Slashdot Mirror
Online Billpay Provider Loses Control of Domains
An anonymous reader writes "Several sites are running a story about a domain hijacking at Checkfree, the largest provider of online bill payment services to numerous banks and credit unions. According to Network Solutions, someone logged in to the domain administration page using Checkfree's account, and redirected its domains to a site in the Ukraine configured to serve up malware to unsuspecting users." Things like this make me nervous about switching to otherwise-tempting online bill payment, but checks are dangerous, too.
...someone (apparently) didn't manage to socially engineer Network Solutions. That's happened at least a few times that I can recall...
CheckFree, what can I say? At least now my Nigerian account can be linked in and I will finally get my cut of the money that I fronted 1% for, to get it out of the country...
This issue is a bit more complicated than you think.
The OP says "Things like thismake me nervous about switching to otherwise-tempting online bill payment." Nothing here had to do with the site being for online bill paying. This could happen for any trusted website, even Slashdot.
Obviously, the only safe solution is to not pay... what, that has problems too?!?
Who needs DNS hijacking if domain registrar accounts can be hacked... maybe RSA keys and biometrics to access registrars ?
Posting anonymously so I don't get sued.
Things like this make me nervous about switching to otherwise-tempting online bill payment, but checks are dangerous, too.
I'm one of those holdouts who still use paper checks, envelopes, and stamps to pay my bills. Once a month or so I'll bring the stack into the office and take care of it during downtime, and folks look at me like I'm transmitting morse code over a telegraph. I do bank online, but I don't do online bill pay.
One reason I still cling to checks is that they allow me to be the final arbiter and gatekeeper of my money, and I have better fiscal responsibility when I'm directly involved in disbursement. Each time I physically write out a check, there's a bit of mental bookkeeping that takes place. You can't sit down and write "One thousand one hundred ninety-eight and 32/100" without pausing for a moment to think, holy shit, that's X% of my paycheck. If you elect not to use online bill pay, you have to actually look at your credit card statements each month, instead of just setting up a $200 monthly ACH and ignoring the current total.
I'm afraid that if I set everything up to be paid automatically, I'd very quickly wake up to discover that my checking account is overdrawn because I wasn't paying enough attention. Writing checks and licking envelopes is my way of keeping tabs on what's going out the door each month. The potential security benefits don't hurt, as anyone screwing around with mailed bills faces the wrath of the United States Postal Inspection Service. Unlike most online fraud, fucking with the mails will actually get you in trouble, and USPIS doesn't blow you off if you haven't suffered hundreds of thousands of dollars in losses.
I do miss the one benefit that physical checks had up until a couple of years ago, the float. Check21 pretty much ruined that, but maybe it was for the better. Come to think of it, I haven't overdrafted since Check21.
Long live the check, just stay away from my routing numbers.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
WTF?!?!
The stories and info posted here are artistic works of fiction and falsehood.
Only fools would take it as fact.
I've known an equal percentage of white people who fit these same descriptions.
The stories and info posted here are artistic works of fiction and falsehood.
Only fools would take it as fact.
Anyhow, what I know is that the malware is new and still being analyzed -- they're not fully sure what it's for yet (capturing accounts, spamming, botnet, or probably all of the above). For now they are recommending that people udate their virus scanners and Acrobat Reader. They must suspect Acrobat as an infection vector somehow.
Real programmers use "copy con program.exe"
Wondering about how the attackers got the credentials... Clickjacking, rootkits or something ? technically you cannot get a password using click jacking, but maybe something like email the password whatever...
I used Checkfree's service back in the early 90's via DOS & dialup for personal online bill paying. People gave me an odd look whenever I mentioned it. "You do what?"
Table-ized A.I.
For US Bank anyway, when I tried to go to my bill pay when this was going on my browser gave a nice message that the SSL cert was self signed and issued to localhost.localdomain. Any modern browser makes is pretty clear that something bad is happening in this case, although I'm sure there's still plenty of ignorant users willing to click through.
True, my financial institution (US Bank) may or may not be to blame, HOWEVER, you'd think it wouldn't take a bank a full day to let users know or take away the bill pay link or something along those lines. When I saw the invalid certificate, I still needed to cancel an automatic payment so I decided to contact my bank. Their response was basically, "we take security very seriously, please make sure you're using a compatible browser, move along now, nothing here to see." It wasn't until at least a day later that they notified users when logging in that bill pay was down. I wonder how many users clicked through during that one day period, which could have easily been prevented by a faster response?
Back in my day... we used.. C A S H... and we were happy to have it... up hill, both ways, in the snow, with an accordian strapped to our backs, with the clasp broken, so the wolves and bears knew each step we made by the sound of the HRHAHhhaa h Hrrhahhaaa the accordian would make...
This isn't an online banking issue, this is an issue of domain-stealing. The fact that it's banking-related is immaterial. If the domains stolen were instead several newspaper domains we wouldn't call into question the credibility of the news (at least not more than we do now).
I've been involved w/ online/PC banking for 15 years or so and can tell you it's been a huge time + postage savings for me. I have no idea what the cost of a stamp is because the only reason I'd ever need them is for bills. Give it a shot w/ just one bill for a month or two.
That said, CheckFree is fairly notorious for their poor service and it's not surprising to me if they turn out to be at blame here. Especially disturbing is the apparently slapshod response.
JAGga.me ----> Producing video games addressing emotional health and wellness issues affecting teens.
... clearing something was a little TOO "check free". maybe they should change their name to "Checkalittlemore"
If you mod me down, I will become more powerful than you can imagine....
Each time I physically write out a check, there's a bit of mental bookkeeping that takes place. You can't sit down and write "One thousand one hundred ninety-eight and 32/100" without pausing for a moment to think, holy shit, that's X% of my paycheck.
This is exactly why people should have to pay income tax instead of having it automatically deducted.
If everyone actually had to write that fat check out, they might begin to care about elections and the state of the world.
AND he prob'ly sued the jar company...
It seems to me that part of the problem is that too many websites that service too many customers are all using a *single* payment service. Hijack that one payment service, and you can potentially hit 10's of millions of customers.
I don't see why giant national banks, and even mid-size regional banks, can create their *own* online payment services. Heck, they might even be able to generate new streams of revenue for themselves, instead of giving all that revenue to Checkfree. If nothing else, it helps to limit the scope of damage from one provider getting compromised.
For small banks and CUs, I could see that they might not have the resources to create their own online payment service, but if the larger banks were creating more online payment services, maybe there'd at least be a little more diversity in the systems being used by the small banks.
What is this C A S H of which you speak? In my day, we used pigs and chickens, both ways, in the snow, with an accordian, in every sense of the word "use". And they liked it.
Did . . . like, did someone really post this?
No, like, really? You're just some troll, right? Not serious?
I would sooner believe that I am dead and in some sort of pre-life-extinguishment hallucination than to believe that I am reading this post on Slashdot.
How is that bullshit in any way related to the topic?
The current bill payers in America are getting old.
The credit card companies have a stranglehold on paying by any form of credit card.
Paypal is evil.
There is no nationally accepted payment system where someone or both do not get gouged some fee. Checks are one of the few ways both parties can avoid some of the fees though I've heard that banks are starting to jack up the cost of processing them.
Our banks do not cater to customers, they are hind bound and greedy. They won't do anything unless they can screw their customers or the government for money.
When the banks finally get less incompetent they might be able to pry online payments and credit cards away from the major credit card companies. It won't happen soon because of the long term incestuous symbiotic relationship they have.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
you young whippersnappers... back in my day we didn't have a uniform currency. we had to invent our own money using clam shells and animal scat. the rear end of an incontinent mammoth was our ATM machine.
oh, and we were happy to have it--up hill, both ways, in the snow, barefoot, with a full orchestra strapped to our backs, and Roman phalanxes chasing us the entire way while the orchestra played Wagner to goad them on.
When I was 16, I discovered that with a ruler, an exacto knife, and some elmer's glue you could make up your own checks. They also had "MAC Check" machines that would scan a check - even from a non-customer - and cash them.
When I was 19, I worked in a junk mail plant that at times printed the 25% interest rate personal checks that credit card companies send out to new cardholders. All night we would watch "CONGRATULATIONS ON YOUR NEW $100,000 CREDIT LIMIT!" with 6 checks attached go whizzing by at 5MPH. When that roll of checks breaks, printed-but-junk checks dump on the floor, 7 feet per second, and if I wanted, I could pocket the sonsabitches and spend like hell - before the recipient even activated their new card. We sent those out, too.
Can our banking system really be that insecure? I open an account based on a supposedly unique ID number, hand them a photo ID that doesn't even reference my SSN. Then, they give me another number - my account number - and tell me to keep it private. Three weeks later, I get my checks that ten minimum wage slaves have already gotten to see. Every check I hand out has my private account number printed at the bottom.
Most banks hold you responsible for any automated clearing house fraud, and yet, to authorize a transfer out, all that is needed are the numbers at the bottom of every personal check you write and the "assurance" from the receiving institution that you have "authorized the transfer".
When ya think about it, it's no wonder they charge you $2 to withdraw from an ATM, $3 to use a teller, and $35 for an overdraft - it's easier to roll the dice to get an account number than it is to roll the dice and win the lottery!
How is that bullshit in any way related to the topic?
Nigga stole my domain!
Bank of America allows you to pay online via systems that accept it, and mail checks to those who don't. Strangely enough, most of the people I pay bills to here in Massachusetts accept digital billpay through whatever system they use. But even paper checks are automatic and free.
BofA is a bunch of greedy bastards, yet they found a way to make it worthwile and simple. It's slowly filtering over to America.
It's like Cellphones: Companies don't feel like they can change one territory in the US at a time... they have to go all or nothing. So we get systems 10 years after the rest of the world has piecemeal brought themselves into it. Otherwise nationwide rollouts are untennable.
The ______ Agenda
My gas company offered the option of using Checkfree.
Had I opted in, it cost an additional 8$ to pay with my credit card, rather than sending in a personal check.
Instead I just use US Banks online Billpay option. Free, and cuts out the middle man.
You raise an excellent point. However, they (typically) stop sending paper bills in favor of email notices once you start paying them online.
Why would "they" do that if you do not use "them" for payments. How do they know or care where payments come from if you do not set up up with them?
Get a bank that allows you as many free online payments as you would like, and just pay from your account - just like a real check, only online. They either send a real check or pay electronically, depending on what they payer accepts - but I have NEVER had a payer alter my bills from paper to electronic no matter how my bank payment goes out.
Again, ditch the paper checks and envelopes but continue paying the same way - manually, from your own account, each month. The bonus is less risk of mail interception and duplication of your check...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Domain registrars come in several tiers.
MarkMonitor is in the business of protecting "brands", so they have lawyers and technicians on staff to swing into action if somebody pulls something. If you have to ask how much they cost, you can't afford them.
At least they pay security lip service. My mother was having trouble enabling online Suntrust banking from her OS X machine months back (we tried three browser types, all failed differently.) The Suntrust rep on the phone actualy made the suggestion that my mother go to a public library with a Windows machine since it would work there*. It's at this point I went from anoyed to extremely cross and chewed the person out. I wonder how many other customers with out Windows PCs and tech-savy children were following this advice.
*For some reason the software lets you manage your account fine from a Mac, but won't let you do the first time setup.
"You saved 1968." - Ms. Valerie Pringle to the crew of Apollo 8
Negroes are not as good as Asians or Whites...
I've known an equal percentage of white people who fit these same descriptions.
Conclusion: You are Asian.
Conclusion: you = many lulz
The stories and info posted here are artistic works of fiction and falsehood.
Only fools would take it as fact.
You had shells and animal scat? You lads don't know how easy you had it. Giovanni Gabrieli paid me in dried moss and sea-weed, which is how you paid for things in the old times. Up the sacrificial pyramid both ways singing In Ecclesiis less the Scutellosaurus get you, the little knee-biters.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
Also having moved recently from Australia, I am amazed at the ass-backwardness of some things like that. I'm fairly sure too, that it's far more likely to be collusion, passive or otherwise, the number of things you can't pay with a credit card.
I'm also of the belief that there's a reason it takes so many steps to schedule a payment on most online account. You know, "Make Payment", "Select Amount", "Confirm" (hell, one of mine had a "Verify" after "Confirm"?!?) that I'm sure is largely designed to make you think you've confirmed your payment, and well, shit, what do you know, you didn't confirm it "enough", late fee and default APR for you, pal!
Or Toyota / Lexus Financial site... change from a recurring payment to one-times. If you can do that without being double charged at least once, I congratulate you. (For nowhere in the book is it written that the recurring option generates a scheduled payment several days out, and when you cancel recurring payments, if the scheduled payment is made, it'll not be canceled - note that I'm not talking about a payment in the "in process" sense, I'm talking about "calendar entry generated to make ACH transaction in 7 days time" scheduling). When changing jobs and pay schedules, we got burnt by this one twice before we realized what had happened (and don't even start me on how TFS actually tried to convince me it was in my best interest to just take the hit of the double lease payment and 'be ahead next month').
(rant over)
Mod the parent up. Seriously. So what if he is an Anonymous Coward. frick'in stupid moderators. :P
What is so wrong paying cash? For example, I have a AT&T dsl account that I'm "suppose" to have
a CC attached to it for payment. Wtf? Why should I have to go through these loopholes to pay my bill?
Do I have options to pay the account locally? Yes, I finally found that out. Automated payments are
evil, end of story. When has it became so evil to pay by cash? If I can't have a option to pay by
cash, without loopholes then said companies need to be sued, period. Oh, and I'm billed a month
ahead of my usage. Nice.....
Life was hell, then I discovered Linux...
No, that's not a negro, that's a suitnigra.
Why don't Americans use wire transfer more often? In Europe it is a fast and relatively safe method.
And guess who BofA's ebill pay provider is.
Before you design for reuse, make sure to design it for use.
You must be new here...
On my country, in pratice checks - electronic or real ones - is not accepted anymore. Too many frauds
Religion: The greatest weapon of mass destruction of all time
The credit card companies have a stranglehold on paying by any form of credit card.
Well, yeah. Kinda like how the car companies have a "stranglehold" on car production.
It just goes to show how uncompetitive America is - you can only buy things from people that sell them.
Interestingly, a few months ago, my financial services company (Merrill Lynch) changed the way their online login works to make this attack very hard. They required me to select an image from a large catalog, and a phrase I made up to go with it. Now, when I log in, I am presented the image and the phrase. Since these images come from a huge catalog, and the phrase is entirely up to the user, the probability that a hijacked page would have the same information is very small. In effect, the site is presenting _me_ with a pasword, before I present it with a password. (Cue, on 3, In Soviet Russia, sites log onto you)
I think this makes these pages fairly secure against the various DNS and other redirect attacks people have come up with. Someone would have to get very deep access to the main server, to figure out the image everyone chose, to successfully hijack a site.
...sites log onto you!
In Britain you can make a payment to pretty much any account, except for some savings accounts, by BACS, provided you know the sort code and account number. And pretty much any bank with an online banking service will let you do this online.
You can make payments internationally using SWIFT if you have the IBAN number. Generally you can't do this online because most of the phising attacks come from other countries, and most people don't make international payments as a matter of course.
I had a bad experience with American Express's online payment system. I was in the middle of switching bank accounts, so I had a new account open, but with just $50 as the opening balance, as I had not yet transferred funds from the old to the new account.
I scheduled a payment to AmEx on AmEx's website and it displayed that the payment would come out of the old checking account. The following day, I was preparing all of my online payments to pull from the new checking account, including AmEx.
When I updated the checking account information for online payment, they retroactively changed the day-old transfer request and tried to pull the payment from the new account which did not have as much money in it as the requested payment.
This in itself upset me because I scheduled the payment before I made the change, but hey, you can't always guess how things are coded internally.
The silly thing, though, was that AmEx's ACH (automated clearing house: the auto-draft system) system tried the transfer from the new account, it failed with Not Sufficient Funds, so they charged a returned check fee, as did my new bank. *THEN* AmEx's system tried 2 more times over the course of a week because it's just set up to retry 3 times. I called after the 2nd attempt and they said there was no way to cancel it at all. The "kindly" refunded me one of the overdraft fees, but said the rest were my fault.
(rant over)
I pay all my bills online through my bank so I only have one point of contact. Now you could argue I have one point of failure as well. I would be leery of third-party bill payment services as well. All my monthly bills arrive from the vendor (credit card, utilities, television, etc.) via email notification where upon I login to their web site to determine the amount owed and the payment date so I can pay via my bank's web site.
I was a longtime user of CF when I found it in the guts of the Quicken bill paying application and decided to just use their application instead. Unfortunately they did not develop an OS X version so I had to switch. This was just at BoA announced their free web service so I tried them. I was on the phone with BoA about a problem and when I remarked about how similar their service looked to the CheckFree application. I was told, "I'm not supposed to just offer this but since you asked, yes, CheckFree supports our service".
I tried to go to their service to pay my Electric Bill online, and they wouldn't allow me to open an account until I FAXED in a copy of my Social Security card?!?
That's completely unacceptable.
Chase's automatic bill pay is far superior anyway.
- R
US Bank will not allow you to pay a credit card from any account other than the checking account "linked" to that account
What the hell are you talking about? I have had a number of credit cards over the years and I have never linked a checking account to any of them. I have paid for all of them electronically routinely. You just have a bad credit card.
I pay my US Bank CC bill with automatic withdrawal from my WAMU/CHASE bank account. Not sure what state your in, maybe it's a local thing... or maybe it's only if you already have a US Bank checking account, I do not.
A fool throws a stone into a well and a thousand sages can not remove it.
If you continue to say "The" Ukraine, I shall come over there with a big pointy stick and POKE you. What is wrong with people? Stop helping the Soviets!
Happened to me yesterday from a torrent mirror site, loaded a file a.exe which McAfee deleted from the temp internet folder, but didn't otherwise stop it from loading. It launched Acrobat to do it, and spybot identifies it as Smitfraud. Now I bloody can't use that computer for banking until I figure out what it is.
Sid - "It's on my MySpace page, Bob".
The more I read about the USA the more it appears that apart from a bit of glitz around New York and LA, the whole place is like some backward 3rd world country populated by peasants in SUVs demanding that their way is right and everyone else is out of step.
NICE troll. Complete nonsense only a moron would actually believe and a bigger moron would say but a nice troll nonetheless. If you naively think the US is populated by "peasants" outside of NYC and LA, then it's clear you don't understand how the US achieved the largest economy in the world.
Direct debit IS used heavily in the US - just not as heavily as some other places. Direct deposit of paychecks, bill payments, social security, tax refunds/payments, and others are all commonly made via ACH payments. It's not hard to set up or use and is steadily becoming more and more common. But the infrastructure will take time to change and change for something like that will come slowly since there is no compelling need from the consumer's standpoint.
Direct debit initiated via paper forms is pretty much analogous to a check from a practical standpoint. A key difference is who initiates the transfer (payer versus payee) but either way money gets transferred so most people don't care. Why don't they care? Despite their problems, checks WORK. They work even when you don't have a bank account, and many millions of Americans don't - usually those who are poor, here illegally, and many minorities who don't trust the banks due to an unfortunate legacy of racism. A direct transfer is useless if there is no counter party financial institution to transfer to.
Really, when I applied for my firearms permit I was told by the officer that my payment must be made in the form of money order or cashiers check. No cash would be accepted.
Some forms of legal tender can be refused in some jurisdictions if there was not a pre-existing debt obligation prior to the time of the transaction. That's why for example gas stations can legally refuse large denomination bills. If you had to pay at the time of the transaction then they probably were within their rights to restrict forms of payment. Annoying but probably legal.
Why don't Americans use wire transfer more often? In Europe it is a fast and relatively safe method.
Lots of reasons.
The switch will happen, it's just going to take a while. Give it time.
Are you saying that CSS is not supposed to work in 800x600??? Good designs should work at that res. At work I often test at such because some use the email browser's window to view some web-pages, which isn't very wide. And smaller portable devices won't have a lot of width either. People want a portable web. Get with the times ;-)
Table-ized A.I.
In response to the international Slashdotter's question about why Americans don't use wire transfer more:
The US wire system (FedWire) is a RTGS (real time gross settlement) system designed for high-value payments (typically at least tens of thousands of dollars). Because the wire infrastructure is all real-time, usage costs are very high (compared to ACH, see below), and financial institutions don't offer consumers a free way to initiate wire payments (even corporations pay a premium to make wire payments). There's also no way to "take back" a wire, so if a bank initiates a payment on your behalf, and then it turns out you don't have enough money in your account (maybe a check you deposited bounced), your bank loses that money forever. This, incidentally, is why scams often use wires...they are fast and irreversible. Wire payments account for only a fraction of the electronic payments made in the US.
The electronic payments that CheckFree (and all the other online banking systems) supports are ACH payments. ACH is a system for making electronic payments via batch processing. ACH payments are next-day payments (generally, although some banks support same-day processing of so called "on-us" payments from one account to another within the same bank). Their batch processing means they are much cheaper. There's also a mechanism for "taking back" an ACH payment...with some restrictions, the funds can be taken back out of account to which the payment was made if there was an error.
The international Slashdotter may have been confused, though, because Europeans use the terminology a bit differently, and often what they call "wires" are really batch electronic payments, NOT real-time payments. International businesses usually uses the terms "low value" to refer to batch systems and "high value" to refer to RTGS systems, in order to avoid this confusion....each country has its own systems and names for those systems.
Actually, about a month ago I would have thought this, too. I use mycheckfree (got a little shock at first when the article said checkfree) to pay several utilities. They don't take credit cards, and I wanted to rack up cashback by putting the utility on the card (which I always pay on time).
So I went to the utility's website and clicked to sign up to their own payment system. They give me a screen saying something like "We see you're already signed up with another bill paying service to pay our bill. Clicking the signup button will cancel that and assign us as your bill paying service."
Apparently there is some kind of registration/linkage behind the scenes. So yeah, it's completely plausible that if you sign up with an independent bill pay company, your utility will stop sending paper bills.
Of course, the original reason this was brought up is a bit silly. Just set a reminder on a calendar to check on your bills. It's not like most bills have random due dates that change every month.
There certainly are major differences between the US and Europe in terms of banking. I have never even heard of a "bill paying" service before, when I want to pay my bills I log on to my bank.
In fact I don't actually receive invoices in the mail any longer, they're all automatically available in my bank regardless of what bank I use or who sent the invoice. And I don't mean PDFs in the email either, I'm one click away from paying/scheduling the bill.
It's probably another case of Americans getting screwed by their own banks because they can. If we can create unitary and open banking systems in Europe, why can't American consumers have access to the same?
Actually, you might be on to something there - I have heard my wife and her mother theorizing on that possibility before, too.
one of the last times Slashdot had a discussion about the positives/negatives of authorizing auto-withdrawal some guy posted the story of how he got screwed when he tried to use manual online payment to mitigate the risks.
Basically the problem is that the online bill payer does not send the payment coupon along with the money to your cable company, phone company, whoever so it takes anywhere from a few extra days to a week before you get credited for making the payment because they have to figure out which account to credit it to. And that's if whomever you're paying is willing to accept electronic payments from your on-line bill payer -- if not, then you're dependent on the promptness of the on-line bill payer cutting the paper check and mailing it out and every freaking one of them has TOS documents that say they're not responsible for doing that in a timely manner.
Or linux and firefox.
FYI:
SYMPTOMS: Presence of the: "%ProgramFiles%\Mozilla Firefox\plugins\npbasic.dll" Not linux unless you're running the win32 version in wine.
Read my comment again, I never once claimed anything related to security.
My point was that I found it strange to have to use a third party to pay your bills. I never said it was safer, just simpler and more effective. It would however reduce the number of potential unsafe websites you have to visit to get your business done.
European banks work closer together from what I have read (and experienced), transfers are more easily done between banks and countries now than at any time before. That's a good thing, and I think Americans should have access to the same. Why the rant about "unsafe" banks?
P.S. I love the fact that banks from my country are less accessible [in practice] for foreign hackers and phishing because we don't use a major international language (Norwegian). It makes all those phishing mails instantly recognizable as fake, and if you do fall for an English speaking email from "your" bank you deserve to get robbed. And, no, you can't translate using an online tool at least not for writing that phishing email... :)
Actually Europe does have a single system for bank transfers (IBAN). It's even been adopted by other countries outside Europe (Turkey, Saudi Arabia, Israel, Mauritius etc.)
"The IBAN was originally developed to facilitate payments within the European Union but the format is flexible enough to be applied globally. Customers, especially individuals and SMEs, are frequently confused by differing national standards for bank account numbers. IBAN imposes a flexible but regular format for account identification and contains validation information to avoid errors of transcription. The standard IBAN is intended to carry all the routing information needed to get a payment from one bank to another wherever it may be."
Europe has over 700 million citizens, compared with just 300 million Americans. The US being "larger" geographically and united under one government is an argument in favor of making it happen! Europe has 47 countries, at least that many languages, different currencies and still we managed to agree on something.
Try a credit union. They don't send the profits they make off you to shareholders - they give it back to you in the form of cheaper and better services. There are nonprofits for everything... Sure, they have less incentive to manage well, but clearly management incentives aren't working in corporate america anyway.
FYI, I work at an FI and there is a fee that is paid for check processing by your bank. They don't charge you but there is a fee to process all checks. Could be a courier fee, could be a process fee to handle the check, could be to image the check, etc. So there is a movement to go away from paper checks. If you stick with paper checks and are the last hold outs, don't be surprised by a fee by your bank at some point.
I'd take them to small claims court and sue them. Then they will talk to you. Negotiate a settlement no less than what the dicked you out of or let it go to court.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
There is no story here against CheckFree. CheckFree, Inc. guarantee every transaction over its payments processing engines. This company is prima-facia evidence how best to implement and use network technologies for individuals to control their own money.
It has stood behind my every transaction made over the last nine years without failure. The exploit is interesting man in the middle attack but nothing new in Internetland.
I don't know a single business, be it 7/11, the grocery store, auto parts store or whatever, that does not accept a debt card,...
You need to get out more. Countless businesses don't accept credit cards and debit cards. Heck I OWN a business that doesn't take credit cards for non-internet transactions. Many don't accept checks, and even a (very) few don't accept cash. The transaction fees on debit and credit cards are too high for many low dollar transactions. Many government transactions prohibit using credit/debit cards by law.
BTW there is a LOT more to direct debit than debit cards. You'll notice I never mentioned debit cards because the issue is larger than just debit cards. Debit cards are not a viable substitute for checks by themselves because you need a merchant account to accept payment.
Huh? Where are these bank accountless people you speak of? Surely they are in a tiny minority.
By some accounts as many as 25% of Americans lack banking accounts as of 2001. Even the most conservative estimates put it in the millions. In any case it's a very significant number. You don't have to take my word for it either.
There's lots of compelling reasons to switch.
I agree there are reasons but the fact that folks haven't converted is proof positive that they aren't compelling. Bear in mind the word "compelling" because that's the important bit - and I don't mean compelling to me or you - I mean compelling enough even my 90 year old grandmother will care. To her a direct debit is something new and complicated which does not improve her life in any meaningful way.
Everybody I know uses debt cards first, credit cards next then cash and by last resort a check!
You must have a small group of associates since Visa cardholders alone accounted for over $1 Trillion in purchases in 2006 and there are over 450 million credit cards being carried in the US alone. That's 1.5 cards per-capita. Personally I don't even have a debit card, I buy everything possible with a credit card which I pay at the end of the month, and use checks or cash when required. I'd rather earn interest on the float plus I get a percentage back. Debit cards are useful but can be an unnecessary risk if you are responsible with credit.
Especially when dealing with people like you who seem to have no foresight and are quite content to remain behind the times based on irrational and unfounded assumptions... The rest of us have moved on long ago....
Well aren't you the clever little troll who knows what is best for everyone else. I'm just a certified accountant with masters degrees in finance and engineering so clearly I have no idea what I'm doing when it comes to managing money.
When you grow up and get out into the real world come on back and if you can be civil for a change we'll have a nice little debate.
Apparently there is some kind of registration/linkage behind the scenes. So yeah, it's completely plausible that if you sign up with an independent bill pay company, your utility will stop sending paper bills.
That may be, but it does not change the main point I was making is that you should use your BANK to send out these payments, rather than any third party bill paying service. There is much less likely to be such a link in that case.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Well, it might happen sooner rather than later.
From Wikipedia: "Banks in the United States do not provide IBAN format account numbers. Any adoption of the IBAN standard by U.S. banks would likely be initiated by ANSI ASC X9, the U.S. financial services standards development organization but to date it has not done so. Hence payments to U.S. bank accounts from outside the U.S. are prone to errors of routing."
I did make you eat your words regarding #6 ;)
Yes, geopolitical Europe can be said to include parts of European Russia, Turkey, Caucasus etc. It's never been defined definitively.
You might have 528 million people living on the North American continent, but the difference is that European countries actually work together today ;)
And we are still more people than you, so why is your size such a problem like you claimed in #6?
We have even more barriers with multiple currencies, languages, different legal systems etc. Despite the enormous numbers and barriers we have working solutions. I think you should have even less problems creating a working system for the US at least!
So when you sign up, ping the site and bookmark the IP address. Sure, they may change it now and then forcing you to update it ... but at least you're minimizing the risk of a DNS redirect.
The higher the technology, the sharper that two-edged sword.
They must suspect Acrobat as an infection vector somehow.
Most of the Acrobat exploits involve their JavaScript engine. For Pete's sake, how can that be on by default? (I know, features over security).
I'm happy letting my Acrobat be a dumb document display engine.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Some mental teenager at NCSU just tried to rip us off by selling us a 17" Mac laptop that was all busted to shit (described as being 'perfect') and then running away with the money from PayPal. PayPal let us open a dispute and he lied his ass off. They made us wait for him to respond (to give him even more benefit of the doubt) which just allowed him to run farther and faster moving that money out of PayPal, but within about 10 days they ruled against his ass and whatever bank account he's using will be jacked and he'll be on CheckSystems for close to a decade if he doesn't cough up the cash. I don't think we'll be buying anymore laptops off eBay but it's nice to know that PayPal looks out for people if they run into a fraudster douche bag who thinks the world owes them a living and it's okay to screw complete strangers if (they think) nobody is there to stop 'em. Also --they own Skype now and can fully integrate "presence" with "auctions", "delivery" and "settlement" if they would only pull their head out and look at the big picture (or just read a book about how real-world auctions work and model after that, lol). So no more dising PayPal, they empower anyone in any corner of the free world to start making money and punish the crap out of those who were brought up badly to violate hard working folks if they think they can get away with it.
PS: Posting anonymously because I have no account. If I did, it would have a negative user ID. I am 99% sure I have more experience than anyone ever to use Slashdot...and Bill Gates is older than I am, heh.
I worded that poorly. There are only a few credit card companies and they do have a monopoly. That has not changed in a long time. They can dictate terms and when they can do that I want a government sponsored or mandated payment scheme to be implemented. I alos want a lot of the legal protections removed that banks now enjoy especially with regard to how they juggle deposits and withdrawls.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Yes, I can detail some of it. I would like to point out exhibit A, IBAN. This is a copy of another comment I wrote.
Europe has a single system for bank transfers. It has even been adopted by other countries outside Europe (Turkey, Saudi Arabia, Israel, Mauritius etc.)
"The IBAN was originally developed to facilitate payments within the European Union but the format is flexible enough to be applied globally. Customers, especially individuals and SMEs, are frequently confused by differing national standards for bank account numbers. IBAN imposes a flexible but regular format for account identification and contains validation information to avoid errors of transcription. The standard IBAN is intended to carry all the routing information needed to get a payment from one bank to another wherever it may be." Quote from Wikipedia
Please remember that Europe has 47 countries, at least that many languages, different currencies and still we have a working system. Why are American banks not doing something similar, perhaps because they make more money by not?
My American friends that live in the US and here in Europe have shared their experiences, that's why I feel we have major differences in our systems. Even just sending money to a friend in the US is a hassle.
I have always found it rather odd that cheques are still in use in the US. In my part of the world debit cards are the norm, I only use credit cards for company expenses. In fact I hardly even touch cash. My paycheck is transferred automatically to my account, the last time I went to a bank was to sign for my car loan (horrible taxes on cars). And even that will soon be gone due to the government's Digital Signatures Act. Tax returns are automatic, employers provide the information. And so most people just receive an SMS stating their returns, if they have additional information they can log on and change it using their digital ID. The paragraph above was just my personal experience as an illustration, do you have a similar system?
I pay my US Bank CC bill with automatic withdrawal from my WAMU/CHASE bank account. Not sure what state your in, maybe it's a local thing... or maybe it's only if you already have a US Bank checking account, I do not.
I suppose you were not using WAMU a few years back when a software update resulted in no customer's automatic payments getting made via their automatic bill payment system.
A friend of mine was and when he contacted the bank, they refused to make any restitution of late fees or anything fees resulting from WAMU's mistake.
Personally I believe they should have taken responsibility for their actions, as the software update was their responsibility.
Just one more reason why I will not use automated bill payment via any of my checking accounts. (Yes I am a WAMU, now Chase customer, however I always have a backup bank, just to be safe. If one of those banks screws up my account, I will drop them and look for another second bank, allowing the current second bank to become my primary bank)
Having a minimum of two valid solvent bank accounts avoids have the check system issues of opening a new banking account after the credit reporting industry trashes your credit reputation. You can google that too, too many stories so no need for me to defend, support, etc...
I will not let anyone auto-draft from my account either. Too many horror stories and bad experiences out there about this mistake.
Fortunately there are other methods of online electronic payment, PayPal being one of them, that will allow you to make electronic payments without putting your bank account at risk.
Remember you can always use one account for all your electronic online needs, shuffling only enough money into it for your current needs, making sure that it cannot be overdrafted for any reason (get that in writing as you will probably need it), that way should the account get compromised it does not haunt you forever. That account can be closed in a heartbeat without impacting your primary accounts, where you have direct deposit for instance.
And without a copy of the bill to dispute these types of mistakes you are asking for problems eventually. I suppose you could get an electronic copy, however you better save it off to your own system to make sure it does not get changed. Which is a double edged sword as well, considering that the official record of a check USE TO BE the the paper check ONLY. For years after electronic statements the legal system refused to accept an electronic copy in lieu of a paper copy. My guess is that has changed by now (hopefully) and yes I can imagine the stories that many can tell because of this change.
In an honest world, you can do business with a handshake, how many lawyers would recommend that today, enough said.
In my opinion it all comes back to personal responsibility. Sadly others do not feel the same, thus you must protect yourself from them.
Is your Internet Throttled? Install DD-Wrt, OpenWRT or Tomato to learn the truth! Google: 1Gbps/1Gbps: 5 Communities
For the curious, the Institute for Cyber Security blog (http://blog.ics.utsa.edu) has an article on the CheckFree attack from their former CTO and CSO. They discuss the root cause, their analysis of the attack and its consequences, and what could have been/can be done differently for CheckFree and other companies.