The articile misses the point. What the credit card cos are worried about is the disclosure of credit card numbers in bulk by merchant servers connected incompetently to the internet. The issue of customer exposure is a non issue, regulation E means that there is no customer risk. There is in fact a distinction between "card present" and "card not present" transactions. AMEX cards for example have an extra group of four digits which are not part of the embossed card number. They are used as additional verification to prove that a card is present. In general a merchant pays a lower commission for card present transactions to reflect the reduced risk. The point of the article is that people running roung like headless chickens because of Internet insecurity miss the main point, the security is no worse than the real world we just have rather higher standards. What it does mean is that people like myself will be able to make a nice living explaining to people what security issues to forget and which ones to worry like hell about. Phill