American Banker: Friday, November 22, 1996 MasterCard Raps Visa Security After Theft By JEREMY QUITTNER The theft of a personal computer with several hundred thousand credit card accounts stored in its memory has led MasterCard to suggest the security procedures of rival Visa are inadequate. The computer, stolen from Visa's San Mateo, Calif., data processing center early this month, contained information transmitted from point of sale machines for 314,000 active credit card accounts -- from Visa, MasterCard, American Express, Discover, and Citicorp's Diners Club. Visa has offered to pay $20 per account, potentially $6.3 million, to replace the cards. Although the five brands reacted quickly to the crime, and there has been no loss due to fraud, the incident shows how account information is vulnerable to fraud and theft from many directions. Michael Stenger, special agent, financial crimes division for the U.S. Secret Service, said criminals will go after account information wherever they can find it. "The computer is seen as a facilitator and a storage point," he said. "The main thing is (the thieves) need the information." Account information from the different credit card networks is commonly routed through MasterCard and Visa processing systems from point of sale machines, and sent to the appropriate party. "The question is, why was the information downloaded?" asked MasterCard spokesman Sean Healy. "We don't do that type of downloading." He said MasterCard stores point of sale information on cartridges in high security locations in its St. Louis processing facility, where it would be "virtually impossible to replicate" the Visa theft. However, David Melancon, a Visa International spokesman, contended, "Any card company that processes transactions" downloads account information. Jerome Svigals, a smart-card and security consultant in Redwood City, Calif., said Visa would have downloaded this information only if it was working in the capacity of Vital Processing Services, its merchant processing arm. He added the computer probably contained magnetic stripe information, such as account numbers, expiration dates, and encrypted verification codes. "There is little or no protection against this problem," he said. Visa said it may have been an inside job, although no one has been arrested. The thief or thieves were probably more interested in the computer hardware than the account information, Visa said. "We have had rigorous plant security, but obviously not secure enough," Mr. Melancon added. Visa, which said the vast majority of affected accounts were its own, said it immediately contacted all the parties involved and recommended they get in touch with cardholders. Mr. Healy said the stolen computer contained information on accounts at 500 of MasterCard's member banks. "We are recommending they close the affected accounts and issue new cards," Mr. Healy said. "We are monitoring authorizations very closely and have issued a worldwide security alert." American Express, on the other hand, has chosen to monitor its own accounts without informing cardholders. It would not specify how many of its accounts were involved. "The accounts are being monitored for fraud, but we have not found any," said Gail Wasserman, an American Express spokeswoman. Diners Club and Dean Witter, Discover & Co. said they were taking measures to protect their cardholders. American Banker: Friday, November 22, 1996 Bank Group Issues Guidelines for Protecting Consumer Privacy By Barbara A. Rehm Retail bankers on Thursday unveiled a nine-point plan to safeguard financial information about their customers. The Consumer Bankers Association is providing the privacy blueprint to its members, 900 financial institutions with more than $2.5 trillion in assets. "We are confident that these guidelines will enable our members to continue delivering top-quality service and choice while maintaining the trust of consumers," said Pam Flaherty, Citibank senior vice president and a member of trade group's board. The guidelines, in the works for two years, are designed to help banks maintain customer confidentiality standards even as new technologies speed information processing. For example, under the plan, banks "will limit the use and collection of information about our customers to what is necessary to administer our business, provide superior service, and offer opportunities that we think will be of interest to them." The blueprint also notes that banks will provide data about their customers only to "reputable information reporting agencies." The Consumer Bankers issued the privacy guidelines to show the federal government that the banking industry is policing itself and no new regulations are needed. American Banker: Friday, November 22, 1996 Get On-Line Quickly or Get Left Behind By JENNIFER KINGSON BLOOM and JEFFREY KUTLER Almost 600 people paid a quick visit this week to a future in which most consumers carry smart cards, do most of their banking and shopping on the Internet, and rest assured that their financial institutions have taken all necessary steps to ensure payment security and personal privacy. By now the bankers among the 600 have returned to a reality in which most chief executive officers don't know much about personal computers, pay more attention to commercial loan spreads and credit card profitability than to information technology, and still need convincing to pour a lot of investment capital into creating the aforementioned future. The vision of the possible appeared at American Banker's second annual conference on financial services in cyberspace. After three days of almost boundless enthusiasm for electronic cash and virtual banking, these concepts didn't sound futuristic at all. Stirring up a revival-meeting atmosphere, Mondex USA chairman Dudley Nigg referred to Internet banking as "the Holy Grail." But no longer does he consider it beyond bankers' grasp. Giving the opening speech Monday, the Wells Fargo Bank executive vice president decried the industry's past sin of "giving away the branch channel for free and charging for on-line service ... How ludicrous!" After Wells saw the light and dropped its fees for PC users, on-line customers jumped from 20,000 in early 1995 to 270,000 today -- 110,000 of them via the Internet. Mr. Nigg expects two million Internet customers in five years. It provides an unusual opening, he said, to "satisfy customer needs (while) we lower our costs ... That's the kind of economics that chairmen in our industry love to hear about, and is rare in banking. Rare is the channel where costs can be driven down." Mr. Nigg, speaking the same day MasterCard announced its acquisition of 51% of Mondex International, a smart card program he fervently supports, lived up to his keynote billing with the conference's most quotable quote: "If we don't get aboard this train early, we will miss it." He said technology is advancing so quickly and decisively that bankers no longer have the luxury of waiting for lower prices or more definitive outcomes before making a move. "If we regard this as purely hype, we will forfeit this opportunity to others who are waiting in the wings," Mr. Nigg said. "We have traditionally been slow to step up. In the past, second-movers had an opportunity to meet the train. Today, people are waiting for us to act. If we don't do so, somebody else will step in and take our place." "Don't do nothing, waiting to see if Internet commerce is real," said Verifone Inc. vice president Roger Bertman, picking up the theme two days later when discussing bank-merchant relationships. "It is absolutely clear you will miss an opportunity and risk losing pieces of your merchant portfolios." The Internet and personal financial management software like Intuit Inc.'s Quicken are "wedges driving financial services into the home," said Adam Schoenfeld, vice president of publishing at Jupiter Communications in New York. Though many attempts at electronic financial services were "poorly conceived and executed," he said, banks are serving two million customers by PC, and more than three times that number express interest in the medium, according to a recent Jupiter-Find/SVP study. Veterans of earlier, unsuccessful attempts at revolutionizing banking behavior like to bat around ideas on why the 1990s are different. One obvious reason is the breakneck spread of personal computers into consumers' homes. Huntington Bancshares senior vice president William Randle, a conference co-chairman, cited an October survey that said 19 million U.S. households now use home computers for some aspect of financial management. He also showed a commercial that touted the home banking capabilities of Packard Bell's products. "When manufacturers of computers start advertising banking as an application, times are moving fast," he concluded. There were other ideas as well. Gaurang Desai, a vice president at Montgomery Securities, said vendors and bankers are growing more comfortable with one another and are working together more productively. Henry Lichstein, a vice president and technology strategist at Citibank, said banks are learning how to market on-line services so they are attractive to consumers. Pointing out that Citibank has offered home banking for a decade, he said the program began "in earnest" last year when the bank stopped charging for it. In 1996, Mr. Lichstein said, "the big change was the Internet." And David Frankel, banking business manager at the Prodigy on-line service, recalled that when his company introduced on-line banking in 1988, it fell flat. Prodigy has spent the last eight months reconstructing its service for the Internet. "People are moving to the Internet directly at almost alarming speed," Mr. Frankel said. "We have recognized the future of the Internet and the ultimate demise of proprietary on-line services." Several speakers predicted that the introduction this year of television sets with Web browsers will jump-start home banking for the mass of consumers. In the Jupiter Communications survey, 25% of households with personal computers said they "would prefer to get their electronic financial services through the television," said Mr. Schoenfeld. Mr. Lichstein defined the task at hand -- "the process of anticipating change and aligning oneself to it" -- as "finding the strategic groove." Something is in a strategic groove, he said, when "if we do not step up to the challenge, someone else will." By that definition, Mr. Nigg was describing strategic grooves for the Internet and smart cards, particularly Mondex, which can operate as both a real-world cash substitute and a virtual-world payment transmission device. Mr. Lichstein put smart cards and consumer electronic banking in that very context. "The strategic groove in home banking," he said, "is in full swing." Critical or dissenting voices were pretty much drowned out. Charlotte Wingfield, a KPMG Peat Marwick partner, said she got a respectful reception to what she called the only presentation covering the biggest mode of banking distribution -- the branch. Citing a consumer survey KPMG commissioned from Yankelovich Partners, Ms. Wingfield concluded that "the branch's demise is greatly exaggerated." Her data indicated that even frequent PC users put "banking in person" ahead of software-based services on their list of preferences. Agreeing with Ms. Wingfield, a member of the audience who works for a technology company grumbled about the pro-virtual majority. "They make it sound like everybody has to be on the Internet by next Tuesday, or they're toast. That just isn't the case." Even a bank executive from the Northeast who is well versed in the Internet and intranets said, "I think it's all hype." In one session that devolved into a small-scale cat fight among software vendors, a Microsoft Corp. executive was trying to take the high road: Other purveyors of personal financial management software divulged the number of users they had doing on-line banking, but he wasn't going to play the numbers game. A representative of Intuit said 400,000 people were banking on-line through Quicken and BankNow. The chief executive of Meca Software said he had 200,000 active users. When Microsoft's turn came, Richard Bray, a product manager, kept insisting that 10% of Microsoft Money users were doing on-line banking. When pressed for specific numbers, he would go no further. Unluckily for Mr. Bray, he was also scheduled to speak again later in the day about the Microsoft Network for the Internet. It was in that speech that he casually said: "Two and a half million people use Microsoft Money." And 10% of 2.5 million would be ... William N. Melton, founder and president of Cybercash Inc., was torn within himself. He took a break from the American Banker conference to fly to the giant Comdex computer trade show in Las Vegas and returned with what he termed a "manic-depressive problem." When he first arrived in Scottsdale, he became "manic" when he learned that the bankers there had apparently gotten religion on the subject of the Internet. "We've been trying to talk to bankers for a long time, and said, 'The Internet is really here,"' he said. "I didn't think they were really getting it." After jetting off to Comdex, though, he became "depressed" that while the 250,000 people attending the show were "all doing nothing but thinking about the Internet," they didn't seem to be moving quickly enough toward on-line commerce. "We've been working on SET (the Secure Electronic Transactions protocol) for one to one and a half years, and hopefully within six months we'll have interoperability tests," Mr. Melton said with some disdain. After returning to Arizona, Mr. Melton swung back to manic mode. Hearing details about MasterCard's buy into Mondex persuaded him that "maybe it's going to happen." Mr. Melton was emphatic about what was needed to help make "it" happen: he called on banks to "unilaterally issue digital certificates" to get customers accustomed to on-line commerce and comfortable with evolving privacy and security measures. Mr. Melton and Mr. Bertman, general manager of the Internet commerce division at Verifone (another company Mr. Melton founded), acknowledged some other impediments or potential obstacles. "By 2000, the privacy issue will have really hit," Mr. Melton predicted. He said the negative consequences of such an explosive political issue could be mitigated by banks' convincing the public they have addressed it. But he warned of "a huge public debate." Mr. Bertman said the industry must help consumers and merchants make sense of a dizzying array of payment methods and options. Verifone and Cybercash, among others, have proposed "virtual wallets" as a solution. "Technologists tend to oversimplify the payments world," he said, "but there are some very complex issues" that financial institutions are best placed to resolve. Mr. Bertman added that while most discussions have focused on the on- line consumer, bank-merchant relationships are at least as critical and have been "underestimated and under-understood." "There is a question of how many banks do you need on the Internet," Mr. Melton said. "This is not a polite question, but it's going to become very competitive - more so than in the physical world where you are protected by the walls of geography." Mr. Melton was ready to declare victory on the security issue, saying, "It's essentially done." Given the availability of data encryption techniques and specifications like SET, which is being developed by MasterCard and Visa, he said: "Tell your customers, 'Don't worry. We'll take care of it'." Mr. Bertman said the SET development process will take well into next year, but the card industry should move ahead with Internet payments." Sholom Rosen, a vice president at Citibank who has invented a computer- to-computer electronic money system, raised a red flag. He said electronic currencies like those being promoted for the Internet -- Citibank's is not among them -- raise security issues different from those in conventional commerce, and they are not fully addressed by "strong encryption and protocols." For example, Mr. Rosen said, counterfeit losses are conventionally borne by the party who is discovered passing fake currency. In on-line commerce, the issuer of money -- likely a bank -- is the victim, with consequences for solvency and systemic risk that Mr. Rosen said haven't been thought through. Mr. Rosen stated in an interview that Mr. Melton and others are in an "entrepreneurial mode" and understandably eager to embrace exciting new things. "Comdex is fine, but banks are in the business of having to manage risks," Mr. Rosen said. ABA Banking Journal: November, 1996 Are You "Toast"? By William W. Streeter Has anyone walked up to you recently and said, "You're toast"? As you might surmise, the question has nothing to do with sun or food. It has to do with history, as in, "You're history, pal." And that's how author Don Tapscott meant it when he used the expression in his presentation at the ABA Annual Convention last month. He was speaking about the digital revolution, and with the single word "toast," he likely captured the collective angst of most people in the room. As author of the best-selling book, The Digital Economy, Tapscott is a prophet of the new order resulting from the digitizing of information. Like many of his ilk, his presentation was both mesmerizing and unsettling. He spoke of the likely disappearance of entire industries under the onslaught of the Internet, specifically referencing travel agents and food wholesalers. He didn't foretell that fate for banking, but he did speak of the "disintermediation" of the middleman. "If you're in the middleman business, start looking for a job," he said. It shouldn't take long to realize that banking falls under that heading. Consider that traditional banking is deposit intermediation, while the more recent additions to the business have largely been brokerage. Sounds like a "middleman" business to us. Tapscott urged bankers to "reintermediate." We haven't a clue what that means, but he did cite examples of several banks that have embraced the Internet -- Security First Network Bank being one (look for an update on it next month); Wells Fargo and The Bank of Montreal being two others. There's no denying that certain business have been displaced by electronics. The advent of desktop publishing software, for example, radically altered the "pre-press" and typesetting business that thrived pretty much since Gutenberg. Typesetting in particular was wiped out by computers in the space of about ten years. The function of putting words into type didn't disappear, it was simply transferred to publications' staffs, at a considerable savings. Those publications themselves face a challenge with the emergence of the Internet as a radically different means of disseminating information. Is banking similarly challenged? The answer without a doubt is "yes." Will the industry disappear like the typesetters? There are two considerations in answering that question. First, the typesetting business disappeared because electronics gave publishers greater flexibility at less cost. The same case is made by proponents of banking via the Internet, but it's not clear yet whether a majority of people and businesses are ready to do banking that way. Second, "banking" and "industry" are labels. The functions performed under those labels will of course continue as long as there is money, or more broadly, exchange of value. If by being "digitized" a product or service or process becomes more convenient, more flexible, or less expensive, the marketplace will embrace it. And it will probably do so pretty quickly. None of this says that there won't be a need for people to meet with people. Maybe many "face-to-face" meetings will occur by high-quality video connection. But all of them won't. There will still be a need to be reassured about something in person; to shake hands on a deal; or to look someone in the eye -- a live eye. As a proxy for this, consider that e-mail hasn't eliminated the need to speak by phone, any more than telephones eliminated the need to write or to see someone in person. Changes in fundamental technology have always caused business casualties -- as with the proverbial buggy whip example. Part of top management's job is to stay abreast of changing technology, and to hire and train people who can communicate in, and deal with, whatever medium is appropriate. The difference now is that the change to a digital age will bring more far-reaching changes than anything seen recently, and is occurring at dizzying speed. For sure, money isn't likely to go away soon, and neither, therefore, is financial services. That should ease some of the angst you may feel under the relentless barrage of "The Digital Age." But don't get comfortable either, or you will be toast. Retail Delivery Systems News: November 22, 1996 Mondex Deal Changes MasterCard Strategy Expect some turmoil in the smart card market as MasterCard International, of New York, readjusts its strategy in the wake of buying a majority interest in Mondex, of London, a bank partnership formed to pilot smart cards in England. The long-time rumored acquisition represents one of the largest investments of a U.S. company in smart card technology. Estimates are that MasterCard paid between $100 million and $150 million for the majority interest. MasterCard will adopt Mondex's technology as its strategic chip platform, the companies say. This raises questions for the future of pilots, such as the one planned in New York City's West Side by Citibank and Chase Manhattan and for the validity of vendor hardware and software created to work with MasterCash, analysts say. The New York pilot, which is meant to prove interoperability of the MasterCard and Visa systems, already has been delayed until the second quarter of 1997. Additionally, MasterCard has lost several of its key officers in the MasterCash division, raising questions about who is leading the venture, RDSN has learned. "A number of companies would like to see a crystallization of MasterCard's strategy with smart cards," says Dave Lott, an analyst with Dove Associates in Atlanta. "The deal raises a lot of questions in terms of what are they going to do with the product (MasterCash) that they've developed up to this time." Washington Post: Sunday, November 24, 1996 The Uncertain Value of 'Smart Cards' By Jane Bryant Quinn The next piece of plastic the banks think you ought to keep in your wallet is a "smart card." These cards come in several varieties and most aren't ready for mass distribution. But pilot projects are forging ahead in Atlanta and New York City early next year, and in Canada and several countries abroad. There's no obvious consumer need for smart cards today. But the bankers believe that you're going to love them anyway. You may even be mailed one and urged to try it. Smart card promoters make the assumption that you hate to carry cash. You hate fishing for bills and coins to buy a newspaper or a soda. You'd put down plastic, instead. This plastic card has money on it, embedded in a computer chip. A $ 20 card, for example, will give you $ 20 in spending power. If you buy a 75-cent newspaper, the seller will put your card in a special terminal and drain off 75 cents. No identification or signature is required. You now have a card with $ 19.25 left on it. After spending $ 1 on a soda, the value of your card goes down to $ 18.25. If you forget the amount, you can check it with a little portable card reader. Some readers also might list the last five things you bought. Don't confuse a smart card with a debit card. When you pay by debit card, money is moved automatically from your bank account into the merchant's bank account. With a smart card, however, you first move money from your bank account onto the card's computer chip. When you buy something, the money moves from your card to the merchant's terminal and then, electronically, to the merchant's bank. If every merchant, street vendor, taxi driver and bus accepted smart cards, you wouldn't have to carry cash. To some, that would be a huge convenience; to others, it's a shrug. But as long as some merchants took smart cards and others didn't, you'd have to carry both. Smart cards come in three varieties, some of them more flexible than others: * A prepaid, disposable single-purpose card. Telephone cards are a good example. You pay $ 10 or $ 20 for a card, dial an 800-number, give the number of your card and then make your telephone call. Minute by minute, the cost of the call is deducted from the value of the card. When you've spent all the money on the card, you throw it out. * A prepaid, disposable bank card. You buy the card at a bank and can use it at any store that has a terminal. * A reloadable card. When your money runs out, you can take it to a bank, an automated teller machine or a special kiosk and load it up again. Visa, MasterCard, Citibank and the Chase Manhattan bank will jointly test a reloadable card in a section of New York City next year. A reloadable card also could serve as your credit card, debit card or ATM card. What's in it for the banks? Eventually (although not at first), the banks probably would charge you for the card. There might be a fee when you used an ATM to load it up. The merchant also would pay a fee, in return for getting what is presumably a more secure transaction. What's in it for consumers? A very little bit of convenience. Putting down a card is a tad quicker than fishing out cash. You always have the equivalent of exact change. You wouldn't have to count your change, but you'd have to use the card reader to be sure the merchant's terminal deducted the right amount. You may or may not pay more for the card than it costs to get cash from an ATM. For a while, the smart cards probably won't have any more than $ 100 on them and the limit might be lower. So they're strictly for walking-around money. You'd still need your credit card, debit card or checkbook for more serious shopping. If the card malfunctions -- say, it registers $ 14 when you're sure you were carrying $ 36 -- a bank can check the balance on the computer chip, says Ron Braco, a senior vice president at Chase Manhattan. But if you lose the card, it's just like losing cash. You're out the money. Promoters of smart cards promise a lot of national and international uses that aren't yet anywhere in sight. I'll probably wait for them. Banks have a sales job to do on people like me who don't find it a nuisance to carry cash. Forbes: December 2, 1996 Banks are pushing new ATM cards that doubleas a Visa or a MasterCard. Avoid 'em. Carte Blanche For Crooks By Alexandra Alger Chances are that yet another chunk of unsolicited plastic has popped up in your mailbox. It is not just another credit card. It's a combination new ATM card and charge card. You can use it to withdraw cash from automated teller machines, as you do with your current ATM card. Or you can use it to charge purchases, without having to use your PIN (personal identification number). "It's as convenient as a credit card, but it's not credit! The amount of your purchase is immediately deducted from the balance in your checking account," says the brochure sent out by one major bank. And therein lies the danger--it's a debit card. We don't like it for three reasons: * It could give a thief carte blanche to your checking account. In case of fraudulent use of your debit card, you are the one who is instantly out-of-pocket, not the bank. You may have to fight the bank to recover your money, and you could lose it completely if you don't report the loss right away. Meanwhile, your bank balance and credit line could be depleted, and your checks could be bouncing all over town. * You lose the credit float, of 30 days or so, that you get with a zero-balance credit card. * You lose the option of withholding payments--important leverage in case of disputed charges. Banks are flooding the mails with these new cards. Visa has launched a multimillion-dollar national TV campaign to promote its debit cards, starring football superstar Deion Sanders. Some 4,000 U.S. banks, S&Ls and credit unions are issuing MasterCard- and Visa-affiliated debit cards--double the number of a year ago. Most of the nation's biggest banks have already joined the party, including California's Bank of America and New York's Chase Manhattan Corp. (to its new Chemical Bank customers). Citibank is planning its blitz next year. For banks, what's not to like? Merchants pay card issuers an "interchange" fee--typically 1% to 2% of the transaction value. Some banks even charge customers $1 to $1.50 a month just to have the card. Debit cards also help wean bank customers from costly check-writing. It costs banks $1.10 or so to process every check, but only 27 cents to handle a debit card transaction, says Edward Neumann, director of Dove Associates, a bank consulting firm in Washington, D.C. Bankers insist that the cards are good for customers, too. "The key is convenience--that's what we're selling," says John Russell, a spokesman for Banc One in Columbus, Ohio, the first bank to offer a debit card and now the largest issuer of them (over 4 million). But we think this convenience comes at too high a risk. Some debit- card crooks are subtle. They'll use swiped debit cards occasionally, charging up relatively small amounts. As long as the account holders overlook the charges on their bank statements, the party continues. The thief has a kind of annuity. Roy Funderburk Jr. learned about this the hard way. The 53-year-old mail carrier from Alexandria, Va. was going over his bank statement when he noticed two debit-card charges in one day at an Exxon station he occasionally used in Washington, D.C. That sent him back to statements for previous months. What he found were $1,000 in bogus gas station charges made over a nine-month period. No charge was more than $20. He hadn't lost his Visa debit card, so was baffled about the misuse. Funderburk's branch manager at American Security Bank (now NationsBank) told him not to worry, he would be reimbursed for his losses. But a month later Funderburk got word that he'd only be recompensed for the fraudulent charges made within the previous 60 days-- $247. He was out $761. Funderburk was furious. He went to the Washington Police Department, the Secret Service--even the FBI. The latter two told him they only looked into cases involving at least $5,000. Finally, on the advice of a lawyer, he took the bank to small-claims court. He struck out there, too; the judge shook his head and told Funderburk the bank didn't owe him anything under federal bank rules, and there was nothing he could do. The story has a happy ending. Out of the blue, an American Security lawyer called Funderburk about settling. Funderburk said he just wanted his money back, without interest. Fine, the attorney said. Within hours the money was back in his checking account. But what an ordeal! How had the thief pulled off the thefts? All he needed to get started was the number on Funderburk's debit card, perhaps from a discarded receipt. A phony card could be made, using that number. Still, Funderburk was lucky. Banks will normally assume liability for fraudulent use only if you notify them within two days after you miss your card. In that case your loss is limited to $50--often, you won't be charged at all. But wait any longer, and you could be liable for as much as $500 of your own checking account losses. If you fail to report the fraud within 60 days, the bank doesn't have to give you a cent. Your chances of getting hit are uncomfortably high. Last year Visa and MasterCard issuers shouldered $19 million in fraud-related losses on their debit cards, says the Nilson Report, an industry newsletter in Oxnard, Calif. PIN-related ATM fraud accounts for $100 million to $200 million in annual losses. That is small potatoes compared with the estimated $3 billion in annual credit-card fraud losses (FORBES, Aug. 26). But, says John Wisniewski, a postal inspector in Pittsburgh:"The bad guys are just starting to figure out how to misuse them." One of the more ingenious ATM scams involved a bogus telephone. At an ATM in Miami, Fla. crooks put plastic sleeves into the card slots. When customers saw their cards were swallowed by the machine, they picked up the telephone provided to dial the posted customer service number. But the phone was provided by the thieves, and the posted number put customers in touch with a thief, not a bank employee. The thief then asked customers for their PIN as identification and promised that replacement cards would be mailed out in a matter of days. The crooks then plucked out the stuck ATM cards with tweezers and were off to the races. Our advice is to avoid the ATM-debit card. When your ATM card expires, request a simple replacement instead of the new combo card you'll be mailed. In our view, the risks of the combo far outweigh the potential rewards.