Unauthenticated credit/debit transfers are a pretty uniquely American thing. Many other countries have bank transfers that require the customer to authorize it (either ahead of time, or synchronously during the transaction, as you describe) before the money moves.
> Many other countries have bank transfers that require the customer to authorize it (either ahead of time, or synchronously during the transaction, as you describe)
Only half-correct if you're talking about SEPA. Legally, the customer has to fill out a "SEPA direct debit mandate" - but the company initiating the direct debit transfer only has to keep it on file.
I have a business account at my bank, I can theoretically file a direct debit for as much money as I want against any SEPA-reachable bank account (in practice, most banks including mine limit that amount until you can prove, e.g. via presenting a bill, that this is a correct amount) - but if someone disputes it or, worse, files a legal complaint that causes police to investigate and I can't produce that mandate signed/authorized by the customer, I'm in extremely hot water.
What if you produce the mandate signed by someone impersonating the customer? I imagine that is the typical case for ACH fraud. Not everyone has their own ACH connection; you would plug in a stolen account number at some merchant.
To be honest I don't know who is held liable if you can prove you have had a valid mandate, never had to dive that deep into the rabbit hole that is SEPA - and I guess the specific rules depend on the country you're in. I assume though that similar to CC fraud, one or both banks involved eat the loss.
And looks like author lives in Tokyo, not sure where is he from. The only time I pay with credit card and give power for others to pull automatically money from there is American companies.
Otherwise I always do the wire or approve the é-bills manually.
