This post has been de-listed (Author was flagged for spam)
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
We've all been told, "don't give out your account number and routing number, or else ANYONE can wipe out the account (ACH debit the account)".
When I started working in a bank, I saw it happen to my clients with my own eyes. Random ACH debits coming out of strange places with weird names that pilfer the account for all it has, days, months, or sometimes YEARS after a member gave out their account details to a bad actor.
I joined the leagues of people who caution against giving out account numbers after seeing dozens of cases of ACH fraud and seeing accounts being riddled with fraudulent ACH debits
Yet, I keep seeing comments claiming that the ability to ACH debit an account is severely restricted, and that "only trusted institutions" can initiate ACH debits. Therefore, if some sort of scammer or thief got a hold of your checks and found your account number/routing number, they still shouldn't be able to ACH debit the account- but yet, these ACH takeovers/account wipes keep happening, and the bad actors can get around an ACH stop pay by changing one letter of their inputted ACH debit name. Clearly, these aren't all "trusted institutions" at play.
Therefore, my question is, can someone break down the anatomy of a fraudulent ACH debit? From the moment that a bad actor online gets a hold of an account number and a routing number, how does that translate into the account getting taken over/compromised and drained via fraudulent ACH debits?
Thanks for your help
Subreddit
Post Details
- Posted
- 1 year ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/Banking/com...