The problem with pushing payments is that the cost of fraud falls on the payer. In the pull model, if the payer says it was unauthorized, the rules favor the payer--restoring the payer account happens as a matter of course, and disputes are handled subsequently. This sucks for the payee, but they're usually businesses who are more sophisticated and better placed to handle these issues. But in the push model, the presumption is the payment was intended by the payer. It's a wholly reasonable presumption assuming sophisticated, rational agents. But we're talking rolling out push payment systems where the payer will be your elderly grandmother.

It won't be pretty unless there are some aggressive changes to existing regulatory and legal frameworks. But it's not easy to figure out to protect consumers in push payment systems without opening gaps where fraudsters can directly abuse the system, like checking kiting scams of old. (Checks are a pull payment type of system, but the important point is that the cost of check fraud--forged, kiting, etc--fell primarily on banks and merchants, and less on individual grandmas who couldn't buy food because they were stuck in a months-long battle with the bank to recover funds.)

Pulling fraud with ACH is pretty rare. All the scammers trick people into sending them money, or take over account and send it, this is more common with phones and Zelle. The latter would be handled with current system. The former isn't handled with current system, and would be helped if there was way to reject transfers to help with return money scams.

There is danger that people will send money on bogus requests, but invoice fraud is already covered. Other countries have the same model of sharing account number widely and it works.

> There is danger that people will send money on bogus requests

It's a huge danger. This is why there are so many Bitcoin ATMs in convenience stores. Scammers call vulnerable people and induce them to send them Bitcoin. The number of people who you can convince to withdraw hard currency from their bank and feed it into a Bitcoin machine on the request of their "sick nephew" or "Microsoft Security Team" is mind blowing. Even elderly former police and attorneys do this.

Push payments make it much, much easier--now it's just a click away. The risk is higher for the scammer and it's easier to trace as compared to Bitcoin transfers. But it will be an endless game of whack-a-mole, and because the losses won't primarily fall on banks, payment networks, or other least code avoiders (unlike with credit cards--especially--or other forms of pull payment in general), there's less direct economic incentive to do prevention. We'll likely end up with more centralized, government policing, which will be far less effective and generate more political friction.

Push payments are the future. They're already ubiquitous in many other countries. But while it will streamline day-to-day transactions, there are going to be many more victims of fraud left holding the bag. And you can see this in Europe, where push payment fraud is rapidly expanding.

And even if, in nominal dollar amount, total push fraud ended up equivalent to pull (e.g. credit card) fraud, the social cost is greater as you end up with a small number of people bearing all the costs, whereas with pull fraud the costs are effectively spread across society in the form of slightly higher transaction costs and goods & services prices. There's no built-in transfer mechanism (i.e. tax) like that in push fraud because the incentive and accountability structure is radically different, notwithstanding that in the abstract it's a very simple change in who is considered the initiator of a payment.