Edit: also worth noting is that a significant portion of a large bank's customers are over middle age and still want high-touch in-person and phone interactions in a financial institution.
If a fraud detection system is known to detect false positives (and they're designed that way on purpose, to provide a better protection to the institution), then there should be measures in place to contain the possible damage to clients, and also an easy procedure for clients to resolve these issues quickly and painlessly. That's a bare minimum. One of the main reason why people moved to Stripe from PayPal and similar services in the first place (beside an api that works) is exactly this type of problems where payment gateways would block your money in the name of some arbitrary "fraud risk" and you couldn't do anything about it. Fraud is their business problem, not mine as a customer. If I'm doing business legally why would I need to care or know anything about it?
If you don't understand any of these issues, the bank's behavior will seem willfully incompetent and spiteful, and raises some of the feelings expressed in the SP. But you won't find it different at "new tech" bank.
Yeah it will. Unless the bank communicated with you or could tell you what's going on, which apparently they are unable to. As this article illustrates perfectly, the problem is exacerbated by how frustratingly difficult it is to find out what's happening or the fact that seemingly no employee of the bank that you can talk to has any idea of what the issue is.
It's not about fraud, it's about money laundering. They often look like the same thing.
It's a user experience thing. People sometimes go into a bank knowing exactly what they want. More often, people don't really know what they want. i.e. they know they want a savings account, but they don't know if they want a 529 or a roth ira or just a money market checking account. You can think of bank branches like stack overflow: when someone asks "how can i do X" the answer is often often "do Y instead." Most people aren't taught financial literacy, and it varies over time and by geography.
Also, most of the population isn't as comfortable with technology skills in general, which developers and professionals often overestimate.
For commercial or investment banking (where banks make most of their profit) it's a whole 'nother story, but the author was trying to deal with consumer / small business stuff seems like.
I've recently switched between banks and done just what you said: I went in to a branch knowing roughly what I wanted, but unsure exactly how to setup it up.
The end results was _months_ of back and forth. The agents in person or in call centres did not know answers to fairly simply questions (can I have an overdraft on an offset account) and were unable to answer questions about applications (my credit card application continually gave me notice online saying 'proof of other funds required', no one was able to tell me what this meant our what I had to provide).
These problems are not related to the deep legacy issues of interbank transfers and settlement or fraud.
They are failings in organisational design and management, information design, customer service design. I'd guess they are a symptom of continuous churn and restructuring, of flipping from in sourcing to outsourcing and back again.
They are all problems that are within their power to resolve (yes, at great cost )
Just yesterday I was chatting with my manager about the “legacies that never die” which dramatically multiply complexity and spread the teams even more thinly...
This due to the simple fact that banking infrastructure is a super complicated pot of badly combined standards created before the internet really existed, and equally complicated regulatory requirements that don’t map well onto the technical standards.
This works quite well in the stock market, so why is banking so different?
My guess is that it's regulated like crazy, so maybe simplifying those regulations would be a good idea. I'm not very well informed on the particulars of those regulations, but I have looked into building something that involves financial data and it's far more complicated that it needs to be. I should be able to automate money transfers just as easily (if not more easily) as doing stock trades, yet the opposite is true. It's needlessly complicated and expensive to get anything done.
Most of those regulations are in there for either a.) FDIC compliance to make sure there's enough liquidity in the case of a run (aka the "don't repeat 1929" rule) b.) anti-fraud/money laundering c.) because ACH rules are still there for a ton of legacy reasons
The stock market is volatile because it assumes that those investing understand the risk involved. Bank accounts on the other hand should, really have to, be super stable. Treating liquidity like the stock market means a bad bet by the bank managers and everyone loses their college fund.
> I should be able to automate money transfers just as easily (if not more easily) as doing stock trades, yet the opposite is true.
The reason is because of money laundering. Despite how bad it seems the US has the best anti-money-laundering (AML) rules in the world and yea, this causes friction, but it's what's necessary.
Eg FDIC makes depositors not monitor their banks' riskiness. So they piled in other regulations.
The worst offender in the US used to be unit banking requirements, ie branch banking was all but verboten. So most banks used to be horribly fragile, tiny, single branch entities.
It's impossible for depositors to do this. It's almost impossible for national banking regulators to do this, but at least they're in a position to try.
Deposit insurance is a requirement for a functioning system. You cannot ask ordinary members of the public to shoulder the risk for the system.
There were very successful banking systems without deposit insurance. Less crisis prone than our current systems.
I can provide some sources, if you are actually interested.
See eg https://www.alt-m.org/2016/08/12/capital-and-cash-reserves/ but I can look for something more appropriate:
> Of course, not all banks catered to depositors whose primary interest was safety: there was a market for riskier bank deposits also. But, despite what apologists for central banking and deposit insurance claim, it was not especially difficult to tell safer banks from less safe ones. The problem in places like the U.S. before 1934 and England before 1826 was not so much one of distinguishing relatively safe banks from relatively risky ones, but one of legal restrictions that prevented well-capitalized banks from emerging in many communities. In the U.S. the restrictions consisted of laws preventing branch banking; in England they consisted of laws preventing English banks other than the Bank of England from having more than six partners. (In 1826 other public or "joint-stock" banks were permitted, but only if they did not operate in the greater London area–itself a major limitation; while in 1833 other joint-stock banks were admitted into the London area, but only provided they gave up the right to issue banknotes.) These regulations limited the capitalization of U.S. and English banks while at the same time limiting those banks' opportunities for financial diversification–a recipe for failure. In both instances the regulations were products of politicians' catering to rent-seeking behavior on the part of banking industry insiders. Yet the resulting, unusual frequency of bank failures and substantial creditor losses stemming from such failures helped to sustain the belief that fractional reserve banking could only be made safe by means of further government intervention.
> Where laws did not prevent banks from diversifying their balance sheets, especially by establishing widespread branch networks, or from securing large amounts of capital by "going public" (or, in the case of some Scottish and most Canadian banks, by making shareholders liable beyond the par value of their shares, which from creditors' point of view is equivalent to having more capital), bank failures have been relatively less common, and losses to creditors stemming from occasional failures that did occur have been relatively minor. Indeed, even such a spectacular failure as that of Scotland's Ayr Bank did not ultimately prevent the bank's creditors from being paid in full, without need for any sort of bailout.
If you want government guarantee, you can already invest in government debt.
Disclaimer: I work in financial services. If you want the plumbing fixed, lean on the Fed and the banking industry as a whole through Congress. You’re delusional if you think you can fix this with a startup (see: BankSimple and Standard Treasury). The industry inertia is overwhelming.
Easier and faster to just give up preemptively.
I had to ask the bank. I don’t see how else I was supposed to go about my payment when I was asked to send a check.
In some (if not all) European countries we don't have checks any more. Someone just gives you a bank account number, you wire a transfer, and it's at the recipient within a second to a day at most. The transfers cost between €0 to €0.5, regardless of the amount.
I was on a date a few days ago, a girl really wanted to pay for herself, but didn't have the cash, so she asked me for the bank account. I gave it to her via messenger, she wired me €30, it landed on my account instantly, to which I said that this is too much, and wired her €15 back. Yes, seriously :)
On the other hand, things like venmo and the cash app are ubiquitous. I just went to lunch with a friend, forgot cash, asked him his phone number and shot a venmo for half in 10 seconds.
So luckily we have some services that are filling the shortcoming of our banking industry..
It's clearly possible to create a bank transfer facility that works quickly for zero cost. How come they don't?
Checks have always been a major source of fraud. The rest of the world stopped using them and feels no need to go back. How come the US still uses them?
From some quick research there is approximately 6,799 banks in the US and 5,757 credit unions. That's over 12,500 entities that need to communicate with each other. It takes a massive political will (not to mention money) to update the legacy federal systems that tie it all together.
Here's some more information:
The UK has "over 300 banks" by comparison.
I'm guessing USicans just don't realize the world has moved on. Large countries tend to be isolating and the US is no exception.
We know how better it is in other parts of the world, we aren't dumb.
Some of the early presidents where totally against having any central bank at all
All attempts to use it for non-crime-related payments have failed so far, because of its slow speed and huge transaction costs.
And in a spectacular turn of events, it may be a worse polluter than any single American car company as well. I bet Satoshi Nakamoto didn't plan for this one, eh?
Also the author thinks that buying a bank will solve things. This is also naive. Either you are not a regulated owner and you are severely limited in what influence you can have on the bank, or you become a banking group and banking regulations apply to you too.
The solution is competition, but regulations have made it so expensive for a new player that there isn’t really any. That’s the cost of you not having to worry about whether the money on your bank account will still be there tomorrow. Then in absence of competition, it is pretty horrifying how laziness and incompetence can cripple a large organisation to a quasi standstill.
To my mind, it seems like banks are competing for consumers, they're just not competing using the kinds of gimmicks that techies want: mobile apps, powerful APIs, faster money transfers.
Honestly, I'll take $300 cold hard cash over a flashy iOS app any day.
> That’s the cost of you not having to worry about whether the money on your bank account will still be there tomorrow.
That's too high a cost. The eg Scottish banking system of the industrial revolution and the Canadian banking systems of the 19th century had this piece of mind in practice _and_ plenty of competition.
See eg https://www.alt-m.org/2015/07/29/there-was-no-place-like-can...
Of course they can still be absent tomorrow.
This is approximately the level of understanding that most people have. I think this helps highlight the point that the banking system is just horrible to have to deal with -- you shouldn't have to know the intricacies and oddities of the banking system in order to do this sort of stuff.
> and still want high-touch in-person and phone interactions in a financial institution.
This is me. For mundane things, I prefer an automated system. But if anything at all goes wrong, or if I'm doing something unusual, I want a human to hold my hand.
Banks and financial institutions are set up to detect fraud in ways which will tend to spot 'unusual' behavior and anomalous patterns.
The combination of someone who is technically competent to the point that they use seemingly different behaviors to the typical user population and are taking actions which have traditionally been seen as high risk (wire transfers, transactions from new accounts, ...) is going to lead to automated flags being raised.
A wise implementation will avoid feedback loops, introduce human review which assumes the best unless clear evidence of fraud is present, and will provide mechanisms for individuals to clear/restore their status.
The latter resolution workflow, unfortunately, introduces further risks, especially if implemented halfheartedly. Training individuals that it's OK / expected to provide additional personal details to use a service ends up leading phishers to attempt the same techniques, and simultaneously creates a high-value target database of personal data should any of that information be stored long-term.
I don't know clear answers here - and yes, perhaps the author could have taken a more gradual or slower approach in order to avoid some problems, and maybe they are angry based on things about the financial system that they don't understand.
But there is an ongoing and serious problem here with the way that we provide access to systems and services and then attempt to remediate concerns via automated means.
Source: am European and have lived in the U.S., thus have experienced being 'unusual' to many U.S. financial services, have experienced not understanding systems in a country new to me, and have also worked in fraud and care about computer security and overall freedom and safety.
Having run a business, 6 figure amounts are routinely moved via ACH. Some banks make it hard for consumers to send money to a random person’s account via ACH, but within the US, it is always possible and is literally how most companies pay their employees.
It was a bug in my use case but now I understand.
How does a wire transfer “put the risk on the banks”?
With a wire transfer, the sending bank earmarks funds and moves it to a special account. Once the central bank confirms, the destination bank takes money out of their account (this is where the delay occurs, as sometimes the bank must setup a repo with the central bank) and sends it to the recipient. If the sending bank where to fail, the recipient still has their money. Now its up to the sending, central, and destination banks to duke it out for the money.
I am referring to US wires in this case
A "wire transfer" is the thing you pay $40 for, and is immediate and irreversible. Individuals probably only ever use it when buying a house. (Within the UK, this is called a CHAPS payment.)
> I think the root cultural cause is an aversion to self-serve flows.
which is plainly false given the biggest push in the past decade of banking has been self service flows that allow them to cut costs and downsize branches.
Stripe is built on a traditional bank partner. The workflows Stripe optimizes are not “make it easy to empty my new bank account with minimal authentication” workflows.
I'm a millennial. For some banks I vastly prefer phone interactions just because their customer service is so fast and awesome; little to no hold time needed. Calling Discover Bank or Schwab has always been this pleasant. I've even become so lazy that I'd just call them to ask for a workaround for their UI bug. The same cannot be said for most other banks, like Bank of America. If I discover a bug on their UI, I'd rather get into the software engineer's problem-solving mode and figure out a workaround by myself, assuming Googling the issue doesn't work.
I have only needed to visit a bank in person once in the last 5 years or more, and that was to deposit some old US $100 bills which modern ATMs did not recognize and the local credit union did not want to take the bills ( I am not a member of local CU but it has an ATM I can use for deposits with my out of state CU).
Which reminds me, to fix that issue I signed up for a Chase account online, drove down to the bank 5 minutes later and deposited the $700 pre-1980s cash to a teller, who verified the bills were real without any griping - they have the right machines and tech to be confident about those things, unlike the local credit union. So, I guess, on a surprising note I had a good story about Chase to share.
They also gave me a few hundred dollars bonus to open a checking account, which was cool.
Also having a card doesn't mean it's your card, that's what the personal verification is for.
It runs much deeper.
Most of these functions are 'middle/back office' for the bank, they were never seen as important. The 'Ops' part was always just operational labour, things done by 'workers' etc.. It's not 'banking' to the banks.
Software at banks often parallels archaic processes, established for some very good reason long ago, but continue to exist only due to incumbency or possibly due to regulatory requirements.
And because it's finance, the security and stability requirements are much higher, giving new meaning to 'break fast and new things'.
When you add in the fact banks are incredibly incumbent and resistant to change, you get a Kafka-esque web of bureaucracy, inefficiency, arbitrary complexity etc..
I don't see any consumer oriented, 'Stripe-like' modern bank taking over either.
With regards to the credit card payment, my guess would be that it went over a dual message system. Which means one message reserves the money, and a second one moves it.
This is important because the first message will generally cause the payment to appear on your statement, and reduce your “available balance”. But doesn’t impact your actual balance. The money’s still yours so you earn interest on it, but you can’t touch it.
When the second message turns up the money moves and the transaction completes (sometimes called “posting” or “clearing” or “presenting”).
However if the second message never turns up (or a reversal is sent instead) then the money doesn’t move, it’s just un-reserved.
How banks represent this un-reversal is usually very confusing. Either the transaction simply disappears or a back dated transaction appears. This is because from the banks perspective the transaction never happened (it didn’t present, so no money moved and thus no transaction).
ACH is also a very strange payment scheme. I believe that debit ACH messages simply pull money from a bank account. The bank can’t stop this money movement (they always to have pay the bill or get disconnected from the ACH network). However in the case of fraud, your bank can send a message and claw the money back within a certain time span.
All of this sounds ridiculous and is a result of history. But replacing it would require hundreds or thousands of banks to agree a new standard, and there’s a good XKCD about new standards.
The customer should be able to query "what happened with this transaction" from their account and get back a graphic of what's going on. That information is useful to fraudsters, though; some states are more vulnerable than others.
But why does it work within the same day (or partially virtually instantenous) with SEPA payments 1) between banks in different European countries?
Why isn't there such a thing as IBAN 2) outside of Europe, which really helps to make bank transfers seamless and unambiguous?
It sometimes seems that regulation and standardization is not such a bad thing.
Yes, it’s called an authorization hold or approval hold. The customer’s bank returns back with an authorization code or approval code reserving a certain amount of money. Then the merchant goes back with it to retrieve the amount actually wanted.
This is for situations like filling fuel, or hotel stays, or car rental where the final cost is not known at the beginning of the transaction, so an estimated amount is placed on hold, and then whatever is used is actually taken.
The Brazilian banks got their hand forced into changing their system recently, but this one feature stayed exactly the same way.
Hell, if you take enough details out, it is exactly the same as a two passes commit we use in distributed databases, where there is a single team (often a single person) defining the behavior.
Don't expect that one complexity to go away any time soon.
Many payment schemes were built with idea that messages would be sent via post (on big tape reels) or expensive internet connections that can’t be run 24/7.
However none of these constraints really exist anymore. Which means that you can move money using a single message and synchronous communications, with a little protection to deal with the two generals problem.
These systems have to be up and running all the time and there can't be an option for mistakes!
Single message systems already exist, most US card transactions move over a single message system.
> there can’t be an option for mistakes!
This is where you’re wrong. Mistakes happen all the time when moving money, a big part of any banks operations is cleaning up those mistakes.
Around here the banking authority started development on new ACH features (4 hour transfer, and they are developing "instant" transfer, and hopefully 24/7 transfer too), and the banks have to get on board in 1-2 years. (There's a deadline. Sometimes it gets extended because too many banks fuck up, but they get fined. It works up, progress happens.)
So, it's very, very, very far from impossible. If there's political will, it can happen in about 1-2 years.
They’re still old and have plenty of issues, just different to the US.
Not even close. In the states things just feel and work as if you've jumped 15 years back in time.
And I'm not even going into identity theft territory which is orders of magnitude less common in Europe.
I know americans don't like hearing this and always downvote me into oblivion, but it's the truth.
This time won't be any different, but maybe someone will be exposed to an alternate reality and reevaluate their biases.
Why the hell are we writing checks in 2020?
The only thing that keeps it from happening is lack of political will.
And seriously, why the downvotes? Who is here actually defending the US banking system? Speak up!
Plus after a while it just gets annoying to be punished for just stating reality.
What awesome features am I missing out on?
The ability to limit the frequency and amounts of direct payments. Pay for cable with direct deposit? Why allow the company to debit more than a hundred a month?
You miss Banks giving you virtual on demand credit card numbers for free, not as a service you have to pay with another company.
You miss by having anything years later than everywhere else, like nfc payments and contactless card payments. I had people think I was insane 2 years ago for paying with a contactless card. Many would think I was defrauding them in some way. This was in large cosmopolitan cities. Not the sticks.
You miss free transfers without the ridiculous low amount limits Zelle has and no restrictions on whether the recipient is a business or not.
You miss the ability to have all direct debits initiated by you on your home banking. Meaning someone having your account number is never a real issue.
And the list goes on.
Maybe awareness is improving...
I don't get why you'd use something like that. Due to new EU regulation I can transfer money to other Dutch banks within 5-10 seconds. It should be EU-wide, but it seems the Dutch banks would some loophole to delay that. Anyway, what is the point of a cheque? Just pay immediately, this ensures your balance is way more accurate.
In the USA checks have your account number. A number you are supposed to keep secret to prevent ACH fraud.
The first thing Banks ask you if you try to address any fraudulent transaction is whether you've shared that number with anyone.
The number that is in every check!
That maybe true today, 30 years from now those boomers will be dead.
>>The other misconception is why banks continue to operate this way, which I personally believe comes down to prioritizing risk aversion and fraud resistance over other attributes
There are many ways to solve for both, other nations have done it successfully
ACH for example is a shit show and should have been replaced decades ago, its biggest "security" features is that fact that it is slow to complete a transaction to allow humans to catch an error or fraud....
US banking is not about risk aversion or fraud control, it is about risk shifting and CYA. They do not care about preventing fraud, they care about making sure they do not have a pay for fraud by shifting liability to either consumers, businesses, or another bank