Because the same two numbers (routing and account) are used to deposit money AND debit money.
So if you post your account numbers I can pull all your money out. Now you'll likely get it back if you file a fraud claim, but that's an extra Hassel, and your out finds until they give you a provisional credit.
It's also why Donald Knuth doesn't hand out real cheques anymore… too many people (me included, but I later blackened those parts) posted pictures of their cheques online: https://www-cs-faculty.stanford.edu/~knuth/news08.html
That can't be right. Im a European living in Hong Kong, both places, widely different you'll admit (HK still doesn't have frigging IBANs), I can give you here my account number, you'd be able to do NOTHING with it, nothing but GIVE me money.
To withdraw in both continent you'd need a pin or a signature + a tamper-proof ID card. The web app in Hong Kong has 2 passwords + 2 private key phone checks + insta SMS sent on any output. My French bank resets the private key every 3 months and require a strong re-auth (SMS or postal mail).
To direct debit, in HK you can only trigger it from the source account by registering the target online, it can't be done the other way around, while in France you need a signed authorization - but I suppose that can be faked if you have a target entity already registered and fake signatures to a bank.
And you're telling me in the US I know your target bank account to wire you pocket money at your birthday, I can also just withdraw ? That can't be right sorry.
>And you're telling me in the US I know your target bank account to wire you pocket money at your birthday, I can also just withdraw ? That can't be right sorry.
Here in the UK while it's super easy to set up a fraudulent direct debit on someone else's account details, it's equally easy to claim those payments back (and the scheme guarantees you the right to be able to claim a payment back for any reason, doesn't even have to be fraud - the merchant can of course still chase you if you've declined a legitimate payment you owe them).
Yes — and it doesn't require anything more than a typo. Whether or not the banks will reimburse it will depend on the bank and whether the money has already moved from the target account. It's never fast but I've heard at least a few stories about complete nightmares where the bank was essentially accusing the victim of fraud despite having utterly failed to protect their customer.
Thank you for responding.
It is really horrible it sounds like you can not really be safe. Really strange that the owner is not authorising the payout from his/hers account.
well its the same in europe but its not that this is happening. the information (IBAN) you need to wire money via SEPA transfer can also be used to fake an automated SEPA debit system for subscriptions.
E V E R Y german company has their SEPA information on almost every piece of writing that leaves the company (in the footer) and thus far i think widespread misuse/fraud is not really a thing.
The debit system for sub here in HK is only possible on the user side. You can't automate it like in Europe, the dude has to go to his own account and register it himself with the company's target account.
But what you say must be impossible in SEPA too - to fake a sub registration you'd have to register with a corporation ID as a subscription receiver in the SEPA area. I'd suppose at least you fraud one person you're immediately found. But it's also that you probably can't even register without at least a sort of reputation check.
So if you post your account numbers I can pull all your money out. Now you'll likely get it back if you file a fraud claim, but that's an extra Hassel, and your out finds until they give you a provisional credit.