Banking: Recommended Practices

Healthy-Paranoia
Banking
Page content

TL;DR

Maintain two checking accounts at the same bank; each has a different purpose, and only expose one to the world. Maintain separate ATM cards for each, keep them locked, and only carry the one tied to the externally-facing account. Never use debit payments, ask about ACH filtering, and use the strongest form of MFA configurable.

Terms & Tech

Every US federal or state chartered bank has an ABA (American Bankers Association) routing number managed by LexisNexis. Other countries have other models, but generally, every bank has a routing number, and they’re easy to locate. Every account in a US bank also has a unique account number. Money can be exchanged in and out of the account in person and by paper checks or electronically by wire or the Automated Clearing House (ACH), a network that processes electronic transfers between banks. Checking accounts typically offer bill payments and the bank’s system determines if a paper check needs to be mailed out or if a transfer is possible. Another way to extra money in person via the Automated Teller Machine (ATM). Banks offer ATM cards that provide access to one or more accounts held at the bank. In addition to a cash withdrawal, the cards almost always offer debit access for point of sale devices.

Recommendations

  1. Hold at least two checking accounts at the same bank. The first account should hold most of your cash and it’s only used to transfer money in and out of the second account. The objective is to never disclose this account number to anyone except maybe your employer for direct deposit. The second account should be designated for writing checks, bill payments, ATM withdrawals, ACH transfers, Zelle, and cash apps, e.g. Venmo. Keeping them in the same bank removes the requirement to use ACH transfers between them and accelerates cash clearing when moving funds.
  2. Direct deposit your paychecks into the first account (such that the account number is only known by your employer) or optionally direct deposit checks into the ACH account and move money in and out of the ACH account so it only ever has a small amount of your cash. It’s also possible to split direct deposit into multiple destination accounts, so a smaller amount can be regularly placed into the ACH account. This provides the greatest protection to guard the cash in the primary account. The ACH account carries the external exposure risk, so limit risk by keeping minimal cash there and moving money to the account ahead of payments.
  3. Some banks offer a card that’s restricted to just ATM use and has no debit card / point-of-sale capability. Ask for this and only use this type of ATM card.
  4. Hold separate ATM cards per bank account.
  5. Keep all ATM card(s) locked if your bank supports it. Unlock the card via the bank’s mobile app when you need to withdraw cash, then relock it.
  6. Only carry the ATM card tied to the ACH account.
  7. Never, ever use the ATM card for debit payments. Using a debit card at a point of sale exposes your banking information and PIN to skimmers. An error could withdraw more money than expected and this could cascade if the error is enough to trigger overdraft fees. Credit card transactions offer payment protection while debit transactions offer no protection at all.
  8. Ask your bank if they offer ACH filtering to allow direct deposit and disallow all other transfers or if they can disable ACH entirely. ACH transfers make it easy to move funds between different banks; however, they offer little to no fraud protection, and they only require the routing number and account number – which you freely give away every time you write a check!
  9. Enable Multi-Factor Authentication (MFA) for account access, and use U2F/2FA methods that are not SMS-based time-based one-time-passwords (TOTPs). The best MFA option is a FIDO2 key.
  10. Request a verbal passcode be added to your accounts.