I think the distinction being made there is that, while individuals can request that banks or businesses perform an ACH on our behalf, as in your funds transfer example or to pay a bill without incurring payment card fee overhead, we can't generate and submit our own batches directly to any clearinghouse.
Which is just as well! In that circumstance, there would be nothing structurally to stop anyone who knows your routing and account number from performing ACH debits against your account. That's actually an already extant attack vector - and the reason why I never pay bills via ACH; I don't trust most payment processors to be very secure and fraudulent payment card transactions are easier to claw back - but without the barrier to entry inherent in the attacker having to subvert or convince some third party to act on their behalf, I think it'd be a much more common occurrence.
> I think the distinction being made there is that, while individuals can request that banks or businesses perform an ACH on our behalf, as in your funds transfer example or to pay a bill without incurring payment card fee overhead, we can't generate and submit our own batches directly to any clearinghouse.
Is that possible in any country? I've never heard of a banking system where ordinary people directly submit a transaction to the national clearing house. They always tell their bank to send their funds, right?
As far as I know, yes, and UPI/"FedNow"/Cashapp-and-friends don't change that.
That being so, if I'm honest I'm not really sure where the prior commenter's objection originates. Maybe they know about some directly accessible clearinghouse that I don't? I'd be surprised for several reasons to learn such a thing exists, but I've been surprised plenty of times before.
Unless this is actually possible in some country, I think they're both confused. But I'm guessing the objection was probably intended to convey "this is just as 'direct' in the US as it is in Australia", which would seem like a valid objection to the article.
Most country’s bank systems have a “receiving only” number which can be shared and then used by a 3rd party to directly enter an instant money transfer into the system.
Because America doesn’t have the equivalent of a “receive only” code, every service has to build that functionality themselves “on top of” ACH, and prevent direct access to ACH debit and credit functionality.
That being said, for $10/month any business can get direct access to ACH including debits and credits, and then whatever gateway you use is supposed to do some level of fraud detection against your transactions.
A few days ago someone here point out the numbers aren't actually "receive-only" for IBANs either, but anyway, the point you're making is a separate point from the one being made here. If anything, it's the opposite -- it's arguing that the US system is too capable, rather than insufficiently capable.
In the article author's defense, he did pretty much disclaim any detailed or experiential knowledge right up front. That said, while my own relevant experience is now many years past and was in any case mostly refracted through the payment card industry, I didn't spot any obvious howlers.
Which is just as well! In that circumstance, there would be nothing structurally to stop anyone who knows your routing and account number from performing ACH debits against your account. That's actually an already extant attack vector - and the reason why I never pay bills via ACH; I don't trust most payment processors to be very secure and fraudulent payment card transactions are easier to claw back - but without the barrier to entry inherent in the attacker having to subvert or convince some third party to act on their behalf, I think it'd be a much more common occurrence.