Comment by autoexec
9 months ago
> If you meet all the requirements to identify yourself to the bank, at what point does the bank have to say "this is that person, and that transaction is legal".
Our current system is entirely built on ridiculous levels of trust, mostly for convenience / cost saving reasons. I've made payments over the phone with nothing more than the information found on the bottom of every check I've ever sent. I routinely hand my credit card to waitstaff making 7.25 an hour and in that moment I'm handing every last one of them the ability to snap a photo of my card on their phones and go on a shopping spree at my expense.
As insane as our system is, it's mostly worked. Even though I've been made to pass around my account info countless times, I've never once had my accounts cleaned out. If a single mother with less than 1k in her account gets robbed, I have a hard time blaming her. She had zero say in the design of this system, and she's the person least able to deal with the cost of the consequences of it.
On the other hand, I have very little problem putting the blame on the banks which do control much of the system and who can more than afford to cover the costs of such incidents. This puts a small amount of financial pressure on them to improve the systems they've created and forced the rest of us to use in order to participate in society.
There are all kinds of things they could be doing to reduce fraud, but they don't. Mostly for convenience / cost saving reasons. I consider their refusal to take even simple steps to improve the security of their systems as their implied consent to continue accepting the responsibility for the still rare instances where criminals take advantage of their inaction.
Is that "ridiculous" as in excessively stringent or weak? Because that phrase can be read either way. From the examples you give I'm presuming the latter.
Note that payments or deposits to a given account require little authentication over the destination though more for the payee. I've long been amused by US banks which require me to authenticate to an ATM to make a payment but will accept cheques dumped into a deposit slot.
I agree that the system mostly works, but fraud costs are in the billions, and that's U.S. credit cards alone:
"As Nationwide Fraud Losses Top $10 Billion in 2023, FTC Steps Up Efforts to Protect the Public " (2024) <https://www.ftc.gov/news-events/news/press-releases/2024/02/...>
The denominator is roughly $4 trillion, so it's an 0.25% fraud rate:
"The Average Number of Credit Card Transactions Per Day & Year" <https://www.cardrates.com/advice/number-of-credit-card-trans...>
IME the system uses increasing authentication rigidity as payment sum grows.
> Our current system is entirely built on ridiculous levels of trust, mostly for convenience / cost saving reasons.
Paging patio11: https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...
Financial transactions are premised on 1) the ability to detect fraudulent activity in realtime --- rather than solidly establish identity, payment processors are looking for indicators of fraud, and 2) reversibility of transactions --- if fraud does occur, funds can be clawed back, usually with the vendor holding the bag / taking the hit, rather than either the bank or account-holder.