I'm aware of a story where a local credit union assigned account numbers strictly sequentially. A customer setting up direct-withdrawal typo'd their account number by omitting a digit, i.e. their acccount number was '12345' and they entered '1234'.
Since the numbers are sequential, '1234' happened to exist. For about a year, the company in question cheerfully direct-withdrew from the inappropriate account, and the original owner of '1234' never noticed, never complained, or had their complaints ignored. To my knowledge, the error was never rectified.
End of the day, direct-draft is a badly-architected system from a security standpoint.
I'm aware of a story where a local credit union assigned account numbers strictly sequentially. A customer setting up direct-withdrawal typo'd their account number by omitting a digit, i.e. their acccount number was '12345' and they entered '1234'.
Since the numbers are sequential, '1234' happened to exist. For about a year, the company in question cheerfully direct-withdrew from the inappropriate account, and the original owner of '1234' never noticed, never complained, or had their complaints ignored. To my knowledge, the error was never rectified.
End of the day, direct-draft is a badly-architected system from a security standpoint.