I ran across a rather odd new (to me) protocol in trying to set up auto payments to a bank account from a different bank.
For example, in order to set up a recurring mortgage payment, from Bank A to mortgage holder Bank B one must
• provide the actual login credentials of Bank A
• agree to a terms of service of the procedure which contains, essentially, language that releases Bank B and a third party processing system of all liability with regard to security, and any possible breach of data in the process.
Aside from not being able to agree to that prospect on its face, it just seems Too Weird
Yes, this sounds fishy to me. I wouldn’t agree to those terms as well.
If the terms for authorizing your mortgage holder (bank B) to auto-debit from your account at bank A are unacceptable, then don’t use them.
Does your bank (A) have a bill payment system that you can use to schedule your mortgage payments? My bank (Bank of America), has a bill-pay system that works great. I manually schedule payments with it all the time. They also offer the ability to schedule periodic payments, but I choose to not use that feature.
While I have not looked directly into it, I don’t think the BofA bill-pay system can be simply configured to pay an account like a mortgage in another instituion. While a mortgage is with a similar institution i.e. Bank B … or more to the point let’s call it Bank Ch … I am not sure if the interface is the same as for paying other bills like credit cards, car insurance, phone bills and the like … but I guess I should inquire.
Maybe it’s a simple matter of naming the institution that holds the mortgage and providing the account number. Maybe
It seems to be a trend involving third party payments. For example, the popular Venmo app uses a third party company called “Plaid” to facilitate bank payments. In addition to requiring your banking login credentials, the extent of data access that Plaid requests is eye popping. I think it is one of those things that no one under thirty cares about.
Venmo has an alternate “manual” method, requesting just your bank’s Routing Number and your Account number. Which is actually all they need. But after several tries it has failed to connect for me. No way am I using that Plaid service.
It can, if your mortgage company is in their database, just like any other business that might send you bills. I believe the loan number is the “account” number for this purpose.
I use it every month to pay my mortgage (Chase). BofA can’t receive the bills directly (I receive monthly statements directly from Chase), but I can and do use it to make the payments.
I’ve used this method several times - mostly for making tax payments to the IRS, since BofA’s bill-pay system doesn’t have them in its database. They take the numbers from the bottom of a cheque and it gets processed as an ACH transaction - similar to depositing a paper cheque.
This is definitely more secure (and probably has more legal protections) than giving your login credentials, which would grant near-complete access to your account.
In line with David’s approach, I believe most major lenders support ACH payments from bank checking accounts. In my case, I have set up an automatic monthly payment initiated by my mortgage lender against a checking account I keep at BofA. @jmhbpc , if you haven’t already done so, you might try contacting your lender to see if they support ACH auto-payments.
Something to keep in mind is that a lot of functions, including bill pay services, are outsourced to third parties by banks. So even though it looks like your bank runs its online bill paying, your information is actually sent to another company such as Fiserv. Plaid, as discussed earlier in this thread, specializes in account signups and connecting accounts.
In the OP’s case of establishing ACH transfers between two institutions, Plaid’s verification service replaces the older method of sending test deposts and verifying the amount of test deposits, which can take multiple days to complete, with an instantly completed process.
Personally, I regard Plaid to be a higher security risk than test deposits but a lower risk than account aggregation services–also often offered by your bank but not run by it–such as Yodlee. When I am forced to use Plaid, I change the “exposed” password as soon as the signup/connection process is completed. Further, if accounts connected using Plaid have 2FA required at login, the window for an attacker to use the information submitted to Plaid for for one-time use should be short.
The financial software Moneydance uses Plaid as part of an optional feature to directly download data from banks. Their blog post introducing the feature explains why they went to Plaid and the various security trade-offs in doing that.
By the way, although I use Moneydance as my financial software, I’ve never participated in direct downloading of bank data. So I have purchased the software and pay the upgrade fee for every other software release.
It’s been a minute, but before I retired, I was actually involved in setting up ACH in its various flavors for a mid-sized bank. FWIW, here’s what I recall:
There are four “flavors” of ACH (which stands for “Automated Clearing House”, a US banking set of rails for transferring relatively small sums of money between payor and payee):
Send money from your bank account to some payee (via their bank)
Receive money from some payor (via their bank) into your bank account
Request money from some payor (via their bank) to be deposited into your bank account
Grant a request for money from some payee (via their bank) to be withdrawn from your bank account
So when you set up a recurring payment that goes over ACH, you’re using option 1. When you give a third party permission to periodically withdraw money from your account, that’s option 4. Personally I like to be in the driver’s seat, so I rarely (if ever) use option 4.
Now with respect to paying your mortgage, there’s really nothing different about that than paying any other bill. Most banks’ Bill Pay systems will encourage you to use ACH (option 1) because it’s cheaper for them. However, if your payee does not have an ACH relationship with your bank, then your bank will simply cut them a check and mail it for you. From @Shamino’s experience (above), it sounds like maybe BofA no longer offers the pay-by-check option? That would surprise me if true, but I don’t bank there, so I don’t know for sure.
I am a customer of Bank of America. To set up auto-pay, you first set up an entree for the payee. If it’s not in the bank’s database, you can enter the information manually. Adjacent to the entry area, there’s a note that says, “If a company can’t be paid electronically, we’ll mail a paper check for you.”
Once an entry is in your list of payees, you have the option of setting up Autopay for the payee.
I have a few bills that I pay this way. It saves me a stamp and a paper check. If that doesn’t matter to you, okay, but I find both stamps and checks a pain to replenish, so not having to use them is a benefit in my book.
Two reasons: you can tell them exactly when you want the payment to be received, so you can time the transaction to be as late as possible. Second: they don’t charge for the postage, or for the check. (Most checking accounts don’t provide checks for free.)
My bank (PNC) specifically states on the bill pay page that with paper checks, the date is an estimate based on average postal transit times. They cannot guarantee that a mailed check will not arrive early or late, and if it results in an overdraft or a late fee, that’s on you. They will guarantee actual transaction dates only with ACH and EFT transactions.