> It goes beyond access to your data. With an account and routing number and access to ACH protocols anyone has essentially unrestricted access to your money.
Fortunately Intuit has really, really poor coverage for this. Comically poor. Plaid only supports a few FIs. Never sign up for a service with Yodlee and you're statistically covered here.
> Since the amounts were different each time, my bank said I had no recourse other than to continue disputing the charges or change my account number.
For future reference, your bank should have offered to migrate you to a new ACH number for free. It's really quite illegal for them to allow ongoing fraud to occur once you've informed them of it.
It's no different than if someone loads your Chase Debit number into an Apple Pay device and then adds biometrics (which btw: true tragedy and incredibly stupid. Chase needs to implement yellow path. I closed my accounts due to waves of fraud via this method). You're still not liable for damage, it's just scary and frustrating and time wasted.
Fortunately Intuit has really, really poor coverage for this. Comically poor. Plaid only supports a few FIs. Never sign up for a service with Yodlee and you're statistically covered here.
> Since the amounts were different each time, my bank said I had no recourse other than to continue disputing the charges or change my account number.
For future reference, your bank should have offered to migrate you to a new ACH number for free. It's really quite illegal for them to allow ongoing fraud to occur once you've informed them of it.
It's no different than if someone loads your Chase Debit number into an Apple Pay device and then adds biometrics (which btw: true tragedy and incredibly stupid. Chase needs to implement yellow path. I closed my accounts due to waves of fraud via this method). You're still not liable for damage, it's just scary and frustrating and time wasted.