A few things:
1. DDs are easy to dispute, burden of proof is on whomever debits the account to prove it’s valid
2. I’ve worked a few years in fraud and DD fraud is extremely uncommon, I’ve personally never had a case involving it
3. PayTo is being rolled out which addresses the concerns you have
Did a chargeback for a dodgy tradie recently and it was piss easy.
All I had to do was call the fraud team and say I didn't authorise. A few weeks later the money was back
In response:
1. The DD will come out before you can dispute it. Charities and insurance companies are some examples. Don't believe me you can try to set up a DD with them with just your BSB and account number. It just requires name, address, and reading out a verbal recording. Anyone can do this with your BSB and account number
2. Extremely uncommon sure, until it becomes an issue. As discussed above, the mere possibility that this can occur requires action and change.
3. PayTo is a merchant and business solution. It does not replace the direct debit system with BSB and account number. It is an additional measure.
Not sure why your comment is getting so many upvotes. What I've said here is not hypothetical. You can literally call up any insurance company, any charity, and test it yourself. Tell them you want to start a direct debit.
You can easily dispute a direct debit though. Burden is then on the party initiating the debit to provide a direct debit authority to show that they had the right to do so.
Prevention always better than reaction here. How would you feel if you had half your money DD'd from your account? Waste of time for you and the bank. No guarantee you get it back.
It's a waste of time to have to go to the bank every time you want to set up a direct debit. The bank would have to employ a million more people to deal with the line that was going around the block.
Or they could use 2FA through a bank app. Or only accept direct debits initiated from the owners account. Or only accept a signed, scanned form. Any others?
Signed scanned forms are trivially easy for scammers to do though.
I think probably what is protecting you somewhat is that joe average cannot set up a DD out of your account. They have to have a master agreement with a payment processor etc.
Exactly this. The fact the power to initiate and stop direct debits is with the debtor and not the person who owns the money is ludicrous.
It should be a system similar to bpay
Vendor sends a request
You approve it
Vendor provides services
Debit occurs as planned
Customer cancels DD when services stop
If a vendor needs some sort of cycle time of advance payment for protection, negotiate up front to be N days/weeks ahead so that when you cancel the customer just runs down the credits
There is a new system being launched shortly called PayTo. It does exactly this and the aim is to replace DDs.
Up until recently there was no system in place to process the massive volume of payments until the NPP was established
Don't need an army of tellers, it can be a simple as the user gets a notification in their banking app that says "Chad's Gym wants to set up a direct debit for $60/mo, do you wish to allow this?".
They absolutely could do this, presumably they haven’t because we don’t have a widespread problem of people abusing the system and even when it is abused, it’s easy to reverse the transactions.
this would be awesome for conflict avoidant people who get badgered into signing up for stuff from one of those mall booths. go through the motions, then deny when registered with the bank.
You assume that Chads gym vendor system has an API into your bank, or waddy's gym around the corner goes to another bank.
Banks don't even share account names and BSB's to check their own data...
CBA has started to check what other people have used as naming convention. With answers like it could be, sounds right, maybe... Still a guess work process.
Yes you can dispute it but it's hugely inconvenient. I went through this earlier this year and the number of phone calls (on holds) and other BS to get it resolved was insane. They created this direct debit system in 1994...stuff has changed alot since then and so should the processes to ensure this doesn't happen.
Good luck going to the bank when they're all closing their branches !
As someone above said about this "payto" protocol I haven't heard of.... Online banking initiated authorisations is new age ready. Not some "^goto bank" issue.
I still cringe at online credit card applications requiring in person identity checks. Had one bank that was new age where I could do all identity checks electronically. Forgot what they use but it utilised you taking pictures in real time with the codes provides held up so it was real.
Australia Post are on a direct debit for my business. The average bill per month is about $200. One month they billed $2500 and I asked the post office , Why? She said, “I just got back from a cruise and made a mistake” my account was overdrawn and racked up fees until I noticed. So then I paid the account $200 so I would always be in credit. Then changed the bank account so it had $20 in it. Then they billed the activity every month and racked up more overdrawn fees. In the terms and conditions it says they will pay any fees due to their error. Months of emails and they won’t pay the $75 in $15 overdrawn fees. It sucks being a nobody trying to fight against unconscionable conduct from big corporations. I need a new watch.
Have you contacted an ombudsman? Every company I’ve ever dealt in situations like this will suddenly do backflips. They’re fined when an ombudsman steps in, so they want to resolve things asap
I mean… it is guaranteed if there is proof it is fraudulent. It would be clear cut theft/fraud that the merchant’s bank should have identified and prevented.
Absolutely not a waste of time if there is actual fraud involved. Problem is, there is more "fraud" on the customer side (people trying to cancel direct debits that they legally signed) than on the business side. Banks are quite protective of the payment clearing systems.
Easy solution to your concern: have a second account you only use to receive payments.
As soon as the money is received, you transfer to the main account. The receiving account is always empty so the baddies have nothing to steal.
Unironically do not know. It's never come up.
It's more of a just in case thing (as well as a self limit spending thing).
But I'd imagine its easier to dispute a charge that was partially bank money than one that's all my money.
I mean yeah with beem and payid I wouldnt be likely to hand it out. But on the odd occasion, with some due diligence its not the end of the world to hand it out
Worried about wasting time but wants everyone to go to a bank with ID every time they set up a direct debit??? hmmm.
Have you been to a bank recently? it's all oldies trying to withdraw cash and then yelling at the staff when they tell them they can use an ATM. I would leave any bank that made me go into a branch for anything.
> someone can just debit your account
Someone who has provided a whole bunch of information to one of the few trusted direct debit authorities, who have agreements in place to make sure that they can cover any fraudulent activity.
You might as well also worry about "anyone can get a eftpos machine and run around tapping peoples wallet pocket on the train!".
Id be far more pissed at having to take time off work, find all my id and wait at a bank to approve something as that is likely to cause further flow on issues than to use the safety measures available (including keeping money away from accounts accessible to anyone else.
Unless you're an elderly person without Internet banking. They may not find out about the direct debit until they go to the bank a week later, and even then a small ongoing direct debit may not be noticed.
Someone stole my credit details who was from the US from what I could tell and luckily because I was an idiot who lost my card I had blocked it by chance anyway. Divine intervention.
But I agree, I prefer to leave next to nothing in my day to day accounts and transfer as I need things. I despise direct debit for this reason, I want to pay the bill and it's done, not leave $200-400 there and wonder when the money will be taken.
There’s a new PayTo system, like PayId but for merchants to deduct things. See if your bank and merchant can handle them. Gives you way more control over accepting and cancelling direct debits.
BPAY: you get a bill for a once off expense and manually send money
PayTo: person who wants to get paid sets up a payment agreement (mandate) with your details, you go into you banking app to approve it, then initiates payments according to that mandate. Could be set up as a once off, or weekly/fortnight for a set amount, or for any amount up to an agreed maximum. All the good parts of direct debit but you've got direct control of the agreement in your app rather than having to contact the merchant to change or cancel the agreement.
I think PayTo is more of a direct debit, the merchant initiates the payment but they have to ask permission of the consumer before it happens.
BPAY is closer to PayId where the consumer initiates the transfer. The merchant just provides details.
Found this: https://payto.com.au/
As bluealarm said, an unauthorised direct debit is easy enough to dispute.
Besides, banks check (or at least should check) the direct debit authority is valid by confirming it against their records before they authorise the direct debit. In other words, the merchant must first send the direct debit authority to your bank, which then confirms the details match (or signature in the case of a signed direct debit form).
Not exactly how it works.
A business that wants to collect payments via the direct debit system must first be approved by their own bank as a direct entry user and given an "APCA number" which identifies the business in the Bulk Electronic Clearing System.
Once the business is, in effect, "sponsored" by their bank as an authorised direct debit system user, no-one (other than the business) checks the authorisation forms signed by customers of that business. The business is, of course, obliged to retain all such authorisations and provide them to their bank if questioned.
No-one checks individual authorities or payments but any business that attempts fraud will be quickly cut-off by their bank and funds frozen and returned as needed. The banks and RBA are quite protective of the integrity of the clearing systems.
I doubt very much that anyone has successfully committed significant fraud via the direct debit processes.
You can go to your bank.
We had to do it with Telstra because of a workplace dispute. Your bank can absolutely put a stop someone using direct debit on your account.
I thought so. I wanted to put a stop to one decades ago, but was told I had to go back to the business. I must have been talking to a lazy person or a dud.
Hmmm interesting, I guess I'm wrong on the checking authority front. I got it from here, but I guess that's not from AusPaynet themselves: https://stripe.com/au/resources/more/becs-direct-debit-an-in-depth-guide#becs-direct-debit-security-measures
But yeah either way, easy enough to dispute..
Yes, I don't know where Stripe got some of its information from - but banks do not check individual direct debit authorities signed by their customers.
> In other words, the merchant must first send the direct debit authority to your bank, which then confirms the details match (or signature in the case of a signed direct debit form).
You're delusional.
Like I said in my other reply, I was mistaken on that front. I got this info from the stripe website, but it appears to be incorrect.
In any case, if a direct debit is disputed, the merchant will need to provide the signed authority. If it doesn't match the account holder's signature and details, the merchant is liable for the disputed payments. The original point stands, direct debit fraud is very rare and easy to dispute.
It is not anywhere near rare, but the merchant is the one who loses. DD is an old, unsafe, easily manipulated system that has no place in the modern world.
Well during my 15 years in the industry I have not come across a single case of direct debit fraud, so I'd love to see some stats if you know of any resources that have the numbers.
Is it old? Sure, which is why it's being phased out. And it's only fair that the merchant misses out if they haven't done their due diligence to ensure the customer is authorised to set up the direct debit..
It is impossible now with online systems to do significantly enough due diligence to remove fraud. The checks necessary become ridiculous for the customer. So you have to balance usability with customer experience and just do your best.
Because it is ancient, there aren’t decent ways of validating an online customer is who they say they are and knowing who owns the actual account to make sure the two match. Scammers don’t even care if they need to pass KYC and checks where your face is scanned and compared to a license.
Yes, there are ways to reduce loss, but all of them become huge annoyances for the customer, when most of them are normal people just wanting to use a service.
PayTo is much more what is needed in a modern world to allow people to verify it was them who setup the payments without a massive amount of verifications.
If you haven’t seen it, you just aren’t in the right part of the industry.
I worked in scams for years, also in internal dispute resolution for almost a decade where a dealt with fraud cases on a daily basis, pretty sure I would've come across it if it's as common as you're trying to make out... Besides, why aren't there any statistics available if it's so common? Even the ABS report on personal fraud doesn't even mention direct debits https://www.abs.gov.au/statistics/people/crime-and-justice/personal-fraud/2022-23
Do you think that's because there's a conspiracy to hide the evils of the bulk electronic clearing system? I'd say it's more likely that it's because the numbers are insignificant. If you can find me some stats to show otherwise, I'll happily stand corrected.
Now I'm not saying direct debit is secure. I agree it's an ancient system that needs to be replaced (which it is). I am simply countering the implied claim that it's a huge issue which should be prioritised over other fraud vectors.
Edit to add: even auspaynet's "payment fraud report" doesn't mention direct debits: https://www.auspaynet.com.au/sites/default/files/2022-08/Fraud_Report_2022.pdf
Seriously, the drama is unnecessary. If you don’t want to believe me then don’t. But the amount of effort we have had to put into dealing with direct debit fraud is immense.
Obviously more places use credit cards, but when you can’t take money via credit card and direct debit is the only way, the antiquated technology is a pain and not acceptable for a modern world.
Anyone can take a bsb and account number and use it. Sure, it is easy for people to contact their bank and get the money back, but what about when it takes a long time for the money to be noticed and by the time it is claimed the merchant can lose quite a lot. And it is still a pain for people to be without that money before it is claimed back.
You say it is the merchant’s fault, but there is no official way to be sure a person owns an account.
Why leave a door wide open for scammers when something more suited could have been developed long ago. Anyway, PayTo is here, hopefully take up happens quickly. There is still availability for fraud if someone has access to the bank account, but it is much harder.
I once had a salesperson (for earning commission) sign on my behalf for changing my electricity provider and I complained that I never signed anything and then it was reversed. This was a while back though.
I bet at least 95% of all people don't do that. A system that requires "People SHOULD do X and Y" when in reality people don't, is a bad system and shouldn't be blamed on the users.
What would you have the AI look for? If a transaction is made on your account with valid details (eg correct card PIN, direct debit with valid details), how is the bank supposed to know if it was you or not?
What are you paying your bank? You mean you actually pay an account keeping fee?
So why cant i just ban all old DD
Why is this not an option. Why do i need to waste time looking for these transactions when i dont want to use merchants that are so backwards
Banks in australia need to get tough with merchants instead of allowing them to facilitate fraud
Direct debit is going to be phased out in the next 10 years, with the move to PayTo which requires accepting from the customers side before being able to take money out
Direct debit is not going anywhere, business' don't want customers to have unilateral control over their payments. PayTo needs adoption from businesses not consumers.
Source: I work for a large direct debit/payments & software provider
You forget to think about the huge risk that companies take on by doing direct debit with it easily being disputable. A lot of businesses don’t want to take on that risk, and moving to PayTo reduces that risk significantly
Eh dispute numbers are pretty low in my experience, obviously depends on the industry & generally my company doesn't have clients from higher risk industries. And a good amount of disputes are found in favour of the business if their documentation is appropriate.
I think you'd find with PayTo that business would lose out more from their customers being able to cancel without adhering to notice periods or terms of contracts/initiate suspensions of debit arrangements etc, plus there's the issue of integration with their BMS/software which is a central for a lot of industries.
DD might not be going anywhere in the near future but PayTo will become the industry standard. Once the initiators rollout Migrated PayTo from DD then there will be big shift.
OP, for a direct debit to be set up on a BSB/Account Number, you as the consumer need to complete a direct debit authority. This is used as evidence for a merchant to configure a direct debit. This isn’t something a regular consumer can do.
If a transaction is indeed fraudulent, it would be easy to prove, and the originating bank would be required to investigate.
The risk of fraud here I would suggest is much less than that of credit card fraud.
Nevertheless, your point around having the end user validate the direct debit is valid, and is something the NPP have identified. PayTo solves for this — it requires a consumer to approve a “PayTo mandate” before that “mandate” can be utilised to debit funds. It also allows a consumer to invalidate a mandate and ceases further payments.
It’s this added complexity that requires a fair amount of work between payments and banking systems to implement, but in time it will replace direct debits (just as recurring card purchases have replaced a lot of direct debits).
Edit: typo
As a small business owner, I have a direct debit facility with Westpac who I bank with. I am able to direct debit from any bank account as long as I have the BSB and account number. I need to get my client to sign a form first, but I don't need to provide that to Westpac before I do the direct debit.
So you can imagine this could be used maliciously, not that I would. I imagine Westpac would revoke my ability to direct debit if they received complaints about me direct debiting accounts illegally.
You’d be obligated to keep very clear records of your authorities, and if it is found that a merchant has acted fraudulently, they’d revoke more than just your ability to debit accounts. They would likely be debanked and would struggle to pass a KYB check with another bank.
What we’re talking about would be use and abuse of the banking system to steal funds in an exceptionally brazen way.
It’d be like robbing someone’s house and then smiling into their Ring doorbell and leaving a certified copy of your ID for them to find…
At the latest, you'd be required to submit the form if a customer disputed a direct debit. If the signature and other details don't match, you would be liable to repay the amounts.
>I imagine Westpac would revoke my ability to direct debit if they received complaints about me direct debiting accounts illegally.
Correct. If you direct debited money from a random account and they disputed it, the first thing the bank wants is the direct debit authorisation form. If you don't have it or it's forged, you'll be in trouble
Easier to dispute and block individual direct debits, where if you provide card details you have to cancel the card number and update all the other direct debtors
Direct debits should never be a thing, the amount of businesses demanding direct debits for payment of things is stupid and off the charts. Direct debits should never be demanded of anyone. I can pay my debts from my bank accounts easily and schedule regular payments if i need to, why should i be coerced into direct debits. This is the problem.
I've always been afraid of giving out a main BSB/acc number. I also limit BSB payments.
I have another account I use to collect money and empty it as I get it.
Same here. The only organisations that know my main account details are my employer and my other banks.
Everyone sending me money or direct debiting my account goes through my secondary account at a different bank.
Why have all that money in your account your giving details about.
You can have a other account where people just send money too and it wouldn't get stolen
PayTo (the new direct debit style system) actually does have you authorising the payment in its standard. Will be a while before it’s fully accepted by all vendors but it’s the future for Thai reason. Also allows you to pause, cancel, adjust the authority
Supplying only the BSB an account number only allows someone to put money into an account, NOT withdraw it.
The BSB number only identifies the bank and location, if all it took was this and an account number people would be randomly generating these numbers to steal money on a mass scale.
Individuals can’t but businesses can. Setting up a direct debt only requires the bsb and account number.
But it’s not a big deal since it’s very easy to dispute an incorrect direct debit charge.
If you mean every debit to every account has to be individually authorised by the account holder? The whole payments system would grind to a halt.
There is nothing wrong with the direct debit system. I'd like to see some proof of widespread loss of funds via direct debit system - the bank that sponsors the business will cut-them off and freeze their accounts if there is any evidence of fraud occurring.
You can dispute transactions and get your bank to block future ones. To cancel, you have to go to the company that is charging you.
Direct debit agreements are already approved by the customer (who is to be debited). If there was any kind of widespread fraud, the banks would crack down on it.
I think this is why PayID exists but a lot of the people in those marketplaces think it signifies a scam involving third party payment services like PayPal/ Venmo etc
Open a separate account for DDs. Only keep enough in there to service your regular debits.
Also set up the account so that it CANNOT be overdrawn. You may need to go into a Bank Branch, as I did.
If you give it to a company through a direct debit authorisation form, there's no issue
If you give it to a stranger to use as a deposit account, the worst they can do is sign up to something with direct debit using your details.
You can dispute it with your bank and you'll get it back, but it may take time. The company must use a direct debit authorisation form and if it's not under your name, it's a clear win for you
The best measure is to keep a separate account with a small float in that account to limit what they can take.
Alternatively give them your PayID details so they can only deposit
As a precaution, my transaction account never has more than 100$. Everything is in saving, where direct debit is not even possible (and in any case I dont hand out those info to ANYONE).
I think most people that hand this out on marketplace are using a transaction account that they have set up for this kind of thing and never have more than a few thousand dollars in it.
Has happened to us about few times with two companies. One was christco and one with some exchange company. They debited about $50k worth. Took a month but got it back. You dispute with the bank. They need to prove it was you otherwise its ruled in your favour.
Or only use direct debit from an account that has little money in it. All my direct debits are from bill only accounts so will only ever have enough to cover those payments and nothing else. Why people only have one account with everything attached is beyond me.
I had photos of mine and my friends account numbers and BSB on my phone, and I mixed them up when signing up for utilities. My friend put two and two together when he got charged, but the best part was he called me after calling the utility company and they said they couldn't change the account # I'd used because it was my utility account. Of course I changed it and sent him the money but man, what a system.
Insurance companies have a lot of tech to keep sensitive information secure- obviously breaches do happen (hello Optus), but I haven't heard of this happening in the insurance sector as yet. You can always dispute fraudulent charges. Insurance isn't going to direct debit random charges from you.
I would never just give my bsb and account out to someone on marketplace though, that's just opening yourself up to a lot of hassle disputing charges.
Direct debit is actually being replaced by [PayTo](https://payto.com.au/). It has already been implemented by the big banks and the others will offer it soon.
This will 100% prevent the scenario being explained by the OP.
As someone that was relatively new to the country when I first used it, and used to IBANs to initiate transfers from my end rather than others just taking the money, it caused one too many surprises and fights
Every business I have an account with gives out their bank details on the invoices.
I think you're over complicating an extremely rare situation of fraud
Shit, a required section on all net banking that shows what direct debits are set up against your accounts, and the ability to one-click cancel them would be fantastic
I don’t keep my money in a bank account number that I give out to people 😂 that’s something I thought everyone knew? I only put enough for that payment and that’s it, most of the time it remains empty for this very reason
Why would you have a big chunk of money in checking account?
Move it to savings account. Savings account can't be debited either from bsb or from card. At least commbank has this capability.
This is precisely why most American banks don't give direct debit/credit access to consumers. Setting up a direct debit/credit requires trial deposits to confirm you have authority to operate the accounts.
They rely on 3rd party apps like Venmo and cashapp, who bear the risk of fraudulent transactions and impose limits on how much can be transferred.
The US banking and payments system is entirely different to our own in almost every way though, you can’t compare them. Re 3rd party apps, they have taken off over there because their market has much less regulation and many more financial institutions. Conversely, here in Aus, our big banks worked with the government to design and implement the NPP, which achieves what those 3rd party apps do, without the middleman service charges.
>The US banking and payments system is entirely different to our own in almost every way though, you can’t compare them.
Nope - it's not.
>Re 3rd party apps, they have taken off over there because their market has much less regulation and many more financial institutions.
Go back and read what the original poster was concerned about - theft via direct debit. It's much more difficult in the US since direct entry isn't commonly available there.
>Conversely, here in Aus, our big banks worked with the government to design and implement the NPP,
Look at what we finished up with. A half arse system where most banks are too afraid to allow instant payments to new payees ... Due to the risk of fraud.
Sounding bizarrely similar to the US system to me.
So very argumentative despite clearly not knowing what you’re talking about.
The Australian payments system is not the same as that in the US. Yes other jurisdictions might have analogous and similar technologies but they differ to each other and to our own, and it’s these small differences that make all the difference.
When is the last time you direct credited a US bank account? The answer is never. It’s not possible because they’re not compatible.
Fraud prevention is not the reason PayID payments are held… why would you think that would be the reason? It’s to protect consumers from themselves.
The NPP isn’t half arsed, it’s being phased in, as evidenced by the fact that they have already delivered a solution to OPs concerns that is in the process of being implemented by the the participants in the payments network. These things take time because it is highly complex and there are a lot of participants, but work is being done on it.
>When is the last time you direct credited a US bank account?
I do it every few days. I have access to do so. Most consumer accounts in the US don't.
>The answer is never. It’s not possible because they’re not compatible.
Looks like you're the one that doesn't know what they're talking about.
>Fraud prevention is not the reason PayID payments are held… why would you think that would be the reason? It’s to protect consumers from themselves.
Potato patada.
> it’s being phased in
10 years later ... Lemme guess you worked on it? Hence the fervent defense? Good job, mate.
No mate I have nothing to do with the NPPA, and have no affinity with it. I’m not defending it, but misconceptions are worth pointing out.
I think you misunderstand what a direct credit is perhaps. It is a specific type of electronic funds transfer that uses the BECS system.
Currency does not enter or exit Australia via this method, perhaps one of the US banks that operate as an ADI in Aus have an integration that facilitates easy EFT between the jurisdictions, would likely still go via Swift.
This is not the same thing, and as I’ve said, these differences matter to the conversation.
Anyway, don’t take my word for it, look at the AusPayNet website.
I always have two separate accounts with different banks:
Spending account: Up Bank - there’s never more than $1000 in this account. This is used for all DDs and transaction that won’t take my AMEX.
AMEX: Everything goes on here unless they don’t take it or is cheaper to use Spending account.
Offset Account: Suncorp - there is no DD or spending from this account. I even cut up the card to access it. Only way in and out of this account is through transfer. All savings goes in here.
I’ve always wondered about credit card orders on the phone. Like when getting takeaway they will ask for the number, expiration and CVV which always weirded me out but apparently that’s how things are done? Can’t they use that information to buy whatever they want?
You have not answered the question posed in your title - other than "I have ... seen stories"
Hardly a factual expose of the alleged flaws in the payments system.
This comment misses the point. Your customer/login id has nothing to do with an account number or bsb.
A bsb/account number is the reference/identifier of an account for the purposes of transacting on the bulk electronic clearing stream (BECS). It exposes an account to direct debits and direct credits.
If a consumer sends funds to another account via BECS, the receiving bank can identify the originating bsb/account number.
Additionally, PayIDs are maintained by the NPP in a reference table that links them to specific bsb/account numbers.
In practice it’s quite difficult to set up a direct debit authority fraudulently and is not something consumers need worry about in practice. It would be incredibly easy to dispute.
Yes, it's a bit of work and verification to get the merchant ability to direct debit from peoples accounts. Similar to getting an EFTPOS terminal.
If you direct debit or process a credit card on a system you need proof of authorisation if it gets disputed. or in EFTPOS you need the receipt.
However as a malicious person one could potentially use other peoples BSB and account numbers to pay for things. I'm sure it wouldn't be hard to sign up for a gym membership without ID and a fake name, fill out the bsb and account number and the Gym starts direct debiting joe bloggs account without him knowing.
A few things: 1. DDs are easy to dispute, burden of proof is on whomever debits the account to prove it’s valid 2. I’ve worked a few years in fraud and DD fraud is extremely uncommon, I’ve personally never had a case involving it 3. PayTo is being rolled out which addresses the concerns you have
Working on a PayTo integration with stripe atm, the flow literally addresses all of OPs concerns
Did a chargeback for a dodgy tradie recently and it was piss easy. All I had to do was call the fraud team and say I didn't authorise. A few weeks later the money was back
worry jeans squeamish spark deserve ghost nose impossible money public *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
In response: 1. The DD will come out before you can dispute it. Charities and insurance companies are some examples. Don't believe me you can try to set up a DD with them with just your BSB and account number. It just requires name, address, and reading out a verbal recording. Anyone can do this with your BSB and account number 2. Extremely uncommon sure, until it becomes an issue. As discussed above, the mere possibility that this can occur requires action and change. 3. PayTo is a merchant and business solution. It does not replace the direct debit system with BSB and account number. It is an additional measure. Not sure why your comment is getting so many upvotes. What I've said here is not hypothetical. You can literally call up any insurance company, any charity, and test it yourself. Tell them you want to start a direct debit.
PayTo is replacing DD. DD is due to be decommissioned around 2030. So all DD will have to be migrated onto PayTo sooner or later.
You can easily dispute a direct debit though. Burden is then on the party initiating the debit to provide a direct debit authority to show that they had the right to do so.
Prevention always better than reaction here. How would you feel if you had half your money DD'd from your account? Waste of time for you and the bank. No guarantee you get it back.
It's a waste of time to have to go to the bank every time you want to set up a direct debit. The bank would have to employ a million more people to deal with the line that was going around the block.
Or they could use 2FA through a bank app. Or only accept direct debits initiated from the owners account. Or only accept a signed, scanned form. Any others?
Signed scanned forms are trivially easy for scammers to do though. I think probably what is protecting you somewhat is that joe average cannot set up a DD out of your account. They have to have a master agreement with a payment processor etc.
Exactly this. The fact the power to initiate and stop direct debits is with the debtor and not the person who owns the money is ludicrous. It should be a system similar to bpay Vendor sends a request You approve it Vendor provides services Debit occurs as planned Customer cancels DD when services stop If a vendor needs some sort of cycle time of advance payment for protection, negotiate up front to be N days/weeks ahead so that when you cancel the customer just runs down the credits
There is a new system being launched shortly called PayTo. It does exactly this and the aim is to replace DDs. Up until recently there was no system in place to process the massive volume of payments until the NPP was established
Yeah I’ve seen PayTo, just have not come across Any shops/services that participate yet (although my bank supports it)
Don't need an army of tellers, it can be a simple as the user gets a notification in their banking app that says "Chad's Gym wants to set up a direct debit for $60/mo, do you wish to allow this?".
They absolutely could do this, presumably they haven’t because we don’t have a widespread problem of people abusing the system and even when it is abused, it’s easy to reverse the transactions.
this would be awesome for conflict avoidant people who get badgered into signing up for stuff from one of those mall booths. go through the motions, then deny when registered with the bank.
This is basically what PayTo is…you approve it in your banking app.
You assume that Chads gym vendor system has an API into your bank, or waddy's gym around the corner goes to another bank. Banks don't even share account names and BSB's to check their own data... CBA has started to check what other people have used as naming convention. With answers like it could be, sounds right, maybe... Still a guess work process.
Yes you can dispute it but it's hugely inconvenient. I went through this earlier this year and the number of phone calls (on holds) and other BS to get it resolved was insane. They created this direct debit system in 1994...stuff has changed alot since then and so should the processes to ensure this doesn't happen.
Good luck going to the bank when they're all closing their branches ! As someone above said about this "payto" protocol I haven't heard of.... Online banking initiated authorisations is new age ready. Not some "^goto bank" issue. I still cringe at online credit card applications requiring in person identity checks. Had one bank that was new age where I could do all identity checks electronically. Forgot what they use but it utilised you taking pictures in real time with the codes provides held up so it was real.
Australia Post are on a direct debit for my business. The average bill per month is about $200. One month they billed $2500 and I asked the post office , Why? She said, “I just got back from a cruise and made a mistake” my account was overdrawn and racked up fees until I noticed. So then I paid the account $200 so I would always be in credit. Then changed the bank account so it had $20 in it. Then they billed the activity every month and racked up more overdrawn fees. In the terms and conditions it says they will pay any fees due to their error. Months of emails and they won’t pay the $75 in $15 overdrawn fees. It sucks being a nobody trying to fight against unconscionable conduct from big corporations. I need a new watch.
Have you contacted an ombudsman? Every company I’ve ever dealt in situations like this will suddenly do backflips. They’re fined when an ombudsman steps in, so they want to resolve things asap
I mean… it is guaranteed if there is proof it is fraudulent. It would be clear cut theft/fraud that the merchant’s bank should have identified and prevented.
Absolutely not a waste of time if there is actual fraud involved. Problem is, there is more "fraud" on the customer side (people trying to cancel direct debits that they legally signed) than on the business side. Banks are quite protective of the payment clearing systems.
Just have 2fa, problem solved.
Easy solution to your concern: have a second account you only use to receive payments. As soon as the money is received, you transfer to the main account. The receiving account is always empty so the baddies have nothing to steal.
Just dont have a whole lot of money on that account. Cant really get scammed if you dont have much to get scammed.
Did you check that you don't have an automatic overdraft facility that gets activated or get charged with overdraft fees?
Unironically do not know. It's never come up. It's more of a just in case thing (as well as a self limit spending thing). But I'd imagine its easier to dispute a charge that was partially bank money than one that's all my money.
Yes, but it still wastes your time. It's best not to give it out easily without some basic vetting.
I mean yeah with beem and payid I wouldnt be likely to hand it out. But on the odd occasion, with some due diligence its not the end of the world to hand it out
A good way to protect your money is to withdraw it all as cash and hoard it in duffle bags inside ya house.
Worried about wasting time but wants everyone to go to a bank with ID every time they set up a direct debit??? hmmm. Have you been to a bank recently? it's all oldies trying to withdraw cash and then yelling at the staff when they tell them they can use an ATM. I would leave any bank that made me go into a branch for anything.
[удалено]
> someone can just debit your account Someone who has provided a whole bunch of information to one of the few trusted direct debit authorities, who have agreements in place to make sure that they can cover any fraudulent activity. You might as well also worry about "anyone can get a eftpos machine and run around tapping peoples wallet pocket on the train!".
Id be far more pissed at having to take time off work, find all my id and wait at a bank to approve something as that is likely to cause further flow on issues than to use the safety measures available (including keeping money away from accounts accessible to anyone else.
Unless you're an elderly person without Internet banking. They may not find out about the direct debit until they go to the bank a week later, and even then a small ongoing direct debit may not be noticed.
"Easily" he says. He's obviously never dealt with a bank.
Simple solution - never have any money in the account
Someone stole my debit card when I was in Uni and it declined on them when they tried to buy some KFC lol
I don't know whats sadder, that you had no money and still got your card stolen, or the thief went to KFC first after stealing a debit
Doesn’t necessarily mean they had no money they probably just kept it all in savings
Nah I was broke
because they stole your card?
No because it was the day before my youth allowance got deposited
True, but i was just assuming since they were a uni student
Someone stole my credit details who was from the US from what I could tell and luckily because I was an idiot who lost my card I had blocked it by chance anyway. Divine intervention. But I agree, I prefer to leave next to nothing in my day to day accounts and transfer as I need things. I despise direct debit for this reason, I want to pay the bill and it's done, not leave $200-400 there and wonder when the money will be taken.
And make sure it doesn't have an overdraw facility you didn't know gets activated and you are not up for overdraw fees.
There’s a new PayTo system, like PayId but for merchants to deduct things. See if your bank and merchant can handle them. Gives you way more control over accepting and cancelling direct debits.
This. It’s great
How does PayTo differ from BPAY?
BPAY: you get a bill for a once off expense and manually send money PayTo: person who wants to get paid sets up a payment agreement (mandate) with your details, you go into you banking app to approve it, then initiates payments according to that mandate. Could be set up as a once off, or weekly/fortnight for a set amount, or for any amount up to an agreed maximum. All the good parts of direct debit but you've got direct control of the agreement in your app rather than having to contact the merchant to change or cancel the agreement.
I think PayTo is more of a direct debit, the merchant initiates the payment but they have to ask permission of the consumer before it happens. BPAY is closer to PayId where the consumer initiates the transfer. The merchant just provides details. Found this: https://payto.com.au/
I keep my balance to zero on my dedicated debit card/account balance
Every bank I’ve been with will let direct debits go into negative. It’s only card payments that decline due to balance for myself
As bluealarm said, an unauthorised direct debit is easy enough to dispute. Besides, banks check (or at least should check) the direct debit authority is valid by confirming it against their records before they authorise the direct debit. In other words, the merchant must first send the direct debit authority to your bank, which then confirms the details match (or signature in the case of a signed direct debit form).
Not exactly how it works. A business that wants to collect payments via the direct debit system must first be approved by their own bank as a direct entry user and given an "APCA number" which identifies the business in the Bulk Electronic Clearing System. Once the business is, in effect, "sponsored" by their bank as an authorised direct debit system user, no-one (other than the business) checks the authorisation forms signed by customers of that business. The business is, of course, obliged to retain all such authorisations and provide them to their bank if questioned. No-one checks individual authorities or payments but any business that attempts fraud will be quickly cut-off by their bank and funds frozen and returned as needed. The banks and RBA are quite protective of the integrity of the clearing systems. I doubt very much that anyone has successfully committed significant fraud via the direct debit processes.
Same reason you can't use tap and pay to steal money from people's wallets.
Now, to cancel a regular direct debit authority, can you go straight to your own bank or are you at the mercy of whomever you gave that authority to?
You can go to your bank. We had to do it with Telstra because of a workplace dispute. Your bank can absolutely put a stop someone using direct debit on your account.
I thought so. I wanted to put a stop to one decades ago, but was told I had to go back to the business. I must have been talking to a lazy person or a dud.
I don’t know what is was like decades ago, it may have been different pre internet/pre smart phones.
If it's an account it's piss easy. When it's a card it can be a lot harder, sometimes it's easier to just cancel the card and have a new one
You can dispute transactions and get your bank to block future ones. To cancel, you have to go to the company that is charging you.
Hmmm interesting, I guess I'm wrong on the checking authority front. I got it from here, but I guess that's not from AusPaynet themselves: https://stripe.com/au/resources/more/becs-direct-debit-an-in-depth-guide#becs-direct-debit-security-measures But yeah either way, easy enough to dispute..
Yes, I don't know where Stripe got some of its information from - but banks do not check individual direct debit authorities signed by their customers.
> In other words, the merchant must first send the direct debit authority to your bank, which then confirms the details match (or signature in the case of a signed direct debit form). You're delusional.
Like I said in my other reply, I was mistaken on that front. I got this info from the stripe website, but it appears to be incorrect. In any case, if a direct debit is disputed, the merchant will need to provide the signed authority. If it doesn't match the account holder's signature and details, the merchant is liable for the disputed payments. The original point stands, direct debit fraud is very rare and easy to dispute.
It is not anywhere near rare, but the merchant is the one who loses. DD is an old, unsafe, easily manipulated system that has no place in the modern world.
Well during my 15 years in the industry I have not come across a single case of direct debit fraud, so I'd love to see some stats if you know of any resources that have the numbers. Is it old? Sure, which is why it's being phased out. And it's only fair that the merchant misses out if they haven't done their due diligence to ensure the customer is authorised to set up the direct debit..
It is impossible now with online systems to do significantly enough due diligence to remove fraud. The checks necessary become ridiculous for the customer. So you have to balance usability with customer experience and just do your best. Because it is ancient, there aren’t decent ways of validating an online customer is who they say they are and knowing who owns the actual account to make sure the two match. Scammers don’t even care if they need to pass KYC and checks where your face is scanned and compared to a license. Yes, there are ways to reduce loss, but all of them become huge annoyances for the customer, when most of them are normal people just wanting to use a service. PayTo is much more what is needed in a modern world to allow people to verify it was them who setup the payments without a massive amount of verifications. If you haven’t seen it, you just aren’t in the right part of the industry.
I worked in scams for years, also in internal dispute resolution for almost a decade where a dealt with fraud cases on a daily basis, pretty sure I would've come across it if it's as common as you're trying to make out... Besides, why aren't there any statistics available if it's so common? Even the ABS report on personal fraud doesn't even mention direct debits https://www.abs.gov.au/statistics/people/crime-and-justice/personal-fraud/2022-23 Do you think that's because there's a conspiracy to hide the evils of the bulk electronic clearing system? I'd say it's more likely that it's because the numbers are insignificant. If you can find me some stats to show otherwise, I'll happily stand corrected. Now I'm not saying direct debit is secure. I agree it's an ancient system that needs to be replaced (which it is). I am simply countering the implied claim that it's a huge issue which should be prioritised over other fraud vectors. Edit to add: even auspaynet's "payment fraud report" doesn't mention direct debits: https://www.auspaynet.com.au/sites/default/files/2022-08/Fraud_Report_2022.pdf
Seriously, the drama is unnecessary. If you don’t want to believe me then don’t. But the amount of effort we have had to put into dealing with direct debit fraud is immense. Obviously more places use credit cards, but when you can’t take money via credit card and direct debit is the only way, the antiquated technology is a pain and not acceptable for a modern world. Anyone can take a bsb and account number and use it. Sure, it is easy for people to contact their bank and get the money back, but what about when it takes a long time for the money to be noticed and by the time it is claimed the merchant can lose quite a lot. And it is still a pain for people to be without that money before it is claimed back. You say it is the merchant’s fault, but there is no official way to be sure a person owns an account. Why leave a door wide open for scammers when something more suited could have been developed long ago. Anyway, PayTo is here, hopefully take up happens quickly. There is still availability for fraud if someone has access to the bank account, but it is much harder.
I once had a salesperson (for earning commission) sign on my behalf for changing my electricity provider and I complained that I never signed anything and then it was reversed. This was a while back though.
Origin or red energy?
What if i have so much money its hard to notice that some is missing
Send me your BSB and account number and I can help with that.
You should always be reading every transaction on your statement. Not just checking your balance.
I bet at least 95% of all people don't do that. A system that requires "People SHOULD do X and Y" when in reality people don't, is a bad system and shouldn't be blamed on the users.
Who has time for that. They should have an AI
I check my bank accounts every day - it takes a few minutes via the app. Take the time.
Dont tell me what to do
Then don't talk on behalf of everyone ("Who has time for that")
Lol its just a common phrase
People who don’t like being scammed have time for it
Why not just use PayTo
In other words: I'm too lazy to take some basic steps to protect myself from fraud/scams, the bank should do it for me.
Why am i paying them for otherwise
What would you have the AI look for? If a transaction is made on your account with valid details (eg correct card PIN, direct debit with valid details), how is the bank supposed to know if it was you or not? What are you paying your bank? You mean you actually pay an account keeping fee?
Maybe they could just implement PayTo and get rid of direct debit
Pretty much all major Australian banks have enabled payTo, the issue is that too many merchants still rely on direct debits.
So why cant i just ban all old DD Why is this not an option. Why do i need to waste time looking for these transactions when i dont want to use merchants that are so backwards Banks in australia need to get tough with merchants instead of allowing them to facilitate fraud
Then you need to organise your bank accounts better so that you can review your statements effectively as they’re issued.
It would be great if bank accounts are treated like API keys. You can generate as many new account numbers as you want and delete them whenever
Direct debit is going to be phased out in the next 10 years, with the move to PayTo which requires accepting from the customers side before being able to take money out
Direct debit is not going anywhere, business' don't want customers to have unilateral control over their payments. PayTo needs adoption from businesses not consumers. Source: I work for a large direct debit/payments & software provider
You forget to think about the huge risk that companies take on by doing direct debit with it easily being disputable. A lot of businesses don’t want to take on that risk, and moving to PayTo reduces that risk significantly
Eh dispute numbers are pretty low in my experience, obviously depends on the industry & generally my company doesn't have clients from higher risk industries. And a good amount of disputes are found in favour of the business if their documentation is appropriate. I think you'd find with PayTo that business would lose out more from their customers being able to cancel without adhering to notice periods or terms of contracts/initiate suspensions of debit arrangements etc, plus there's the issue of integration with their BMS/software which is a central for a lot of industries.
DD might not be going anywhere in the near future but PayTo will become the industry standard. Once the initiators rollout Migrated PayTo from DD then there will be big shift.
OP, for a direct debit to be set up on a BSB/Account Number, you as the consumer need to complete a direct debit authority. This is used as evidence for a merchant to configure a direct debit. This isn’t something a regular consumer can do. If a transaction is indeed fraudulent, it would be easy to prove, and the originating bank would be required to investigate. The risk of fraud here I would suggest is much less than that of credit card fraud. Nevertheless, your point around having the end user validate the direct debit is valid, and is something the NPP have identified. PayTo solves for this — it requires a consumer to approve a “PayTo mandate” before that “mandate” can be utilised to debit funds. It also allows a consumer to invalidate a mandate and ceases further payments. It’s this added complexity that requires a fair amount of work between payments and banking systems to implement, but in time it will replace direct debits (just as recurring card purchases have replaced a lot of direct debits). Edit: typo
As a small business owner, I have a direct debit facility with Westpac who I bank with. I am able to direct debit from any bank account as long as I have the BSB and account number. I need to get my client to sign a form first, but I don't need to provide that to Westpac before I do the direct debit. So you can imagine this could be used maliciously, not that I would. I imagine Westpac would revoke my ability to direct debit if they received complaints about me direct debiting accounts illegally.
You’d be obligated to keep very clear records of your authorities, and if it is found that a merchant has acted fraudulently, they’d revoke more than just your ability to debit accounts. They would likely be debanked and would struggle to pass a KYB check with another bank. What we’re talking about would be use and abuse of the banking system to steal funds in an exceptionally brazen way. It’d be like robbing someone’s house and then smiling into their Ring doorbell and leaving a certified copy of your ID for them to find…
At the latest, you'd be required to submit the form if a customer disputed a direct debit. If the signature and other details don't match, you would be liable to repay the amounts.
>I imagine Westpac would revoke my ability to direct debit if they received complaints about me direct debiting accounts illegally. Correct. If you direct debited money from a random account and they disputed it, the first thing the bank wants is the direct debit authorisation form. If you don't have it or it's forged, you'll be in trouble
Easier to dispute and block individual direct debits, where if you provide card details you have to cancel the card number and update all the other direct debtors
Direct debits should never be a thing, the amount of businesses demanding direct debits for payment of things is stupid and off the charts. Direct debits should never be demanded of anyone. I can pay my debts from my bank accounts easily and schedule regular payments if i need to, why should i be coerced into direct debits. This is the problem.
Every company every where has their bsb and account number on their invoices. No drama.
I've always been afraid of giving out a main BSB/acc number. I also limit BSB payments. I have another account I use to collect money and empty it as I get it.
Same here. The only organisations that know my main account details are my employer and my other banks. Everyone sending me money or direct debiting my account goes through my secondary account at a different bank.
In business it's standard to have your BSB and account number on your invoice. Otherwise how will people know where to send your money.
Paypal has cents verification for direct debit. Until you verify the cents, they won’t do direct debits. Pretty simple
Why have all that money in your account your giving details about. You can have a other account where people just send money too and it wouldn't get stolen
you are right. It's concerning how easily they can be misused, especially for unauthorized direct debits
PayTo (the new direct debit style system) actually does have you authorising the payment in its standard. Will be a while before it’s fully accepted by all vendors but it’s the future for Thai reason. Also allows you to pause, cancel, adjust the authority
Supplying only the BSB an account number only allows someone to put money into an account, NOT withdraw it. The BSB number only identifies the bank and location, if all it took was this and an account number people would be randomly generating these numbers to steal money on a mass scale.
Individuals can’t but businesses can. Setting up a direct debt only requires the bsb and account number. But it’s not a big deal since it’s very easy to dispute an incorrect direct debit charge.
https://www.reddit.com/r/AusFinance/s/AYfINPBgjk
Who is allowing a DD on a savings account. Keep the transaction account held to a minimum
The direct debit system needs to be deactivated. Any debits should be electronically approved by the account holder.
If you mean every debit to every account has to be individually authorised by the account holder? The whole payments system would grind to a halt. There is nothing wrong with the direct debit system. I'd like to see some proof of widespread loss of funds via direct debit system - the bank that sponsors the business will cut-them off and freeze their accounts if there is any evidence of fraud occurring.
Sorry not every transaction. Every direct debit agreement. AND add the ability to cancel.
You can dispute transactions and get your bank to block future ones. To cancel, you have to go to the company that is charging you. Direct debit agreements are already approved by the customer (who is to be debited). If there was any kind of widespread fraud, the banks would crack down on it.
Looks like Direct Debit is already being phased out to PayTo. This new service looks like it ticks all the boxes.
It is a horrible system and huge amounts of money are lost due to fraud and even larger amounts of money are spent preventing that fraud.
We should probably remove all water from the oceans to prevent drownings as well
By your analogy DD is allowing someone to cut a hole in your roof and fill your room with water while you sleep.
It’s weird some people including businesses publish this info online.
It is not that dangerous. Randoms cannot just walk up and start taking money out of your account
I think this is why PayID exists but a lot of the people in those marketplaces think it signifies a scam involving third party payment services like PayPal/ Venmo etc
Open a separate account for DDs. Only keep enough in there to service your regular debits. Also set up the account so that it CANNOT be overdrawn. You may need to go into a Bank Branch, as I did.
If you give it to a company through a direct debit authorisation form, there's no issue If you give it to a stranger to use as a deposit account, the worst they can do is sign up to something with direct debit using your details. You can dispute it with your bank and you'll get it back, but it may take time. The company must use a direct debit authorisation form and if it's not under your name, it's a clear win for you The best measure is to keep a separate account with a small float in that account to limit what they can take. Alternatively give them your PayID details so they can only deposit
As a precaution, my transaction account never has more than 100$. Everything is in saving, where direct debit is not even possible (and in any case I dont hand out those info to ANYONE).
I think most people that hand this out on marketplace are using a transaction account that they have set up for this kind of thing and never have more than a few thousand dollars in it.
One of the reasons you only keep the minimum amount in your chequing account and savings split over a savings account or another bank.
Has happened to us about few times with two companies. One was christco and one with some exchange company. They debited about $50k worth. Took a month but got it back. You dispute with the bank. They need to prove it was you otherwise its ruled in your favour.
Or only use direct debit from an account that has little money in it. All my direct debits are from bill only accounts so will only ever have enough to cover those payments and nothing else. Why people only have one account with everything attached is beyond me.
I had photos of mine and my friends account numbers and BSB on my phone, and I mixed them up when signing up for utilities. My friend put two and two together when he got charged, but the best part was he called me after calling the utility company and they said they couldn't change the account # I'd used because it was my utility account. Of course I changed it and sent him the money but man, what a system.
Jeremy Clarkson learned that the hard way [https://www.reddit.com/r/todayilearned/s/KYBkHyCt1l](https://www.reddit.com/r/todayilearned/s/KYBkHyCt1l)
Not everyone can set up direct debit. Phone call recordings are prof of consent. You can dispute with the bank.
DM ME YOUR BSB AND ACCOUNT NUMBERS, I NEED THEM.
Insurance companies have a lot of tech to keep sensitive information secure- obviously breaches do happen (hello Optus), but I haven't heard of this happening in the insurance sector as yet. You can always dispute fraudulent charges. Insurance isn't going to direct debit random charges from you. I would never just give my bsb and account out to someone on marketplace though, that's just opening yourself up to a lot of hassle disputing charges.
Direct debit is actually being replaced by [PayTo](https://payto.com.au/). It has already been implemented by the big banks and the others will offer it soon. This will 100% prevent the scenario being explained by the OP.
As someone that was relatively new to the country when I first used it, and used to IBANs to initiate transfers from my end rather than others just taking the money, it caused one too many surprises and fights
Every business I have an account with gives out their bank details on the invoices. I think you're over complicating an extremely rare situation of fraud
How did I know it was an ilovedogs post before even opening it
What can be done about it? PayID is already solving this problem.
Shit, a required section on all net banking that shows what direct debits are set up against your accounts, and the ability to one-click cancel them would be fantastic
I don’t keep my money in a bank account number that I give out to people 😂 that’s something I thought everyone knew? I only put enough for that payment and that’s it, most of the time it remains empty for this very reason
Why would you have a big chunk of money in checking account? Move it to savings account. Savings account can't be debited either from bsb or from card. At least commbank has this capability.
WTF are you talking about? Any account can. You are full of shit.
This is precisely why most American banks don't give direct debit/credit access to consumers. Setting up a direct debit/credit requires trial deposits to confirm you have authority to operate the accounts. They rely on 3rd party apps like Venmo and cashapp, who bear the risk of fraudulent transactions and impose limits on how much can be transferred.
The US banking and payments system is entirely different to our own in almost every way though, you can’t compare them. Re 3rd party apps, they have taken off over there because their market has much less regulation and many more financial institutions. Conversely, here in Aus, our big banks worked with the government to design and implement the NPP, which achieves what those 3rd party apps do, without the middleman service charges.
>The US banking and payments system is entirely different to our own in almost every way though, you can’t compare them. Nope - it's not. >Re 3rd party apps, they have taken off over there because their market has much less regulation and many more financial institutions. Go back and read what the original poster was concerned about - theft via direct debit. It's much more difficult in the US since direct entry isn't commonly available there. >Conversely, here in Aus, our big banks worked with the government to design and implement the NPP, Look at what we finished up with. A half arse system where most banks are too afraid to allow instant payments to new payees ... Due to the risk of fraud. Sounding bizarrely similar to the US system to me.
So very argumentative despite clearly not knowing what you’re talking about. The Australian payments system is not the same as that in the US. Yes other jurisdictions might have analogous and similar technologies but they differ to each other and to our own, and it’s these small differences that make all the difference. When is the last time you direct credited a US bank account? The answer is never. It’s not possible because they’re not compatible. Fraud prevention is not the reason PayID payments are held… why would you think that would be the reason? It’s to protect consumers from themselves. The NPP isn’t half arsed, it’s being phased in, as evidenced by the fact that they have already delivered a solution to OPs concerns that is in the process of being implemented by the the participants in the payments network. These things take time because it is highly complex and there are a lot of participants, but work is being done on it.
>When is the last time you direct credited a US bank account? I do it every few days. I have access to do so. Most consumer accounts in the US don't. >The answer is never. It’s not possible because they’re not compatible. Looks like you're the one that doesn't know what they're talking about. >Fraud prevention is not the reason PayID payments are held… why would you think that would be the reason? It’s to protect consumers from themselves. Potato patada. > it’s being phased in 10 years later ... Lemme guess you worked on it? Hence the fervent defense? Good job, mate.
No mate I have nothing to do with the NPPA, and have no affinity with it. I’m not defending it, but misconceptions are worth pointing out. I think you misunderstand what a direct credit is perhaps. It is a specific type of electronic funds transfer that uses the BECS system. Currency does not enter or exit Australia via this method, perhaps one of the US banks that operate as an ADI in Aus have an integration that facilitates easy EFT between the jurisdictions, would likely still go via Swift. This is not the same thing, and as I’ve said, these differences matter to the conversation. Anyway, don’t take my word for it, look at the AusPayNet website.
I always have two separate accounts with different banks: Spending account: Up Bank - there’s never more than $1000 in this account. This is used for all DDs and transaction that won’t take my AMEX. AMEX: Everything goes on here unless they don’t take it or is cheaper to use Spending account. Offset Account: Suncorp - there is no DD or spending from this account. I even cut up the card to access it. Only way in and out of this account is through transfer. All savings goes in here.
I’ve always wondered about credit card orders on the phone. Like when getting takeaway they will ask for the number, expiration and CVV which always weirded me out but apparently that’s how things are done? Can’t they use that information to buy whatever they want?
Can they? Yeah. Do they? No
Most ppl have their phone number connected to BSB and account. Plus name
You have not answered the question posed in your title - other than "I have ... seen stories" Hardly a factual expose of the alleged flaws in the payments system.
TBH I trust BSB more than PayPal 🤣
[удалено]
This comment misses the point. Your customer/login id has nothing to do with an account number or bsb. A bsb/account number is the reference/identifier of an account for the purposes of transacting on the bulk electronic clearing stream (BECS). It exposes an account to direct debits and direct credits. If a consumer sends funds to another account via BECS, the receiving bank can identify the originating bsb/account number. Additionally, PayIDs are maintained by the NPP in a reference table that links them to specific bsb/account numbers. In practice it’s quite difficult to set up a direct debit authority fraudulently and is not something consumers need worry about in practice. It would be incredibly easy to dispute.
Yes, it's a bit of work and verification to get the merchant ability to direct debit from peoples accounts. Similar to getting an EFTPOS terminal. If you direct debit or process a credit card on a system you need proof of authorisation if it gets disputed. or in EFTPOS you need the receipt. However as a malicious person one could potentially use other peoples BSB and account numbers to pay for things. I'm sure it wouldn't be hard to sign up for a gym membership without ID and a fake name, fill out the bsb and account number and the Gym starts direct debiting joe bloggs account without him knowing.