Of course Chase isn't going to eat a $3,000 loss because a customer fell for a common scam and ignored Zelle's warnings and didn't even do a cursory look through the bank agreement which clearly explains how checks clear.
The difference between the other services "taking responsibility" and "not shaking down their customers" and Chase Bank is that unlike a checking account, credit card transactions can be easily reversed. Once you send the money through Zelle, it's gone.
That your sister was victimized is clearly terrible, but it doesn't change the fact that her negligence caused her bank to lose 3 grand, and your father is liable as a cosigner as well. She is reasonably expected to recognize that Craigslist arrangement as too good to be true, and she ignored Zelle's admonitions not to send money to strangers.
My mortgage is paid through something that frankly looks like a scam site. You connect to it with an odd domain. When you login, it hops all over the place changing domains and forwarding you repeatedly. The UI is old, odd, and breaks with modern and safe UX patterns, like password managers (can't paste). When you finally land on the site to enter your payment information, it no longer matches the domain you went to.
I don't think a single one of my online payment hubs for standard bills like mortgage, utilities, loans, etc don't at least have one glaring pitfall that helps to introduce confusion to uninformed customers. Hell, i consider myself reasonably informed and i still fear i'm logging into a poorly thought out phishing attempt every time i pay my bills.
We've given very little consistent information to the average person about how to safely interact with the web. And that's just obvious issues, not even straight up incorrect data like what the OP seems to describe.
Hilariously, the best online credit payment I've used has been Synchrony. I got their card when my wife had laser eye surgery because it came with a nice deal. Then I got another card for a deal at the auto mechanic's. It was so simple to go to their website, log in, make payments or change autopay, see my balance, anything. It took barely any time to tweak uMatrix so it worked. And I've never been surprised by them.
I swear I'm not being paid for saying this.
The only sites I visit frequently that do the domain forwarding and have ancient designs are local government sites (for paying taxes and fees).
I think you misunderstand. Your parent is saying that after logging into his normal bank, he is taken through two or three third party banking providers that have their own domain names and web user interfaces - just to perform some core action related to paying his mortgage.
I have seen this and can give you a few concrete examples:
- Log onto unionbank.com. Mortgage payment is done through "my mortgage portal" which jumps you to unionbank.customercarenet.com.
- Log onto tiaabank.com. You are quickly redirected through the first third party domain which goes by too fast to copy/paste then you are redirected to cibng.ibanking-services.com, where you do your TIAA banking online (!)
USBank bounces you around weirdo domains as well. FWIW, I have never seen wells fargo do this.
This is a phishing nightmare and it is right at the crux of high-consequence interactions (your mortgage, your banking) and barely technically literate users.
It is unbelievable that they do this.
Actually i think it's slightly different (in my specific example). It looks and feels just like you describe, but i get the impression that it's all the same bank. For some reason the application operates on multiple domains.
My old credit union was the same way. I'd log into `someCU.com` and be forwarded to `secure.CUentry.com` or w/e (i forget the specifics). Both domains were the same CU entity, i imagine, but the pattern we should be telling the "average person" to look for is to always find `foo.com` in the address. If you're not connected to `foo.com` then it's evil. However when sites forward you to likely safe but alternate domains entirely we erode this trust in fixed domain names.
Next time a user clicks on an email to `scamCU.com` and don't think anything of it, since `someCU.com` already has multiple domain names.
But yea, you hit the nail on the head with the root problem. It's gross.
Even if it's not, it might be if someone decides to sell it. years ago, I went with a well known company, and in the disclosures they have fine print saying "we may sell this". 2 months after closing, they sold, and the new servicing company required $5 per payment 'fee'. I never agreed to that, but... essentially have no choice in the matter. Options? Spend another 4 figure amount to refinance and hopefully get a different servicing company?
Under the More -> Charities tab, one of the 9 charities in the world they have chosen to preload as defaults is Focus on the Family, a notorious anti-LGBT hate group.
Nobody deserves to get scammed. This is puritan thinking, to blame the victim. People aren't supposed to understand every single thing and systems, and banks should do a proper job at educating their clients, if they care about good PR. Obviously, Chase and many more do not.
The use case here is paying rent. I write exactly one cheque a month, and I haven't found a better way to do it that wouldn't either be expensive or require action on the landlord's part to set up a portal or something.
Holy crap Americans are getting scammed ( for reference, bank transfers in the SEPA space are free). How the heck did N26 and others fail at such a broken market where the competition is stuck in 1995?
Clearly, the bank knows how cheques work and how they can bounce 6 months down the line. They should make it clear to the user with a warning explaining "we are required to make this money available to you by law now, but this money can be taken back at anytime if the cheque ends up being fraudulent, and this can happen for up to 6 months down the line".
The bank also knows (doing otherwise would make me doubt their competence to operate a bank) that this is a common scam and should similarly warn their customers about it. They also know (and have the data) to prove that a lot of people fall victim to this scam suggesting that there is a lack of knowledge in the majority of people when it comes to how cheques work and how they can bounce down the line after the money has already "cleared".
Finally, when it comes to the law, the law was most likely drafted at a time where 1) there were no easier ways to transfer money instantly while making sure it's actually legitimate, so it was a necessary trade-off and 2) there were similarly no easy ways to irreversibly transfer money out of the country in an untraceable fashion, so that the majority of occurrences of such scams would also give better chance to law enforcement to actually trace the funds and make the victim whole, so the fact that someone could temporarily end up out of pocket was also not a big deal.
Nowadays that particular law is clearly inadequate and is doing more harm than good, but laws take time to change (and no doubts there are vested interests at play that would want the system to remain as-is) and there's nothing preventing the banks doing their own part to "patch" the bug until a proper fix can be installed (by deprecating the whole cheque system altogether).
There are far too many scams based on someone thinking they've got money they haven't, whether it's person-to-person because of weirdness about reversible money moves or someone successfully abusing some sort of chargeback or dispute mechanism against a merchant. It's not as if these things aren't well known by the industry. It just chooses not to do anything about them, and to continue to rely on fundamentally insecure and unreliable methods of moving money around when it is perfectly capable of implementing better ones.
Certain countries have done so; look at Faster Payments in the UK for example. There's technically nothing preventing FPS to be used right now in place of the majority of card transactions. All it needs is better UX and a standard, like a fps://<sort_code>:<account_number>/<reference> URL that can be either put in a QR code for in-person payments or a clickable link online. Mastercard, Visa and plenty of other companies that make their $$$ off card payments in one way or another (whether supplying overpriced card terminals or selling fraud detection services) wouldn't be too happy that their entire industry is obsoleted by a feature everyone has by default in their bank account that is no longer earning them any fees.
I'm pretty sure any effort to improve the payments system and fix its inherent flaws would see pushback (either obvious, or behind the scenes) from a (big) industry which makes its money on patching symptoms one by one instead of fixing the root cause of the problem (as an example, the fraud detection systems for online card payments - they need fraud to exist and be possible because otherwise if the system is bulletproof in such a way that fraud is technically impossible they wouldn't have a business).
Elsewhere across Europe, SEPA provides a similar facility, but again only "within its own walls".
I would love to see the sort of alternative payment methods you mention taking off as a replacement for card payments. That is exactly what needs to happen. But as you say, there are some very powerful organisations with a vested interest in preventing or disrupting any such change.
It's called cash, maybe you've heard of it?
If you want an electronic system that's exactly like putting cash in an envelope and handing it to someone, Zelle etc. represent that system. A wire transfer is basically the same, only with greater formality, complexity and cost.
By and large, consumers don't actually want that. They like protections such as being able to chargeback if services they've paid for don't get delivered; goods are defective or counterfeit and so on. Yes, this can make life hard for merchants: on the other hand, they are free not to accept credit cards. Most do, because it's a price of doing business.
That's the problem. You're free not to accept credit cards, but only in the sense that you're free not to be able to actually sell anything to a large number of people in some very important markets. It shouldn't be a "price of doing business" to accept chargeback abuse, and it shouldn't be OK for the financial firms that permit chargeback abuse using their systems to wash their hands of the resulting liability. But right now, in practice, it is.
Did you ever wonder why many transactions will accept money orders, but not checks?
The system is in place, and has been forever. It just isn't checks.
Part of that problem is the continued existence of insecure-by-design systems that should have been forcibly retired many years ago. Another part is that even where safer alternatives exist, as this very story unfortunately demonstrates, it's all too easy for an honest person to be misled about whether they are using one of them.
Both of these problems are directly attributable to the financial services industry, which continues to make a fortune from the status quo even as lives get ruined and businesses go under as a result of preventable crime. Sadly, I can't see this changing until someone in a national government grows enough of a spine to regulate the industry properly, by which I mean setting out a realistic timetable for fixing the problem and then imposing crippling fines on any banks and other professional actors that don't step up.
Are you sure? You're certainly correct that many popular payment methods are well overdue for being discontinued, but many methods of transferring money that you might think are permanent or even immediate can, under some circumstances, subsequently be reversed.
Unless you've been the victim who sent money to a scammer, of course, in which case all too often it mysteriously turns out that the method you used doesn't suffer from such a limitation. It's almost as if there's a whole dark industry of people who know which methods can be exploited like this and use it to abuse innocent people who made reasonable but incorrect assumptions about the competence and security of the financial services industry.
So yes, it's certainly available and possible, and incident of fraud is very low by all accounts.
On the other hand, SEPA Direct Debits can be involuntarily refunded up to 13 months after the payment goes through if the payer claims the charge was unauthorised. From bitter experience, some customers are quite willing to lie about a legitimate charge being unauthorised in order to take their money back retrospectively.
In the spirit of the original article here, I wonder how many people appreciate the profound difference between those two methods of transferring money, both commonly known as SEPA.
This scam is so incredibly common and effective that I think we have to move beyond blaming individuals for making a mistake, and consider implementing a fairly simple safeguard.
As noted in a below thread, the solution can still be to make the funds available, but to note clearly that the actual funds may not really be there.
As you note, this scam has been going on forever, and some simple UI changes could make it harder to execute, while not hindering the common case (non-scam).
Also, if the bank really wanted to help, they could offer the services of its fraud unit in attempting to identify and have the check writer prosecuted.
Honestly, it's time to kill checks. They have no place in today's world and can only cause problems.
The law only forces them to make the funds available, not to pretend that that funds cannot be reclaimed
If the true status of the check had actually been made visible, then yes, Chase would have a much stronger position to claim their was irresponsible
No, the bank fell for the scam. They cleared the fraudulent check. But their TOS says their customers are on the hook for mistakes made (and hidden - there's no way to tell if a transaction really cleared) by the bank.
Whenever you hear someone propose to give you a check in return for you depositing your cash directly somewhere, it is always a scam, always. There is no legitimate reason anyone would ever do this, and I've seen it happen multiple times to multiple people, and even to small charity organizations that almost went bankrupt because of this.
We need some sort of anti-scam class in like high school or something. Just the ability to recognize the most common scams in the world would protect a lot of people.
Most western countries have moved away from checks - with the exception of bank cheques or money orders for certain, specific cases.
Another way of looking at it, a check is more or less a form of wire transfer using the ACH system. I just wish there was a way to remove the paper check aspect of it, in a way that is commonly accepted by private individuals + small business in addtion to big outfits.
The sender tells their bank to send someone money, the bank checks the sender's funds and notifies the receiver's bank of the transfer, then the receiving bank notifies the receiver they got the money.
This whole thing used to take 2-3 days in the days of paper giros, but it's pretty much instantaneous now.
That said, getting rid of checks completely is a much harder social challenge than updating the UX to show the right status.
UX updates are a practical recommendation that a few engineers at a bank could actually implement
Good lord, I had no idea this is how bad things are. Haven't used checks in a long time and happy I haven't. The privacy trade-off for cards is concerning but the convenience is hard to give up.
A check literally has your full address and bank account number on it.. doesn't get much worse for privacy.
Really? I assume you're talking about the US? Because that's certainly not the case in many other countries that I have worked/lived in.
For personal checks, I think the store usually checks that the address matches your photo ID--for corporate checks the address is usually just a P.O. Box. I think the address is also used to look up people in the check acceptance risk system (certegy, chexsystems, etc).
Around the late 90s, a whole lot of places stopped accepting checks with a PO Box address printed on them, ostensibly due to “fraud concerns” (it was really that the government offices that do debt collection for “hot” checks wouldn’t accept non-physical addresses).
There’s not really a point to this story, I suppose, except that privacy has always been hard to maintain.
Marking the funds as unavailable would cause great issue for people using checks. For example, a rent check would only be good on six months?
Who would accept this?
The law was initially written to protect consumers from having their money unavailable
- Pending with funds available
A year later, the internet will have thousands of threads on various sites with people complaining that their (real, legitimate) paychecks still show the indication weeks after depositing.
People who are so wishful-thinking that they think someone is paying them a 10% commission to deposit a check will still be wishful-thinking, and will continue to accept statements like "this is normal, you'll see it all over the internet" at face value.
As I understand it, there is literally not a "transaction complete" message in the ACH protocol. After enough days without hearing an exception, you assume it went though.
U suspect this comes to the implementation model-- since it's so much based on batch files and potentially offline processing at the destination bank, they probably don't want the overhead of composing and returning a success response for the 95% of transactions that behave normally.
When you do an ACH pull or a check deposit, it generally takes several days or even weeks for the transaction to clear. (But when you do an ACH push or Zelle, the transaction may be irreversible.)
Would you be OK if your bank waited a week or two until clearing the check? Or the banks getting rid of the whole idea of personal checks?
It's amazing how little effort these institutions put into trying minimize damage to good customers.
Younger people don’t have the same knowledge about checks. Banks are outdated in their assumptions of consumer knowledge. But I also think a certain level of common sense also applies here.
I live in the EU and I don't think I've seen a check for about 15 years.