> they actually sent me an email asking for my checking account number and routing number to be sent to them VIA EMAIL
Is that an actual issue with US accounts? Over in EU it's common to publish your account number (IBAN) and routing code (BIC) on your website, letterhead, and obviously on bills you send to customers so they can pay you.
They should only be able to send you money, not use it to request money, right?
This isn't the reason why. Spotify has been a major player in the U.S. music streaming market for a long time. They have their own offices here, and these kinds of decisions are surely made domestically.
The reason for this is simply incompetence. They were given the order from leadership to discontinue Car Thing to cut costs, and they are given a short deadline with no options for extending or unlocking the hardware. Spotify's Lawyers don't see any way out of that issue, and also see liability for having discontinued a product so quickly and with such short notice, so they recommend to the Accounts team that Car Thing customers can opt-in to a refund, and that should indemnify Spotify from any disputes.
So the Accounts team gets this new recommendation from Legal, with an even tighter deadline than sunsetting Car Thing, where customers are entitled to refunds on-demand if they bought one. Requests come in immediately, and there is absolutely zero process in place for actually issuing refunds for this, so the Accounts team works directly with the Finance team and figures they can just wire refunds directly to customers, which the Finance team is happy to do if they are provided a spreadsheet of account/routing numbers.
Nobody in the process of making these decision has any understanding of the risks, they just move to actualize what leadership asked them to, doing as little work as possible to meet the deadline. The result is refund requests arriving before any refund process has been established, and so the process is invented on-the-fly without any regard to best practice.
Tl;Dr: Discontinuing Car Thing was a hastily made decision that was announced before the company had done due-diligence, and now they are dealing with a disorganized response.
SEPA Direct Debit is a thing here in Europe as well, this is why we could live just fine without credit cards for so long. We instead had our local variants of what y'all call ACH and a few cooperation networks, that got unified as part of the EU-wide SEPA rollout (must have been something like 10 years ago). Now you can do money transfers to and from the entirety of the EU between all banks, if you pay a bit extra most banks can actually do real-time nowadays. If someone does direct debit fraud with your account number, you can claw back the money just as easy as you can do with a credit card.
The only problem remains card-based POS transactions... unfortunately, MasterCard and VISA spent shit tons of money into lobbying to make sure people would finally all converge on their standard instead of an established domestic one, their closed network where these fuckers could finally get a chance at getting their cut from the 448 million EU citizens.
Oh man this would fix the most annoying and terrifying part of bank transactions in the US (IMO). Instead, we have a million third parties that help ease the situation, but all take a cut, so some services make you use the original method.
Nope. My utility company and also Verizon withdraw from my checking account, and all they needed was the account number, routing number, and my name. No further verification.
For that reason, I have two checking accounts, and don't keep large sums of money in the account I use for payments.
Only businesses can create SEPA Direct Debit mandates, and they can be blocked easily and refunded at the initiative of the account holder no-questions-asked within two months.
Is that an actual issue with US accounts? Over in EU it's common to publish your account number (IBAN) and routing code (BIC) on your website, letterhead, and obviously on bills you send to customers so they can pay you.
They should only be able to send you money, not use it to request money, right?