you can send as payment to whoever. I kept asking why we needed a few different types and they all act in different ways. Some are “like cash”, some will “attempt to withdraw” the amount.

I had to ask the bank. I don’t see how else I was supposed to go about my payment when I was asked to send a check.


Well, the issue is with "when I was asked to send a check".

In some (if not all) European countries we don't have checks any more. Someone just gives you a bank account number, you wire a transfer, and it's at the recipient within a second to a day at most. The transfers cost between €0 to €0.5, regardless of the amount.

I was on a date a few days ago, a girl really wanted to pay for herself, but didn't have the cash, so she asked me for the bank account. I gave it to her via messenger, she wired me €30, it landed on my account instantly, to which I said that this is too much, and wired her €15 back. Yes, seriously :)


Yah bank transfers are a mess here, several dollars and minutes of work to do.

On the other hand, things like venmo and the cash app are ubiquitous. I just went to lunch with a friend, forgot cash, asked him his phone number and shot a venmo for half in 10 seconds.

So luckily we have some services that are filling the shortcoming of our banking industry..


A rent-seeking third party probably selling your financial transaction data is not what I’d call lucky.

It beats the alternative. It’s no secret I sent someone $10 for lunch. I posted it to hacker news.

I'm always amazed that US banks are so behind the curve with this.

It's clearly possible to create a bank transfer facility that works quickly for zero cost. How come they don't?

Checks have always been a major source of fraud. The rest of the world stopped using them and feels no need to go back. How come the US still uses them?


We all want to, but there's an inertia problem.

From some quick research there is approximately 6,799 banks in the US and 5,757 credit unions. That's over 12,500 entities that need to communicate with each other. It takes a massive political will (not to mention money) to update the legacy federal systems that tie it all together.

Here's some more information: https://www.npr.org/sections/money/2018/01/10/576879734/epis...

The UK has "over 300 banks" by comparison.


It's not that hard, and the absolute number is not that important, just that a majority decide to use it, forcing the rest.

I'm guessing USicans just don't realize the world has moved on. Large countries tend to be isolating and the US is no exception.


I didn't say it was "hard," it's an inertia and funding problem.

We know how better it is in other parts of the world, we aren't dumb.


Most Americans don’t know anything about banking in other countries.

Its to do with the early history of the USA and its federal structure.

Some of the early presidents where totally against having any central bank at all


Satoshi Nakamoto must have missed that when "disrupting" banking with P2P electronic currency.

Yes, they did, which is one of the reasons BitCoin is approximately 0.00% percent of the world financial markets.

Well that is one way to minimize the reality of Bitcoin. On the otherhand the Bitcoin market cap is 50%> than Tesla for example. That may not seem like much, until you realize Bitcoin has a bigger market cap than any US car manufacturer.

Farmland in southern Asia is worth a lot more than that, and just as easy to use for everyday transactions as Bitcoin is.

I have never heard this analogy, and it so clearly refutes what drives me crazy about these Bitcoin :: Tesla|whatever comparisons.

It does not matter whether it seems like much or not, because approximately none of that market cap is coming from using BitCoin for payments, it comes almost entirely from using BitCoin as a speculative asset.

All attempts to use it for non-crime-related payments have failed so far, because of its slow speed and huge transaction costs.

And in a spectacular turn of events, it may be a worse polluter than any single American car company as well. I bet Satoshi Nakamoto didn't plan for this one, eh?


And I must say that the Silicon Valley way of dealing with fraud isn’t much more fun from a user experience point of views (solving captchas all day long, waiting for 2fa that may or may not come, accounts suspended without explanations, etc).

Also the author thinks that buying a bank will solve things. This is also naive. Either you are not a regulated owner and you are severely limited in what influence you can have on the bank, or you become a banking group and banking regulations apply to you too.

The solution is competition, but regulations have made it so expensive for a new player that there isn’t really any. That’s the cost of you not having to worry about whether the money on your bank account will still be there tomorrow. Then in absence of competition, it is pretty horrifying how laziness and incompetence can cripple a large organisation to a quasi standstill.


As a consumer who doesn't work in the banking industry, there seems to be tons of competition between banks. Almost every week I get a come-on from this or that bank asking me to move my savings or open a new checking account in return for a cash bonus, or some juicy (temporary) promotional interest rate.

To my mind, it seems like banks are competing for consumers, they're just not competing using the kinds of gimmicks that techies want: mobile apps, powerful APIs, faster money transfers.

Honestly, I'll take $300 cold hard cash over a flashy iOS app any day.


It's not really that expensive to get your foot on the door. There has been a lot of these fintech banks (basically a card and an app). Here is the problem: They don't offer many of the products that banks offer (the most important being credit). Also, from experience, they have a shittier customer service. The guy complains about branches, yet I have found branches much better than having no person to contact what-so-ever.

Most fintech startups that look like banks aren't. They use banking services from other banks, and deal with the bank's bullshit for you.

Credit isn’t really what makes a bank. In fact many non banks provide credit (amex isn’t a bank I think). Taking deposits is the key thing. And I understand most fintech use an actual 3rd part bank if they take deposits. And without taking deposits, it is hard to provide cheap long term credit.

But they are! They even have high interest savings account that are FDIC insured. See https://www.americanexpress.com/personalsavings/home.html

Granted, bad example. But my point is that you don't need a banking license to make a loan, except in certain jurisdictions for certain loans (mortgages).

Pretty sure credit offer spam through SMS and calls is the most useless bank feature ever conceived.

Mostly agreed!

> That’s the cost of you not having to worry about whether the money on your bank account will still be there tomorrow.

That's too high a cost. The eg Scottish banking system of the industrial revolution and the Canadian banking systems of the 19th century had this piece of mind in practice _and_ plenty of competition.

See eg https://www.alt-m.org/2015/07/29/there-was-no-place-like-can...


>That’s the cost of you not having to worry about whether the money on your bank account will still be there tomorrow.

Of course they can still be absent tomorrow.


> The author here seems to have a pretty shallow understanding of how banking infrastructure actually works (ex. ACH vs. wire vs. direct deposit), which is the root of a lot of these complaints.

This is approximately the level of understanding that most people have. I think this helps highlight the point that the banking system is just horrible to have to deal with -- you shouldn't have to know the intricacies and oddities of the banking system in order to do this sort of stuff.

> and still want high-touch in-person and phone interactions in a financial institution.

This is me. For mundane things, I prefer an automated system. But if anything at all goes wrong, or if I'm doing something unusual, I want a human to hold my hand.


To try an approach without assigning blame:

Banks and financial institutions are set up to detect fraud in ways which will tend to spot 'unusual' behavior and anomalous patterns.

The combination of someone who is technically competent to the point that they use seemingly different behaviors to the typical user population and are taking actions which have traditionally been seen as high risk (wire transfers, transactions from new accounts, ...) is going to lead to automated flags being raised.

A wise implementation will avoid feedback loops, introduce human review which assumes the best unless clear evidence of fraud is present, and will provide mechanisms for individuals to clear/restore their status.

The latter resolution workflow, unfortunately, introduces further risks, especially if implemented halfheartedly. Training individuals that it's OK / expected to provide additional personal details to use a service ends up leading phishers to attempt the same techniques, and simultaneously creates a high-value target database of personal data should any of that information be stored long-term.

I don't know clear answers here - and yes, perhaps the author could have taken a more gradual or slower approach in order to avoid some problems, and maybe they are angry based on things about the financial system that they don't understand.

But there is an ongoing and serious problem here with the way that we provide access to systems and services and then attempt to remediate concerns via automated means.

Source: am European and have lived in the U.S., thus have experienced being 'unusual' to many U.S. financial services, have experienced not understanding systems in a country new to me, and have also worked in fraud and care about computer security and overall freedom and safety.


In the one time I've had to transfer more than $100K personally, the operation of wire transfer merely seemed klunky and not the least bit risk averse. I walked into my bank and talked about transferring the money to a relative's bank account in another state. The answer was "sure, we can do that but if you get even the smallest bit of information wrong, the money will go elsewhere and we'll wash our hands of the results". I finally just carried a check physically.

Why were you trying to use a wire transfer for that? Maybe the bank incorrectly steered you towards that? If you consider a check an option for a transaction, a wire transfer doesn’t make sense.

What are write transfers used for if they aren't for transferring large amounts of money long distances?

In addition to speed, wire transfers are not reversible. Which is a feature, but you described it as a bug. People associate wire transfers with large amounts of money because typically the largest transaction they deal with is buying a house. And in buying a house, a wire transfer is used because no one wants an ACH reversal coming through clawing back the funds after selling their house.

Having run a business, 6 figure amounts are routinely moved via ACH. Some banks make it hard for consumers to send money to a random person’s account via ACH, but within the US, it is always possible and is literally how most companies pay their employees.


In addition to speed, wire transfers are not reversible. Which is a feature, but you described it as a bug.

It was a bug in my use case but now I understand.


Transferring large amounts of money quickly. The fees can be very high, and you may very well consider an alternative as a result.

$40 on $10000 is 0.4% and it goes down from there. My national chain bank charges $25 and the typically destination fee is $15. Put the risk on the banks and get money within 2 hours? Ok

> Put the risk on the banks and get money within 2 hours?

How does a wire transfer “put the risk on the banks”?


When you perform an ACH, you are actually sending money to the central bank, waiting for the funds to clear the overnight process, then the funds are sent to the destination bank. This process takes 2-3 days but ensures the sending bank has enough liquidity to cover these debt transfers. If the sending bank fails, you are SOL until the central bank steps in with FDIC/SIPC (usually immediate, but we saw 2008)

With a wire transfer, the sending bank earmarks funds and moves it to a special account. Once the central bank confirms, the destination bank takes money out of their account (this is where the delay occurs, as sometimes the bank must setup a repo with the central bank) and sends it to the recipient. If the sending bank where to fail, the recipient still has their money. Now its up to the sending, central, and destination banks to duke it out for the money.

I am referring to US wires in this case


Transferring small amounts of money within the country/ies, where it's maximum-couple-of-days fast and free?

I think Americans call that an ACH transfer, the type that's used day-to-day to pay salaries and bills.

A "wire transfer" is the thing you pay $40 for, and is immediate and irreversible. Individuals probably only ever use it when buying a house. (Within the UK, this is called a CHAPS payment.)


Yeah, this blog post comes across as startup-y hero worship, like

> I think the root cultural cause is an aversion to self-serve flows.

which is plainly false given the biggest push in the past decade of banking has been self service flows that allow them to cut costs and downsize branches.

Stripe is built on a traditional bank partner. The workflows Stripe optimizes are not “make it easy to empty my new bank account with minimal authentication” workflows.


So why do they all insist on SMS-only for 2FA?

Because they optimise for 'easiest for most people, with an acceptable risk profile'. Note acceptable not lowest.

It doesn't detract from your argument, but there appear to be nine US banks listed at https://twofactorauth.org/#banking which offer hardware- or software-based 2FA.

> also worth noting is that a significant portion of a large bank's customers are over middle age and still want high-touch in-person and phone interactions in a financial institution.

I'm a millennial. For some banks I vastly prefer phone interactions just because their customer service is so fast and awesome; little to no hold time needed. Calling Discover Bank or Schwab has always been this pleasant. I've even become so lazy that I'd just call them to ask for a workaround for their UI bug. The same cannot be said for most other banks, like Bank of America. If I discover a bug on their UI, I'd rather get into the software engineer's problem-solving mode and figure out a workaround by myself, assuming Googling the issue doesn't work.


Not to burst your bubble, but this is not how it works for banks outside of the US. But since we are on the subject, we should probably address the complexity of universal healthcare first

Do you think the age issue and familiarity with tech will change in the future though? Even technology should reduce fraud cases and risk, surely it is nothing like the days of CATCH ME WHEN YOU CAN.

I have only needed to visit a bank in person once in the last 5 years or more, and that was to deposit some old US $100 bills which modern ATMs did not recognize and the local credit union did not want to take the bills ( I am not a member of local CU but it has an ATM I can use for deposits with my out of state CU).

Which reminds me, to fix that issue I signed up for a Chase account online, drove down to the bank 5 minutes later and deposited the $700 pre-1980s cash to a teller, who verified the bills were real without any griping - they have the right machines and tech to be confident about those things, unlike the local credit union. So, I guess, on a surprising note I had a good story about Chase to share.

They also gave me a few hundred dollars bonus to open a checking account, which was cool.


If they care so much about fraud, why do they use things like phone numbers and social security numbers for verification?

What else should they use that average people would understand?

Well, they already run the world's largest infrastructure for hardware tokens with crypto processors in them.

Cards are already used when they're available for transactions and interactions (atms, branch visits).

Also having a card doesn't mean it's your card, that's what the personal verification is for.


"risk aversion and fraud resistance over other attributes"

It runs much deeper.

Most of these functions are 'middle/back office' for the bank, they were never seen as important. The 'Ops' part was always just operational labour, things done by 'workers' etc.. It's not 'banking' to the banks.

Software at banks often parallels archaic processes, established for some very good reason long ago, but continue to exist only due to incumbency or possibly due to regulatory requirements.

And because it's finance, the security and stability requirements are much higher, giving new meaning to 'break fast and new things'.

When you add in the fact banks are incredibly incumbent and resistant to change, you get a Kafka-esque web of bureaucracy, inefficiency, arbitrary complexity etc..

I don't see any consumer oriented, 'Stripe-like' modern bank taking over either.


Yes this looks like a classic case of payment schemes not working anything like how people think they work (or even working in a sane way).

With regards to the credit card payment, my guess would be that it went over a dual message system. Which means one message reserves the money, and a second one moves it.

This is important because the first message will generally cause the payment to appear on your statement, and reduce your “available balance”. But doesn’t impact your actual balance. The money’s still yours so you earn interest on it, but you can’t touch it.

When the second message turns up the money moves and the transaction completes (sometimes called “posting” or “clearing” or “presenting”).

However if the second message never turns up (or a reversal is sent instead) then the money doesn’t move, it’s just un-reserved.

How banks represent this un-reversal is usually very confusing. Either the transaction simply disappears or a back dated transaction appears. This is because from the banks perspective the transaction never happened (it didn’t present, so no money moved and thus no transaction).

ACH is also a very strange payment scheme. I believe that debit ACH messages simply pull money from a bank account. The bank can’t stop this money movement (they always to have pay the bill or get disconnected from the ACH network). However in the case of fraud, your bank can send a message and claw the money back within a certain time span.

All of this sounds ridiculous and is a result of history. But replacing it would require hundreds or thousands of banks to agree a new standard, and there’s a good XKCD about new standards.


This is really a user interface problem. Payment systems have distributed state machines, but the state isn't exposed to the customer and the parties may not be in sync. Banking is a "consistent eventually" system, with delays in days.

The customer should be able to query "what happened with this transaction" from their account and get back a graphic of what's going on. That information is useful to fraudsters, though; some states are more vulnerable than others.


Banking is a "consistent eventually" system, with delays in days.

But why does it work within the same day (or partially virtually instantenous) with SEPA payments 1) between banks in different European countries?

Why isn't there such a thing as IBAN 2) outside of Europe, which really helps to make bank transfers seamless and unambiguous?

It sometimes seems that regulation and standardization is not such a bad thing.

  1) https://en.wikipedia.org/wiki/Single_Euro_Payments_Area
  2) https://en.wikipedia.org/wiki/International_Bank_Account_Number

> With regards to the credit card payment, my guess would be that it went over a dual message system. Which means one message reserves the money, and a second one moves it.

Yes, it’s called an authorization hold or approval hold. The customer’s bank returns back with an authorization code or approval code reserving a certain amount of money. Then the merchant goes back with it to retrieve the amount actually wanted.

This is for situations like filling fuel, or hotel stays, or car rental where the final cost is not known at the beginning of the transaction, so an estimated amount is placed on hold, and then whatever is used is actually taken.


It's also used routinely for regular e-commerce. A hold is put when you place an order, but the charge isn't completed until they ship out the item.

> But replacing it would require hundreds or thousands of banks to agree a new standard

The Brazilian banks got their hand forced into changing their system recently, but this one feature stayed exactly the same way.

Hell, if you take enough details out, it is exactly the same as a two passes commit we use in distributed databases, where there is a single team (often a single person) defining the behavior.

Don't expect that one complexity to go away any time soon.


It’s frustrating because the two pass commit only really exists as a result of slow and expensive communication channels in the past.

Many payment schemes were built with idea that messages would be sent via post (on big tape reels) or expensive internet connections that can’t be run 24/7.

However none of these constraints really exist anymore. Which means that you can move money using a single message and synchronous communications, with a little protection to deal with the two generals problem.


how many messages a second can be handled synchronously? what happens if the message arrives twice? what happens if the data centre is blown up/goes up in flames? how did the other data centre guarantee to be in a consistent state? how did the backup system automatically take over?

These systems have to be up and running all the time and there can't be an option for mistakes!


When I say message I’m think of the equivalent of a TCP packet. So you have a bunch of error checking and ACKs flying about. But only one message to actually move money.

Single message systems already exist, most US card transactions move over a single message system.

> there can’t be an option for mistakes!

This is where you’re wrong. Mistakes happen all the time when moving money, a big part of any banks operations is cleaning up those mistakes.


and yet the rest of the world manages to do this instantly

What happens when the com lines are down during a storm? Will this single message still work?

For ACH: you are correct, banks always accept them. But after they are told the ACH happens and determine the target account has some issue (closed / invalid / insufficient funds), then the bank will send an ACH reversal. This reversal behaves almost exactly like the original ACH (the bank that they are issuing the reversal against cannot do anything to stop it until after it has posted).

Banks are subject to banking laws and various oversight authority/agency policies.

Around here the banking authority started development on new ACH features (4 hour transfer, and they are developing "instant" transfer, and hopefully 24/7 transfer too), and the banks have to get on board in 1-2 years. (There's a deadline. Sometimes it gets extended because too many banks fuck up, but they get fined. It works up, progress happens.)

So, it's very, very, very far from impossible. If there's political will, it can happen in about 1-2 years.


It's just another example of the universal Chesterton’s Wild Boar fence rule

https://news.ycombinator.com/item?id=20616290


I don't buy those arguments because somehow most of the developed world has moved on from the legacy systems still in place in the USA (eg: Europe).

Europe developed its own systems that are almost completely different to the US. (Even Mastercard and VISA networks were different, and there’s effectively two versions of each network running in the world at the moment).

They’re still old and have plenty of issues, just different to the US.


Having used both systems, the EU's is nowhere near as problematic as the USA's.

Not even close. In the states things just feel and work as if you've jumped 15 years back in time.

And I'm not even going into identity theft territory which is orders of magnitude less common in Europe.

I know americans don't like hearing this and always downvote me into oblivion, but it's the truth.

This time won't be any different, but maybe someone will be exposed to an alternate reality and reevaluate their biases.


I don’t get the downvotes either. The US banking system objectively sucks. There is no excuse for system-wide ultra-low cost instant inter-bank transfers.

Why the hell are we writing checks in 2020?

The only thing that keeps it from happening is lack of political will.

And seriously, why the downvotes? Who is here actually defending the US banking system? Speak up!


I didn't downvote anyone but I was really tempted by the preemptive whining about inevitable downvotes. That's really bad commenting practice.

It was not preemptive. It was an edit after it was already at -5 in 10 minutes.

Plus after a while it just gets annoying to be punished for just stating reality.


I'm in the US and I've never written an actual check in my life (did write some fake ones in consumer economics class in high school though). For transferring money between friends, just use venmo or zelle.

What awesome features am I missing out on?


You are missing out on:

The ability to limit the frequency and amounts of direct payments. Pay for cable with direct deposit? Why allow the company to debit more than a hundred a month?

You miss Banks giving you virtual on demand credit card numbers for free, not as a service you have to pay with another company.

You miss by having anything years later than everywhere else, like nfc payments and contactless card payments. I had people think I was insane 2 years ago for paying with a contactless card. Many would think I was defrauding them in some way. This was in large cosmopolitan cities. Not the sticks.

You miss free transfers without the ridiculous low amount limits Zelle has and no restrictions on whether the recipient is a business or not.

You miss the ability to have all direct debits initiated by you on your home banking. Meaning someone having your account number is never a real issue.

And the list goes on.


Just to say that it's usually a lot worse. Meaning I get a lot more downvotes.

Maybe awareness is improving...


Nothing wrong with having checks as an option...

Cheques were phased out in Netherlands in 2001. Even at that time it was hardly used. Cheques had a very high risk of fraud, plus expensive to process.

I don't get why you'd use something like that. Due to new EU regulation I can transfer money to other Dutch banks within 5-10 seconds. It should be EU-wide, but it seems the Dutch banks would some loophole to delay that. Anyway, what is the point of a cheque? Just pay immediately, this ensures your balance is way more accurate.


But you don't know the best thing.

In the USA checks have your account number. A number you are supposed to keep secret to prevent ACH fraud.

The first thing Banks ask you if you try to address any fraudulent transaction is whether you've shared that number with anyone.

The number that is in every check!

It's insanity.


Because the person you make a cheque to might not have his banking information on him ? And it often goes with "please only deposit this cheque only after day X so I don't end up in the red".

As I’m not from the US, could you explain the differences or provide a resource?

>>>also worth noting is that a significant portion of a large bank's customers are over middle age

That maybe true today, 30 years from now those boomers will be dead.

>>The other misconception is why banks continue to operate this way, which I personally believe comes down to prioritizing risk aversion and fraud resistance over other attributes

There are many ways to solve for both, other nations have done it successfully

ACH for example is a shit show and should have been replaced decades ago, its biggest "security" features is that fact that it is slow to complete a transaction to allow humans to catch an error or fraud....

US banking is not about risk aversion or fraud control, it is about risk shifting and CYA. They do not care about preventing fraud, they care about making sure they do not have a pay for fraud by shifting liability to either consumers, businesses, or another bank




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: