I received an invoice recently and was given two options to pay – credit card and direct debit.
For the direct debit all I had to do was give them my BSB and account number.
I thought it was odd – most companies have to use an authentication service such as POLI for you to pay directly from your bank account, but they seemed to be able to take money from my account with just my BSB and account number, with no formal direct debit agreement.
I always understood that nobody can take money from you with your BSB and account number and that is the way it should be. We all give this information to people so that they can pay us, not the other way around.
How did they do this? Does this mean that there is some vulnerability with this information being given out?