New ask Hacker News story: Ask HN: Why hasn't the ACH system been more abused?

Ask HN: Why hasn't the ACH system been more abused?
27 by gernb | 48 comments on Hacker News.
IIUC, the ACH system https://ift.tt/Lh8H1Qy Is utterly insecure. Anyone with your routing number and account number, 2 numbers printed on every check, can ask your bank for all of your money and the bank will not confirm anything with you. My first experience with this was Apple's credit card that can only be paid via ACH and I was shocked when I typed in my info into the apple wallet app and then it took my money without the bank confirming anything with me. Why hasn't this been more of a problem? Are their mitigations? These numbers can be stolen from data breaches even easier than passwords as they won't be salted and hashed, they'll be the actual numbers right? The entire payment regime in the USA seems to be switching over to ACH. Should I be worried?

Comments