From: alzheimer@juno.com (Ronald Raygun Remailer)
Date: Tue, 26 Nov 1996 09:16:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Copyright violations
Message-ID: <19961126.111613.12279.0.alzheimer@juno.com>
MIME-Version: 1.0
Content-Type: text/plain


 
American Banker: Friday, November 22, 1996
 
MasterCard Raps Visa Security After Theft 
 
By JEREMY QUITTNER
 
The theft of a personal computer with several hundred thousand credit
card
accounts stored in its memory has led MasterCard to suggest the security
procedures of rival Visa are inadequate. The computer, stolen from Visa's
San Mateo, Calif., data processing center early this month, contained
information transmitted from point of sale machines for 314,000 active
credit
card accounts -- from Visa, MasterCard, American Express, Discover, and
Citicorp's Diners Club.
 
Visa has offered to pay $20 per account, potentially $6.3 million, to
replace
the cards. 
 
Although the five brands reacted quickly to the crime, and there has been
no
loss due to fraud, the incident shows how account information is
vulnerable to
fraud and theft from many directions. 
 
Michael Stenger, special agent, financial crimes division for the U.S.
Secret

Service, said criminals will go after account information wherever they
can
find it. 
 
"The computer is seen as a facilitator and a storage point," he said.
"The main
thing is (the thieves) need the information." 
 
Account information from the different credit card networks is commonly
routed through MasterCard and Visa processing systems from point of sale
machines, and sent to the appropriate party. 
 
"The question is, why was the information downloaded?" asked MasterCard
spokesman Sean Healy. "We don't do that type of downloading." 
 
He said MasterCard stores point of sale information on cartridges in high
security locations in its St. Louis processing facility, where it would
be
"virtually impossible to replicate" the Visa theft. 
 
However, David Melancon, a Visa International spokesman, contended,
"Any card company that processes transactions" downloads account
information. 
 
Jerome Svigals, a smart-card and security consultant in Redwood City,
Calif., said Visa would have downloaded this information only if it was
working in the capacity of Vital Processing Services, its merchant
processing
arm. 
 
He added the computer probably contained magnetic stripe information,
such
as account numbers, expiration dates, and encrypted verification codes. 
 
"There is little or no protection against this problem," he said. 
 
Visa said it may have been an inside job, although no one has been
arrested.
The thief or thieves were probably more interested in the computer
hardware
than the account information, Visa said. 
 
"We have had rigorous plant security, but obviously not secure enough,"
Mr.
Melancon added. 
 
Visa, which said the vast majority of affected accounts were its own,
said it
immediately contacted all the parties involved and recommended they get
in
touch with cardholders. 
 
Mr. Healy said the stolen computer contained information on accounts at
500
of MasterCard's member banks. 
 
"We are recommending they close the affected accounts and issue new
cards," Mr. Healy said. "We are monitoring authorizations very closely
and
have issued a worldwide security alert." 
 
American Express, on the other hand, has chosen to monitor its own
accounts without informing cardholders. It would not specify how many of
its
accounts were involved. 
 
"The accounts are being monitored for fraud, but we have not found any,"
said Gail Wasserman, an American Express spokeswoman. 
 
Diners Club and Dean Witter, Discover & Co. said they were taking
measures to protect their cardholders. 
 
  
American Banker: Friday, November 22, 1996
 
Bank Group Issues Guidelines for Protecting Consumer
Privacy 
 
By Barbara A. Rehm
 
Retail bankers on Thursday unveiled a nine-point plan to safeguard
financial
information about their customers. 
 
The Consumer Bankers Association is providing the privacy blueprint to
its
members, 900 financial institutions with more than $2.5 trillion in
assets. 
 
"We are confident that these guidelines will enable our members to
continue
delivering top-quality service and choice while maintaining the trust of
consumers," said Pam Flaherty, Citibank senior vice president and a
member of trade group's board. 
 
The guidelines, in the works for two years, are designed to help banks
maintain customer confidentiality standards even as new technologies
speed
information processing. 
 
For example, under the plan, banks "will limit the use and collection of
information about our customers to what is necessary to administer our
business, provide superior service, and offer opportunities that we think
will
be of interest to them." 
 
The blueprint also notes that banks will provide data about their
customers
only to "reputable information reporting agencies." 
 
The Consumer Bankers issued the privacy guidelines to show the federal
government that the banking industry is policing itself and no new
regulations
are needed. 
 
 
American Banker: Friday, November 22, 1996
 
Get On-Line Quickly or Get Left Behind 
 
By JENNIFER KINGSON BLOOM and JEFFREY KUTLER 
 
Almost 600 people paid a quick visit this week to a future in which most
consumers carry smart cards, do most of their banking and shopping on the
Internet, and rest assured that their financial institutions have taken
all
necessary steps to ensure payment security and personal privacy. 
 
By now the bankers among the 600 have returned to a reality in which most
chief executive officers don't know much about personal computers, pay
more attention to commercial loan spreads and credit card profitability
than
to information technology, and still need convincing to pour a lot of
investment capital into creating the aforementioned future. 
 
The vision of the possible appeared at American Banker's second annual
conference on financial services in cyberspace. After three days of
almost
boundless enthusiasm for electronic cash and virtual banking, these
concepts
didn't sound futuristic at all. 
 
Stirring up a revival-meeting atmosphere, Mondex USA chairman Dudley
Nigg referred to Internet banking as "the Holy Grail." But no longer does
he
consider it beyond bankers' grasp. Giving the opening speech Monday, the
Wells Fargo Bank executive vice president decried the industry's past sin
of
"giving away the branch channel for free and charging for on-line service
...
How ludicrous!" 
 
After Wells saw the light and dropped its fees for PC users, on-line
customers jumped from 20,000 in early 1995 to 270,000 today -- 110,000
of them via the Internet. Mr. Nigg expects two million Internet customers
in
five years. 
 
It provides an unusual opening, he said, to "satisfy customer needs
(while) we
lower our costs ... That's the kind of economics that chairmen in our
industry
love to hear about, and is rare in banking. Rare is the channel where
costs
can be driven down." 
 
Mr. Nigg, speaking the same day MasterCard announced its acquisition of
51% of Mondex International, a smart card program he fervently supports,

lived up to his keynote billing with the conference's most quotable
quote: "If
we don't get aboard this train early, we will miss it." 
 
He said technology is advancing so quickly and decisively that bankers no
longer have the luxury of waiting for lower prices or more definitive
outcomes
before making a move. 
 
"If we regard this as purely hype, we will forfeit this opportunity to
others
who are waiting in the wings," Mr. Nigg said. "We have traditionally been
slow to step up. In the past, second-movers had an opportunity to meet
the
train. Today, people are waiting for us to act. If we don't do so,
somebody
else will step in and take our place." 
 
"Don't do nothing, waiting to see if Internet commerce is real," said
Verifone
Inc. vice president Roger Bertman, picking up the theme two days later
when
discussing bank-merchant relationships. "It is absolutely clear you will
miss an
opportunity and risk losing pieces of your merchant portfolios." 
 
The Internet and personal financial management software like Intuit
Inc.'s
Quicken are "wedges driving financial services into the home," said Adam
Schoenfeld, vice president of publishing at Jupiter Communications in New
York. 
 
Though many attempts at electronic financial services were "poorly
conceived
and executed," he said, banks are serving two million customers by PC,
and
more than three times that number express interest in the medium,
according
to a recent Jupiter-Find/SVP study. 
 
Veterans of earlier, unsuccessful attempts at revolutionizing banking
behavior
like to bat around ideas on why the 1990s are different. 
 
One obvious reason is the breakneck spread of personal computers into
consumers' homes. Huntington Bancshares senior vice president William
Randle, a conference co-chairman, cited an October survey that said 19
million U.S. households now use home computers for some aspect of
financial management. 
 
He also showed a commercial that touted the home banking capabilities of
Packard Bell's products. "When manufacturers of computers start
advertising
banking as an application, times are moving fast," he concluded. 
 
There were other ideas as well. Gaurang Desai, a vice president at
Montgomery Securities, said vendors and bankers are growing more
comfortable with one another and are working together more productively.
Henry Lichstein, a vice president and technology strategist at Citibank,
said
banks are learning how to market on-line services so they are attractive
to
consumers. 
 
Pointing out that Citibank has offered home banking for a decade, he said
the
program began "in earnest" last year when the bank stopped charging for
it.
 
In 1996, Mr. Lichstein said, "the big change was the Internet." 
 
And David Frankel, banking business manager at the Prodigy on-line
service,
recalled that when his company introduced on-line banking in 1988, it
fell flat.
 
Prodigy has spent the last eight months reconstructing its service for
the
Internet. "People are moving to the Internet directly at almost alarming
speed," Mr. Frankel said. "We have recognized the future of the Internet
and
the ultimate demise of proprietary on-line services." 
 
Several speakers predicted that the introduction this year of television
sets
with Web browsers will jump-start home banking for the mass of consumers.
 
In the Jupiter Communications survey, 25% of households with personal
computers said they "would prefer to get their electronic financial
services
through the television," said Mr. Schoenfeld. 
 
Mr. Lichstein defined the task at hand -- "the process of anticipating
change
and aligning oneself to it" -- as "finding the strategic groove." 
 
Something is in a strategic groove, he said, when "if we do not step up
to the

challenge, someone else will." By that definition, Mr. Nigg was
describing
strategic grooves for the Internet and smart cards, particularly Mondex,
which can operate as both a real-world cash substitute and a
virtual-world
payment transmission device. 
 
Mr. Lichstein put smart cards and consumer electronic banking in that
very
context. "The strategic groove in home banking," he said, "is in full
swing." 
 
Critical or dissenting voices were pretty much drowned out. Charlotte
Wingfield, a KPMG Peat Marwick partner, said she got a respectful
reception to what she called the only presentation covering the biggest
mode
of banking distribution -- the branch. 
 
Citing a consumer survey KPMG commissioned from Yankelovich Partners,
Ms. Wingfield concluded that "the branch's demise is greatly
exaggerated."
Her data indicated that even frequent PC users put "banking in person"
ahead
of software-based services on their list of preferences. 
 
Agreeing with Ms. Wingfield, a member of the audience who works for a
technology company grumbled about the pro-virtual majority. "They make it
sound like everybody has to be on the Internet by next Tuesday, or
they're
toast. That just isn't the case." 
 
Even a bank executive from the Northeast who is well versed in the
Internet
and intranets said, "I think it's all hype." 
 
In one session that devolved into a small-scale cat fight among software
vendors, a Microsoft Corp. executive was trying to take the high road:
Other
purveyors of personal financial management software divulged the number
of
users they had doing on-line banking, but he wasn't going to play the
numbers
game. 
 
A representative of Intuit said 400,000 people were banking on-line
through
Quicken and BankNow. The chief executive of Meca Software said he had
200,000 active users. 
 
When Microsoft's turn came, Richard Bray, a product manager, kept
insisting that 10% of Microsoft Money users were doing on-line banking.
When pressed for specific numbers, he would go no further. 
 
Unluckily for Mr. Bray, he was also scheduled to speak again later in the
day
about the Microsoft Network for the Internet. It was in that speech that
he
casually said: "Two and a half million people use Microsoft Money." 
 
And 10% of 2.5 million would be ... William N. Melton, founder and
president of Cybercash Inc., was torn within himself. He took a break
from
the American Banker conference to fly to the giant Comdex computer trade
show in Las Vegas and returned with what he termed a "manic-depressive
problem."
 
When he first arrived in Scottsdale, he became "manic" when he learned
that
the bankers there had apparently gotten religion on the subject of the
Internet. 
 
"We've been trying to talk to bankers for a long time, and said, 'The
Internet
is really here,"' he said. "I didn't think they were really getting it."
 
After jetting off to Comdex, though, he became "depressed" that while the
250,000 people attending the show were "all doing nothing but thinking
about
the Internet," they didn't seem to be moving quickly enough toward
on-line
commerce. 
 
"We've been working on SET (the Secure Electronic Transactions protocol)
for one to one and a half years, and hopefully within six months we'll
have
interoperability tests," Mr. Melton said with some disdain. 
 
After returning to Arizona, Mr. Melton swung back to manic mode. Hearing
details about MasterCard's buy into Mondex persuaded him that "maybe it's
going to happen." 
 
Mr. Melton was emphatic about what was needed to help make "it" happen:
he called on banks to "unilaterally issue digital certificates" to get
customers
accustomed to on-line commerce and comfortable with evolving privacy and
security measures. 
 

Mr. Melton and Mr. Bertman, general manager of the Internet commerce
division at Verifone (another company Mr. Melton founded), acknowledged
some other impediments or potential obstacles.
 
"By 2000, the privacy issue will have really hit," Mr. Melton predicted.
He
said the negative consequences of such an explosive political issue could
be
mitigated by banks' convincing the public they have addressed it. But he
warned of "a huge public debate." 
 
Mr. Bertman said the industry must help consumers and merchants make
sense of a dizzying array of payment methods and options. Verifone and
Cybercash, among others, have proposed "virtual wallets" as a solution. 
 
"Technologists tend to oversimplify the payments world," he said, "but
there
are some very complex issues" that financial institutions are best placed
to
resolve. 
 
Mr. Bertman added that while most discussions have focused on the on-
line
consumer, bank-merchant relationships are at least as critical and have
been
"underestimated and under-understood." 
 
"There is a question of how many banks do you need on the Internet," Mr.
Melton said. "This is not a polite question, but it's going to become
very
competitive - more so than in the physical world where you are protected
by
the walls of geography." 
 
Mr. Melton was ready to declare victory on the security issue, saying,
"It's
essentially done." 
 
Given the availability of data encryption techniques and specifications
like
SET, which is being developed by MasterCard and Visa, he said: "Tell your
customers, 'Don't worry. We'll take care of it'." 
 
Mr. Bertman said the SET development process will take well into next
year,
but the card industry should move ahead with Internet payments." Sholom
Rosen, a vice president at Citibank who has invented a computer-
to-computer electronic money system, raised a red flag. 
 
He said electronic currencies like those being promoted for the Internet
--
Citibank's is not among them -- raise security issues different from
those in
conventional commerce, and they are not fully addressed by "strong
encryption and protocols." 
 
For example, Mr. Rosen said, counterfeit losses are conventionally borne
by
the party who is discovered passing fake currency. In on-line commerce,
the
issuer of money -- likely a bank -- is the victim, with consequences for
solvency and systemic risk that Mr. Rosen said haven't been thought
through.
 
Mr. Rosen stated in an interview that Mr. Melton and others are in an
"entrepreneurial mode" and understandably eager to embrace exciting new
things. 
 
"Comdex is fine, but banks are in the business of having to manage
risks,"
Mr. Rosen said. 
 


ABA Banking Journal: November, 1996
 
Are You "Toast"? 
 
By William W. Streeter
 
Has anyone walked up to you recently and said, "You're toast"? As you
might surmise, the question has nothing to do with sun or food. It has to
do
with history, as in, "You're history, pal."
 
And that's how author Don Tapscott meant it when he used the expression
in
his presentation at the ABA Annual Convention last month. 
 
He was speaking about the digital revolution, and with the single word
"toast," he likely captured the collective angst of most people in the
room. 
 
As author of the best-selling book, The Digital Economy, Tapscott is a
prophet of the new order resulting from the digitizing of information.
Like
many of his ilk, his presentation was both mesmerizing and unsettling. He
spoke of the likely disappearance of entire industries under the
onslaught of
the Internet, specifically referencing travel agents and food
wholesalers. 
 
He didn't foretell that fate for banking, but he did speak of the
"disintermediation" of the middleman. 
 

"If you're in the middleman business, start looking for a job," he said. 
 
It shouldn't take long to realize that banking falls under that heading. 
Consider
that traditional banking is deposit intermediation, while the more recent
additions to the business have largely been brokerage. Sounds like a
"middleman" business to us. 
 
Tapscott urged bankers to "reintermediate." We haven't a clue what that
means, but he did cite examples of several banks that have embraced the
Internet -- Security First Network Bank being one (look for an update on
it
next month); Wells Fargo and The Bank of Montreal being two others. 
 
There's no denying that certain business have been displaced by
electronics.
The advent of desktop publishing software, for example, radically altered
the
"pre-press" and typesetting business that thrived pretty much since
Gutenberg. Typesetting in particular was wiped out by computers in the
space of about ten years. The function of putting words into type didn't
disappear, it was simply transferred to publications' staffs, at a
considerable
savings. 
 
Those publications themselves face a challenge with the emergence of the
Internet as a radically different means of disseminating information. 
 
Is banking similarly challenged? The answer without a doubt is "yes."
Will the
industry disappear like the typesetters? There are two considerations in
answering that question. First, the typesetting business disappeared
because
electronics gave publishers greater flexibility at less cost. The same
case is
made by proponents of banking via the Internet, but it's not clear yet
whether
a majority of people and businesses are ready to do banking that way. 
 
Second, "banking" and "industry" are labels. The functions performed
under
those labels will of course continue as long as there is money, or more
broadly, exchange of value. 
 
If by being "digitized" a product or service or process becomes more
convenient, more flexible, or less expensive, the marketplace will
embrace it.
And it will probably do so pretty quickly. 
 
None of this says that there won't be a need for people to meet with
people.
Maybe many "face-to-face" meetings will occur by high-quality video
connection. But all of them won't. There will still be a need to be
reassured
about something in person; to shake hands on a deal; or to look someone
in
the eye -- a live eye. 
 
As a proxy for this, consider that e-mail hasn't eliminated the need to
speak
by phone, any more than telephones eliminated the need to write or to see
someone in person. 
 
Changes in fundamental technology have always caused business casualties
-- as with the proverbial buggy whip example. 
 
Part of top management's job is to stay abreast of changing technology,
and
to hire and train people who can communicate in, and deal with, whatever
medium is appropriate. The difference now is that the change to a digital
age
will bring more far-reaching changes than anything seen recently, and is
occurring at dizzying speed. 
 
For sure, money isn't likely to go away soon, and neither, therefore, is
financial services. That should ease some of the angst you may feel under
the
relentless barrage of "The Digital Age." But don't get comfortable
either, or
you will be toast. 


Retail Delivery Systems News: November 22, 1996
 
Mondex Deal Changes MasterCard Strategy
 
Expect some turmoil in the smart card market as MasterCard International,
of New York, readjusts its strategy in the wake of buying a majority
interest
in Mondex, of London, a bank partnership formed to pilot smart cards in
England. 
 
The long-time rumored acquisition represents one of the largest
investments
of a U.S. company in smart card technology.
 
Estimates are that MasterCard paid between $100 million and $150 million
for the majority interest. 
 
MasterCard will adopt Mondex's technology as its strategic chip platform,
the companies say. 
 
This raises questions for the future of pilots, such as the one planned
in New
York City's West Side by Citibank and Chase Manhattan and for the
validity of vendor hardware and software created to work with MasterCash,

analysts say. The New York pilot, which is meant to prove
interoperability of
the MasterCard and Visa systems, already has been delayed until the
second
quarter of 1997. 
 
Additionally, MasterCard has lost several of its key officers in the
MasterCash division, raising questions about who is leading the venture,
RDSN has learned. 
 
"A number of companies would like to see a crystallization of
MasterCard's
strategy with smart cards," says Dave Lott, an analyst with Dove
Associates
in Atlanta. "The deal raises a lot of questions in terms of what are they
going
to do with the product (MasterCash) that they've developed up to this
time." 
 

 
Washington Post: Sunday, November 24, 1996
 
The Uncertain Value of 'Smart Cards' 
 
By Jane Bryant Quinn
 
The next piece of plastic the banks think you ought to keep in your
wallet is a
"smart card." These cards come in several varieties and most aren't ready
for
mass distribution. But pilot projects are forging ahead in Atlanta and
New
York City early next year, and in Canada and several countries abroad. 
 
There's no obvious consumer need for smart cards today. But the bankers
believe that you're going to love them anyway. You may even be mailed one
and urged to try it. 
 
Smart card promoters make the assumption that you hate to carry cash. You
hate fishing for bills and coins to buy a newspaper or a soda. You'd put
down plastic, instead. 
 
This plastic card has money on it, embedded in a computer chip. A $ 20
card, for example, will give you $ 20 in spending power. 
 
If you buy a 75-cent newspaper, the seller will put your card in a
special
terminal and drain off 75 cents. No identification or signature is
required. 
 
You now have a card with $ 19.25 left on it. After spending $ 1 on a
soda,
the value of your card goes down to $ 18.25. If you forget the amount,
you
can check it with a little portable card reader. Some readers also might
list
the last five things you bought. 
 

Don't confuse a smart card with a debit card. When you pay by debit card,
money is moved automatically from your bank account into the merchant's
bank account. With a smart card, however, you first move money from your
bank account onto the card's computer chip. When you buy something, the
money moves from your card to the merchant's terminal and then,
electronically, to the merchant's bank. 
 
If every merchant, street vendor, taxi driver and bus accepted smart
cards,
you wouldn't have to carry cash. To some, that would be a huge
convenience; to others, it's a shrug. But as long as some merchants took
smart cards and others didn't, you'd have to carry both. 
 
Smart cards come in three varieties, some of them more flexible than
others: 
 
* A prepaid, disposable single-purpose card. Telephone cards are a good
example. You pay $ 10 or $ 20 for a card, dial an 800-number, give the
number of your card and then make your telephone call. Minute by minute,
the cost of the call is deducted from the value of the card. When you've
spent
all the money on the card, you throw it out. 
 
* A prepaid, disposable bank card. You buy the card at a bank and can use
it at any store that has a terminal. 
 
* A reloadable card. When your money runs out, you can take it to a bank,
an automated teller machine or a special kiosk and load it up again.
Visa,
MasterCard, Citibank and the Chase Manhattan bank will jointly test a
reloadable card in a section of New York City next year. A reloadable
card
also could serve as your credit card, debit card or ATM card. 
 
What's in it for the banks? Eventually (although not at first), the banks
probably would charge you for the card. There might be a fee when you
used
an ATM to load it up. The merchant also would pay a fee, in return for
getting what is presumably a more secure transaction. 
 
What's in it for consumers? A very little bit of convenience. Putting
down a
card is a tad quicker than fishing out cash. You always have the
equivalent of
exact change. You wouldn't have to count your change, but you'd have to
use the card reader to be sure the merchant's terminal deducted the right
amount. You may or may not pay more for the card than it costs to get
cash
from an ATM. 
 
For a while, the smart cards probably won't have any more than $ 100 on
them and the limit might be lower. So they're strictly for walking-around
money. You'd still need your credit card, debit card or checkbook for
more
serious shopping. 
 
If the card malfunctions -- say, it registers $ 14 when you're sure you
were
carrying $ 36 -- a bank can check the balance on the computer chip, says
Ron Braco, a senior vice president at Chase Manhattan. But if you lose
the
card, it's just like losing cash. You're out the money. 
 
Promoters of smart cards promise a lot of national and international uses
that
aren't yet anywhere in sight. I'll probably wait for them. Banks have a
sales
job to do on people like me who don't find it a nuisance to carry cash.
 
 


Forbes: December 2, 1996
 
Banks are pushing new ATM cards that doubleas a Visa or a MasterCard.
Avoid 'em.
 
Carte Blanche For Crooks 
 
By Alexandra Alger 
 
Chances are that yet another chunk of unsolicited plastic has popped up
in
your mailbox. It is not just another credit card. It's a combination new
ATM
card and charge card. You can use it to withdraw cash from automated
teller
machines, as you do with your current ATM card. Or you can use it to
charge purchases, without having to use your PIN (personal identification
number). "It's as convenient as a credit card, but it's not credit! The
amount
of your purchase is immediately deducted from the balance in your
checking

account," says the brochure sent out by one major bank. And therein lies
the
danger--it's a debit card. We don't like it for three reasons: 
 
* It could give a thief carte blanche to your checking account. In case
of
fraudulent use of your debit card, you are the one who is instantly
out-of-pocket, not the bank. You may have to fight the bank to recover
your
money, and you could lose it completely if you don't report the loss
right
away. Meanwhile, your bank balance and credit line could be depleted, and
your checks could be bouncing all over town. 
 
* You lose the credit float, of 30 days or so, that you get with a
zero-balance
credit card. 
 
* You lose the option of withholding payments--important leverage in case
of
disputed charges. 
 
Banks are flooding the mails with these new cards. Visa has launched a
multimillion-dollar national TV campaign to promote its debit cards,
starring
football superstar Deion Sanders. Some 4,000 U.S. banks, S&Ls and credit
unions are issuing MasterCard- and Visa-affiliated debit cards--double
the
number of a year ago. Most of the nation's biggest banks have already
joined
the party, including California's Bank of America and New York's Chase
Manhattan Corp. (to its new Chemical Bank customers). Citibank is
planning its blitz next year. 
 
For banks, what's not to like? Merchants pay card issuers an
"interchange"
fee--typically 1% to 2% of the transaction value. Some banks even charge
customers $1 to $1.50 a month just to have the card. 
 
Debit cards also help wean bank customers from costly check-writing. It
costs banks $1.10 or so to process every check, but only 27 cents to
handle
a debit card transaction, says Edward Neumann, director of Dove
Associates, a bank consulting firm in Washington, D.C. 
 
Bankers insist that the cards are good for customers, too. "The key is
convenience--that's what we're selling," says John Russell, a spokesman
for
Banc One in Columbus, Ohio, the first bank to offer a debit card and now
the largest issuer of them (over 4 million). 
 
But we think this convenience comes at too high a risk. Some debit- card
crooks are subtle. They'll use swiped debit cards occasionally, charging
up
relatively small amounts. As long as the account holders overlook the
charges
on their bank statements, the party continues. The thief has a kind of
annuity. 
 
Roy Funderburk Jr. learned about this the hard way. The 53-year-old mail
carrier from Alexandria, Va. was going over his bank statement when he
noticed two debit-card charges in one day at an Exxon station he
occasionally used in Washington, D.C. That sent him back to statements
for
previous months. What he found were $1,000 in bogus gas station charges
made over a nine-month period. No charge was more than $20. He hadn't
lost his Visa debit card, so was baffled about the misuse. 
 
Funderburk's branch manager at American Security Bank (now
NationsBank) told him not to worry, he would be reimbursed for his
losses.
But a month later Funderburk got word that he'd only be recompensed for
the fraudulent charges made within the previous 60 days-- $247. He was
out
$761. Funderburk was furious. He went to the Washington Police
Department, the Secret Service--even the FBI. The latter two told him
they
only looked into cases involving at least $5,000. 
 
Finally, on the advice of a lawyer, he took the bank to small-claims
court. He
struck out there, too; the judge shook his head and told Funderburk the
bank
didn't owe him anything under federal bank rules, and there was nothing
he
could do. 
 
The story has a happy ending. Out of the blue, an American Security
lawyer
called Funderburk about settling. Funderburk said he just wanted his
money

back, without interest. Fine, the attorney said. Within hours the money
was
back in his checking account. But what an ordeal! 
 
How had the thief pulled off the thefts? All he needed to get started was
the
number on Funderburk's debit card, perhaps from a discarded receipt. A
phony card could be made, using that number. 
 
Still, Funderburk was lucky. Banks will normally assume liability for
fraudulent use only if you notify them within two days after you miss
your
card. In that case your loss is limited to $50--often, you won't be
charged at
all. But wait any longer, and you could be liable for as much as $500 of
your
own checking account losses. If you fail to report the fraud within 60
days,
the bank doesn't have to give you a cent. 
 
Your chances of getting hit are uncomfortably high. Last year Visa and
MasterCard issuers shouldered $19 million in fraud-related losses on
their
debit cards, says the Nilson Report, an industry newsletter in Oxnard,
Calif.
PIN-related ATM fraud accounts for $100 million to $200 million in annual
losses. 
 
That is small potatoes compared with the estimated $3 billion in annual
credit-card fraud losses (FORBES, Aug. 26). But, says John Wisniewski, a
postal inspector in Pittsburgh:"The bad guys are just starting to figure
out how
to misuse them."
 
One of the more ingenious ATM scams involved a bogus telephone. At an
ATM in Miami, Fla. crooks put plastic sleeves into the card slots. When
customers saw their cards were swallowed by the machine, they picked up
the telephone provided to dial the posted customer service number. 
 
But the phone was provided by the thieves, and the posted number put
customers in touch with a thief, not a bank employee. The thief then
asked
customers for their PIN as identification and promised that replacement
cards
would be mailed out in a matter of days. 
 
The crooks then plucked out the stuck ATM cards with tweezers and were
off to the races. 
 
Our advice is to avoid the ATM-debit card. When your ATM card expires,
request a simple replacement instead of the new combo card you'll be
mailed. In our view, the risks of the combo far outweigh the potential
rewards.