• Chozo@fedia.io
    link
    fedilink
    arrow-up
    8
    arrow-down
    2
    ·
    2 months ago

    It’s also risky to give. Banks will generally approve all transactions between two accounts if one of them is a business account, because the assumption is that those are business transactions and are legitimate 99.99% of the time, so there’s very little scrutiny involved for those transfers. Giving the merchant your routing/account number gives them access to make withdraws from your account at will and at any time and can’t be revoked, and giving that access to somebody you may not fully trust the reputation of is a dangerous move.

    A trusted financial institution as a middleman can be useful for those situations, because they’ll tokenize your details to expose as little as possible to the merchant, directly. These services are typically insured, so even if something did happen to your account, you’re more likely to get your money back than if you gave a merchant direct ACH access to your bank account. It’s basically a modernized version of Western Union.

    • FuglyDuck@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 months ago

      You do realize that if the bank authorizes a transfer, that you did not… it’s wire fraud and they’re obligated to refund that cash, regardless if they recoup the cash or not.

      Their fuck up, their loss.

      On the other hand, if you give your credentials to a 3rd party, that’s against the ToS none of us actually read, and if something happens to your account; they’re going to deem it as your fuck up.

      As for whatever technobabble Plaid wants to use, even if they’re insured… you’re not, unless you can prove in court that they were the source of the breach. Their lawyers are probably better than yours.

      • Chozo@fedia.io
        link
        fedilink
        arrow-up
        4
        arrow-down
        3
        ·
        2 months ago

        You do realize that if the bank authorizes a transfer, that you did not… it’s wire fraud and they’re obligated to refund that cash, regardless if they recoup the cash or not.

        You do realize that not every transaction happens in countries where these protections exist, right? Not everybody can rely on something like the FDIC to protect their funds.

        On the other hand, if you give your credentials to a 3rd party, that’s against the ToS none of us actually read, and if something happens to your account; they’re going to deem it as your fuck up.

        You’re not providing your bank credentials directly to the third-party, either. They use OAuth-like systems to log you in, typically. I’m not familiar with Ozow, specifically, but from what I can tell about their company, they appear to be doing mostly the same things as Plaid.

        • FuglyDuck@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          2 months ago

          You’re not providing your bank credentials directly to the third-party, either. They use OAuth-like systems to log you in, typically. I’m not familiar with Ozow, specifically, but from what I can tell about their company, they appear to be doing mostly the same things as Plaid.

          Plaid or Ozow is the third party. You’re using their system, which they control, to provide your credentials.

          You’re trusting that a) they’re not malicious and b) they have their shit together and c) even though they do have their shit together someone doesn’t find a random exploit anyhow.

          As for the first. yeah. that’s a problem. At that point it really doesn’t matter, does it? why would you trust Ozow or anyone else in that sort of environment with your banking credentials? or even the bank with your money?

          • Chozo@fedia.io
            link
            fedilink
            arrow-up
            2
            ·
            2 months ago

            You’re trusting that a) they’re not malicious and b) they have their shit together and c) even though they do have their shit together someone doesn’t find a random exploit anyhow.

            You could say this about literally any solution short of hand-delivering cash in person.