i'm a Luddite and pay many of my bills with a check in the mail still.

one thing has always bothered me:

seems all one needs to sign up for auto billpay or other electronic retractions from a bank account is a routing number, account number and full name.

all of these things appear on a standard check that we generally provide to complete strangers to pay for things....

why is there not more fraud associated with what seems like a wide open security loophole?

am i missing something ?

there, that is my stupid question for friday.

And to think our Social Security number use to be on our drivers license. [emoji15]


You make an excellent point.


Sent from my iPhone using Tapatalk

the routing number and the account number act like signage directing you to or from the city you want to travel to. but to get on the road, you still need access to that highway system. and that access is what stands in the way of fraud.

in the beginning, yes, everyone paid in person or mailed a check via stamped usps envelope. then each vendor asked you to set up an individual account with them to pay bills. now, each bank had the ability to do bill pay to any number of vendors and individuals that you set up. so all you do is log in to your online bank (phone or computer) and pay away.

the best thing about taking the time to do this? no more stamps. no more checks.

to set up the pay to account you will probably need the zip code and phone for each payee. so just do that one by one as you get bills to pay, not all at once. since more and more vendors are now part of a central list, there is probably less need to type in a lot of details - exceptions would be individual service providers like a local dentist.

are you at least depositing your checks using your phone? not at an ATM?

I don't really like the idea of giving my banking information out to companies. If for no other reason than, if they get hacked or make an erroneous withdrawal, it could negatively impact me.

There is a bank called Simple, that offers very low fee, no frills accounts, that some people use as an intermediary between their main checking account, and the account given to your electric company, cable provider, etc. Prevents them from taking more than what is in the account (ie. not allowed to overdraft).

If I had more time on my hands, I'd probably set up such a system.

why is there not more fraud associated with what seems like a wide open security loophole?

am i missing something ?


Yes you are missing the multi-factor authentication that verifies the banking info and that the requester is the owner of the account. There are many ways that a bank can verify a requester is an account owner. Each bank likely does it slightly differently but, to be sure, it's happening.

Banks are highly regulated and there is a HUGE emphasis on security that they have thought through every fraud scenario we can all think of, and then 1000 more, and have coded for it. It is in their fiduciary interest to verify the requester is the owner, so they go to great pains to do just that. Often the backend systems are sophisticated enough to handle all this in the back end with little to no input from the customer.

i'm a Luddite and pay many of my bills with a check in the mail still.

one thing has always bothered me:

seems all one needs to sign up for auto billpay or other electronic retractions from a bank account is a routing number, account number and full name.

all of these things appear on a standard check that we generally provide to complete strangers to pay for things....

why is there not more fraud associated with what seems like a wide open security loophole?

am i missing something ?

there, that is my stupid question for friday.


Banks protect you in the case of fraud. And, much like Amazon tracking everything you do, so do banks and credit card companies to make sure the transactions are legitimate (it's all algorithms these days). You can send electronic payments from your bank rather than pull them from your payees if that makes you more comfortable. That is what I do and it takes so much less time to log into my bank and pay several bills electronically rather than log into each payee and make the payments. I probably moved to e-paying my bills much later than most but I will never go back to dealing with paper checks again.


And, even with all the news about cyber-attacks/hacks, you are more likely to have your identity stolen these days via sending checks in the mail than you are by sending encrypted e-payments.

(so says the person with a CISSP (https://www.isc2.org/Certifications/CISSP) and CISM (http://www.isaca.org/certification/cism-certified-information-security-manager/pages/default.aspx))

Doesn't your bank offer a bill pay system ? My credit union has one that I use for almost all my bills. I just keep a list of payee's then I'm able to enter the amount to be paid and the date the electronic funds are to be sent. A decade ago there were one or two companies that were small and not set up to have electronic payments but thats not an issue these days.
I still write maybe two checks a month for very small businesses.

why is there not more fraud associated with what seems like a wide open security loophole?

There certainly is fraud with checking accounts but using a personal check is a slower process than using a credit card and personal checks (US based) aren't routinely used for payments for goods in foreign countries. Checks also typically require a signature on both the payee and receiver end where the card doesn't and a check typically needs to be deposited somewhere before one can use the funds. Gift card fraud is a biggie these days...steal your credit card info to purchase a gift card to purchase electronics. Extremely hard to trace once the gift card has been used.

I don't really like the idea of giving my banking information out to companies. If for no other reason than, if they get hacked or make an erroneous withdrawal, it could negatively impact me.

There is a bank called Simple, that offers very low fee, no frills accounts, that some people use as an intermediary between their main checking account, and the account given to your electric company, cable provider, etc. Prevents them from taking more than what is in the account (ie. not allowed to overdraft).

If I had more time on my hands, I'd probably set up such a system.

Smart idea. Should also link your paypal account to such an account as well and make it a practice to move money out of such an account once the balance reaches a certain level. Should prevent paypal for seizing funds in case of dispute...no funds to seize :)

Someone once told me to setup all payments with a Credit card. That way, if fraud happens, the bad guys take the Credit Card's money and not your money like they would through a Check or Debit Card.

Credit Card companies will surely take care of their own money and try to get it back faster than it would take your bank to hunt down your missing $ from a debit account.

I don't allow many companies to TAKE money automatically from our checking account. Electric and water is all I can think of. Visa bill every month we pay from our checking via electronic funds transfer. Everyone else....I pay via a bill pay service at our bank. Can't remember the last time I put a stamp on an envelop with a check in it. I think this is way safer than having checks work their way thru snail mail.

Move all monies back and forth from our investment accounts with electronic funds transfer. Same with Paypal. Even send my kids money with bill pay.

And I'm 77 years old......and my kids accuse me of being behind on this stuff. Can't believe you young whipper snappers are still mailing checks. LOL

When you provide a company with your banking info to auto-debit your account, you are counting on that company to keep the info safe. There seems to be not a good track record of companies doing this....

There actually is lots of fraud associated with this, but in most cases consumer protection laws require banks to reimburse consumers for unauthorized transactions on their account. You see a transaction you did not authorize, your bank has you sign an affidavit of forgery or fraud, and you get your money back. The bank takes a hit, and eventually cost of the fraud is passed onto the bank customers. Cost of doing business.....

Better to sign up for the bill pay service via your bank. A lot of your larger billers are able to submit their customer bills electronically to this network and have them routed to your bank. You can then pay them without providing your banking info to the biller.

Or, have the biller debit your credit card...consumer protection helps here as well. You will just have to get a new credit card every year or so. I have a card I use just for online and auto-pay transactions.

Someone once told me to setup all payments with a Credit card. That way, if fraud happens, the bad guys take the Credit Card's money and not your money like they would through a Check or Debit Card.

Credit Card companies will surely take care of their own money and try to get it back faster than it would take your bank to hunt down your missing $ from a debit account.


not true (see below)


When you provide a company with your banking info to auto-debit your account, you are counting on that company to keep the info safe. There seems to be not a good track record of companies doing this....

There actually is lots of fraud associated with this, but in most cases consumer protection laws require banks to reimburse consumers for unauthorized transactions on their account. You see a transaction you did not authorize, your bank has you sign an affidavit of forgery or fraud, and you get your money back. The bank takes a hit, and eventually cost of the fraud is passed onto the bank customers. Cost of doing business.....

Better to sign up for the bill pay service via your bank. A lot of your larger billers are able to submit their customer bills electronically to this network and have them routed to your bank. You can then pay them without providing your banking info to the biller.

Or, have the biller debit your credit card...consumer protection helps here as well. You will just have to get a new credit card every year or so. I have a card I use just for online and auto-pay transactions.

True - in the end, we all cover the cost of fraud one way or another.

As many others have said, use your Bank or credit union bill payer app. It is so much easier and quicker than a check and you still control when payment is made. You are also not providing 3rd party companies with your information.

As easy as this is, I am getting lazy and slowly allowing more monthly bills to be auto-drafted from our checking account. Mainly utilities that don't vary from month to month.

I auto-pay just about everything. Recurring bills I set notice limits above the expected amounts. A general notice limit sends me a text message whenever there is a draft or deposit above my daily fray. About the only thing I really hit send on manually is the CC bill.

With direct deposit and auto contributions to all investments, auto rebalancing etc., my menial financial life is practically on autopilot. I hate doing that stuff, so it’s a godsend for me.


Sent from my iPhone using Tapatalk

Personal check fraud is so easy, I'm surprised banks still allow them. I've personally been victim of check fraud when someone printed up phony checks with my name and address on them (not my account and the account was either phoney or belonged to someone else). I got calls and correspondence from collection agencies like Chex Systems.

Personal check fraud is so easy, I'm surprised banks still allow them. I've personally been victim of check fraud when someone printed up phony checks with my name and address on them (not my account and the account was either phoney or belonged to someone else). I got calls and correspondence from collection agencies like Chex Systems.
Banks "allow" checks because their customers want them....

Total number of checks issued volume in the US didn't start to decline until about as recently as 2003-2004...IIRC

I hate to break it to you, but all you're doing is adding another paper step to what is, for all intents and purposes, an electronic process today. If anythingz it exposes you to potentially a higher risk for fraud than doing it electronically.

The Check 21 Act of 2004 allowed banks settling checks to use electronic images in lieu of physically shipping checks around. So all that happens today is you mail your bill to a company, they're scanning the check, and using that image to reconcile from their bank and your bank. It's literally a waste of paper.

Just set stuff up through your online banking portal and pay that way. You don't have to auto bill, but you're just wasting your own postage and trips to the mailbox.

I hate to break it to you, but all you're doing is adding another paper step to what is, for all intents and purposes, an electronic process today. If anythingz it exposes you to potentially a higher risk for fraud than doing it electronically.

The Check 21 Act of 2004 allowed banks settling checks to use electronic images in lieu of physically shipping checks around. So all that happens today is you mail your bill to a company, they're scanning the check, and using that image to reconcile from their bank and your bank. It's literally a waste of paper.

Just set stuff up through your online banking portal and pay that way. You don't have to auto bill, but you're just wasting your own postage and trips to the mailbox.

I have noticed what you say. If I make a deposit at the bank with a check someone gives me....all they do is scan it.....just like I can do from my home.

I don't really like the idea of giving my banking information out to companies. If for no other reason than, if they get hacked or make an erroneous withdrawal, it could negatively impact me.



It's been standard practice here for years for a company to print their banking details on any invoice they send out to a customer. It's much easier for all parties to do an EFT rather than post a cheque. As someone else alluded to, having someone's bank details won't give them access to your account (and your bank covers you for fraud anyway) - you need their login code and password to do that.

I can't imagine why anyone would post a cheque to pay a bill anymore.

It's been standard practice here for years for a company to print their banking details on any invoice they send out to a customer. It's much easier for all parties to do an EFT rather than post a cheque. As someone else alluded to, having someone's bank details won't give them access to your account (and your bank covers you for fraud anyway) - you need their login code and password to do that.

I can't imagine why anyone would post a cheque to pay a bill anymore.
sort of....

The party committing fraud needs access to the electronic payments network - there are a couple Automated Clearing House (ACH) networks in the USA, but they all are governed by NACHA (National Automated Clearing House Association) who makes the rules.

Banks control this access and screen customers (commercial customers/businesses) before giving them access. I suppose if a company is big enough it can get it's own routing number, but I have never run across it.

Access is only as good as the bank's control and screening of their customers.

Good discussion folks, thanks.

I think i'm going to go through this month as some bills roll in and pay more electronically.

i do still deposit checks right at the counter with a teller by the way.

pro tip: this is where they keep the lolly pops. if you dont go see the teller, you dont get a piece of candy:)

Only thing that has autowithdrawal is my mortgage. All Bill's are paid online by "pushing" money to entity owned. Only thing I write cheques for are donations.

At work it drives us crazy that everything is done with cheques only. I literally spend one day a month reviewing invoices, approving invoices then reviewing the cheques to make sure they match the approvals.

...At work it drives us crazy that everything is done with cheques only. I literally spend one day a month reviewing invoices, approving invoices then reviewing the cheques to make sure they match the approvals.
Ah, decades of tradition untouched by progress! ;)

Have your purchasing managers include payment type in their negotiations with vendors....I spent a lot time the last 10+ yrs working with my clients to move payments from check to purchasing card or ACH....bigger the company (more checks) saw the most benefit. You should typically be able to move 10-20% of AP onto a card payment....

You still need to go thru the matching POs to invoices (and BoL) and such, but depending on your ERP you should be able automate the process.

Again, bigger company > benefit. Small company, probably more work than worth in short term.....

Only thing that has autowithdrawal is my mortgage.
same here. that is the one payment you never want to be late with.

everything else - whether monthly bills or paying a friend - gets done through bill pay and scheduled when I want it.