I’m casually rooting through the bills this evening, and I see there is a credit card bill I mis-placed under some other paid bills, and that it is due tomorrow 10/13/2003. Beyond the “Oh crap” moment and a 30 or 40 penalty looming, I call the service number to see about a phone payment or extension and among the automatic operations the voice menu offers to me is electronic check payment. Hmm… OK.
I call and walk though the automatic options. All it wants is my credit card #, my credit card security code # on the back, and the routing # and account # of my checking account on the bottom of the check. I enter all these, and bang I’m done! The amount has been deducted from my checking account and I’m good to go.
Now this is all nice and convenient and saved me the hassle of begging for a short extension, but it occured to me that using this method I could deduct money from practically any valid checking account if I have the account and routing #'s which are on of the bottom of almost all checks, and unless someone was checking their account statement carefully I could reach into almost any one’s checking account by doing this until they caught on. The card company didn’t have my checking account on file. They only wanted a checking account # and a routing #.
This seems almost too easy and I am obviously missing some security element. What prevents thieves from doing this on a regular basis using other peoples personal checks they have been paid with?