The real reason seems to be that getting onto the ACH system is actually work.
Once you're in it's an open field, but getting there requires a lot of vetting.
There have been exploits that I've read about, but they tend to be hushed up because people don't particularly want people to know how insecure the system actually is. The exploit I read about had someone pulling a couple of dollars from a few million accounts. In aggregate they made a lot, and most people aren't going to necessarily notice a few missing dollars.
Of course, everything is traceable. But I never did hear of a resolution of this particular issue.
As an aside, eChecks have a different issues, mainly because they're sort of a hacked-in solution. For example, you can't stop payment on an eCheck, since there's no check number; banks just can't do it.
Once you're in it's an open field, but getting there requires a lot of vetting.
There have been exploits that I've read about, but they tend to be hushed up because people don't particularly want people to know how insecure the system actually is. The exploit I read about had someone pulling a couple of dollars from a few million accounts. In aggregate they made a lot, and most people aren't going to necessarily notice a few missing dollars.
Of course, everything is traceable. But I never did hear of a resolution of this particular issue.
As an aside, eChecks have a different issues, mainly because they're sort of a hacked-in solution. For example, you can't stop payment on an eCheck, since there's no check number; banks just can't do it.