EDIT: What I mean by this is that if you give me your account number so that I can deposit into it, then I can also withdraw out of it (not through the Dwolla API, but trivially by other means -- see http://perimetergrid.com/wp/2008/01/01/checks-the-most-dange...)
It's a problem with ACH in general. However, debits from consumer accounts (or, more accurately, those initiated with a "PPD" code) can be refuted for something like two years.
By submitting a file straight to the networks, I could also debit a nonexistent account for $20m and have it show up in my account the next morning. Wouldn't hang around for long though.
You can always refute it. Whether you'll get your money back or not is an entirely different matter. The consumer protections on ACH are much weaker than credit cards, so it's pretty much up to the discretion of your bank.
It's not that their that much weaker. You have 60 days as an individual to dispute a debit, but it's seriously painful. You will likely have to go into a branch and fill out a physical document. In comparison, Amex has a link that says "dispute" next to each transaction.
Not quite. This makes ACH more accessible than it was before, which makes it that much easier to commit ACH fraud. Also, it is possible to layer a secure layer on top of ACH, but Dwolla didn't do that. They either chose not to, or they don't know how. They just exposed the ACH functionality directly.
Because people can feel there's something deeply wrong with this, but can't quite pinpoint what it is. They've forgotten that the whole philosophy of the Internet [SRC81] was to get rid of middlemen, not just to create new ones.
Great. If you get a timeout, though, what do you do? You will either end up with the possibility of double transactions or no transactions, depending on how you try to recover...
If by mixing conventions you mean careless foul practice of trying to please everyone by partially satisfying all of their preferences which only ends up annoying them all, then I am certainly against it. But, if by mixing conventions you mean the joyous unsegregated joining of every person's vision into a creation that is greater than the sum of its parts, then I am certainly for it. This is my stand. I will not retreat from it. I will not compromise.
It's similar to many jQuery plugins I've seen. "LOOK, you can do all this with one line of code!"
$("#mydiv").someplugin();
But then they show all the HTML adjustments you have to make to get the plugin functioning. Just tell me straight!
But, credit to the author, I always like seeing how people use the command line to accomplish things. One day, I'd like to make a "get_subs" command that orders Jimmy Johns for me.
I'm waiting for someone to create a service on top of this. Think Stripe for ACH transfers.
I badly want to use this but the required BSA/AML and CIP compliance are too much for my startup. I would gladly pay someone to handle this compliance and just let me call an API.
The point is that you can transfer money with one command and no pre-existing state. That's pretty great.