[wplug-board] Created a Gittip account
Pat Barron
pat at lectroid.com
Tue Jan 14 15:39:43 EST 2014
On 1/14/2014 3:55 AM, Vance Kochenderfer wrote:
> Deposits are done by ACH transfer. My main question (maybe Pat can
> contact the bank and ask?) would be whether an ACH transfer can be
> done *out* of our account without explicit authorization of the
> transaction. I would be concerned that a hack could result in our
> account being cleaned out and we would have no recourse (since
> Gittip's terms require us to indemnify them)
ACH transactions (either in or out of an account) are basically assumed
to be authorized, no prior authorization is needed. You can put an ACH
block on an account, but it's a total block - you can't pick and choose
(as far as I know). Anyone who has knowledge of your routing number and
account number (even, say, for your own personal checking account) could
post an ACH debit to the account and clean it out. It then becomes your
(the account holder's) problem to dispute the transaction as
unauthorized. As far as I know, the bank is not responsible to make
good on the funds taken in a fraudulent transfer if they are unable to
retrieve the funds from wherever they were transferred to. The
indemnification provision here basically means that if they have a
security breach and someone absconds with users' ACH information, it is
not their responsibility to do anything about that insofar is it affects
the users (i.e., making good on misappropriated funds from fraudulent
ACH transactions that occur as a result of the breach, being responsible
for financial harm that befalls a user as a result of not having the
funds while the bank investigates the disputed transaction. etc.).
For better or worse, these are pretty standard terms for entities that
do ACH transactions. So if you're going to agree to such terms, the
question you have to consider is, how much do you trust the data
security of whomever you're entrusting your routing number and account
number to....
--Pat.
More information about the wplug-board
mailing list