Banking

I had a random thought while I was depositing and transferring my money between banks about how it all works. What does the American banking system look like from as a software system, but also a physical system?

Direct Deposit -> ACH

It’s useful to first work through specific functions here before trying to get the entire picture of digital banking. One of my transfers ended up being a direct deposit from BoFA, even though it was sent as an unprocessed “ACH” transfer. The insight being “direct deposits” are quicker precisely because your bank looks at the unprocessed ACH and just credits your account.

So what is an ACH? An automated clearings house functions as essentially a middle man between banks for two fundamental operations: “credit” and “debit”. A digital ACH as we have in the US is then a software system that a banking provider can integrate with. For example, a banking provider has a log of all the transactions within a certain time window which then gets batched into a specific structure “NACHA”, which then gets processed by this middleman who forwards too other bank systems and responds with updates to the sending bank.

Personal Security

The second part is what goes into securing a user account, given that our banking account + banking information is one of the more important accounts to keep secure. The main three items here is our personal information, account password, and personal banking information. Each if exposed can lead to security concerns and unauthorized actions against our account.

The first is your bank account number and routing number. With those two pieces of information, a person can create fraudulent checks or make ACH payments on your behalf. It does seem oddly easy for someone to commit fraud this way as that information is present on checks and exists on other user accounts as payment information. The good thing here being that reversing a transaction is easy enough if you report it early.

The second is having access to your bank account details. From here an actor could initiate fraudlent transfers again or create fake checks to cash. In this case, they could issue cashier or money order checks instead of just faking checks in your accounts name. The worse case scenario is that your authorization devices are also comprised which allows wire transfers to be made. In the event that wire transfers are made, recovering money might not be so easy.

The third is identity theft. People getting your private information from previous data leaks can use it to get loans and create accounts in your name. And if you were specifically targetted, an actor may try to “sim-swap” your mobile phone in order to grant access to your account as they already have your personal information1.


  1. Sim-swapping has been done extensively for cryptocurrencies as it is harder to recover a fraudulent crypto transaction than even a fraudulent wire transfer.