in the final decision, it wasn't Intuits fees (which were excellent for ACH and acceptable for cc's) or the float time. It was that I had to attach their invoice every time. Don't recall whether I could disable "net due" which I'd have wanted to.
When my Microsoft Store account (not MFA and an old simple pw) and Facebook (MFA and complex pw) accounts got hacked between Christmas and New Years, AMEX immediately covered me for the 2,800 of Xbox "gift cards". Facebook was just a clusterfk. Wierd thing is the hacker managed to change the cell phone number and FB was about to allow the hacker to change my pw if I hadn't noticed it. When I tried to change the cell phone back to mine, I was prompted to input my authenticator code. Unpleasantly for me and totally coincidentally I had changed iphones a week beafore. Authenticator backup didn't work. Emergency codes were out of date
If it hadn't been for a friend of my son's who worked at FB, I'd still be locked out because I needed to have MFA disabled. FB security staff probably overwhelmed now.
Also had $50 Amazon gift card charged to my MFA protected Amazon account. Most likely it wasn't Amazon that was hacked but a vendor of Amazons who resells Amazon gift cards and I had sometime in past bought something from them. Sheesh.
Re the safety of credit cards vs ACH, the BOA fraud guy said BOA doesn't automatically reverse fraudulent ACH transactions until they've investigated. But if cc, BOA doesn't make you pay them until investigation finished. What's the experience of others out there?