A proposal for idiot-proofing bank account details
Take a valid credit card number, such as
4111-1111-1111-1111
, change it slightly, to
4111-2111-1111-1111
, and it ceases to be valid. This
is because the last digit of the number is a checksum calculated
from the preceding digits via the Luhn algorithm.
It’s not particularly clever; it’s not cryptographically secure.
It’s not meant to be. What it’s intended to do is to protect
against accidental data entry errors, and it does that very
well.
Now, compare the system for bank transfers in the UK. You enter
a six-digit sort code (usually given as three pairs, e.g.
11-22-33
). This corresponds to the branch. To this you
add an eight-digit account number.
If you get one of the digits wrong, one of two things happens. If you’re lucky, the transfer is rejected and the sum is returned to the originating account.
If you’re unlucky, the sum disappears into BACS and you have to fill in forms and wait six weeks to try to get it back.
There may even be a third case, in which a typo generates an alternative valid bank account, making it even harder to reclaim the lost funds. I don’t know how likely this is, as I don’t know how banks distribute account numbers.
Having been a victim of the second case (due to an estate agent sending me the bank details that were off by one digit), I feel like simple transcription errors could and should be prevented, and I think we could do it pretty easily.
Here’s my proposal: create a transfer format for bank account details that includes a checksum, allowing the detection of errors before monetary loss ensues.
In fact, we don’t need to. It already exists! The IBAN, or International Bank Account Number, specifies a format that does exactly this.
Instead of:
12-34-56 98765432
You use something like:
GB82 WEST 1234 5698 7654 32
It’s not too much longer, and you can be reasonably confident that no one’s made a typo somewhere.
Although intended for cross-border transactions, there’s no reason why we shouldn’t use IBANs for domestic payments. The functionality could be added to online banking systems fairly trivially (I’d optimistically quote half a day’s work) without needing any change to the back-end systems.
We can’t stop estate agents screwing up, but this might be the next best thing.