Forty dollars for a Big Mac? That might sound over the top, but it barely tips the outrage meter when you compare it to the 20,000-percent-interest loan U.S. consumers regularly take out to pay for such $40 burgers. How could this be?

Well, bounced checks just aren't what they used to be.

A new study says that most of the time consumers overdraw their accounts now, bounced checks aren't the culprit. Instead, debit card purchases are chief cause of overdrafts.

Many people don't realize that a carefree swipe of their debit card at a point-of-sale terminal to buy a Big Mac could result in "courtesy overdraft" fee of $30 or more. But such fees are becoming increasingly common. When faced with a transaction that would send a consumers' account into negative territory, banks now regularly approve such transactions, cover the expense, and charge hefty fees.

Financial institutions collected some $10 billion in 2005 through what's sometimes called automatic overdraft protection, according to the new study conducted by the Center for Responsible Lending. The agency reviewed full transaction histories for 5,000 typical American households to determine the cause of bounced check fees.

In its report, called "Debit Card Danger," the Center for Responsible Lending said that 38 percent of overdrafts were caused by debit card, point-of-sale transactions, while paper checks triggered an overdraft only 27 percent of the time. Online bill payments accounted for another 27 percent of overdrafts.

Most consumers have no idea
The trend concerns Eric Halpern, who co-authored the report. He believes many consumers still have no idea how expensive that Big Mac can be.

"If you ask people on the street what would happen if they tried to make a debit card purchase and their account was empty, most people assume the bank would deny it," he said.

Not any more. Beginning several years ago -- no one really knows when -- banks slowly got into the business of granting short-term, high interest loans to consumers when they attempt to overdraw their accounts. Account holders are automatically enrolled in the programs, which are now standard at nearly all banks.

Why are the programs, which many people have never heard of, so popular? Financial institutions that adopt them can expect a huge spike in overdraft revenue -- a spike of 200 to 400 percent, according to the Center for Responsible Lending.

These mini-loans are incredibly expensive. Most debit purchases that force overdraft loans to kick in are for small purchases, the agency says. The median overdraft loan for a point-of-sale transaction is $14.75. The average fee is more than double that amount. And since most consumers pay these loans back within three to five days, the annual percentage rate on a courtesy overdraft loan can be as high as 20,000 percent.

It's clear these loans confuse consumers. When asked, 61 percent said they wished the bank would simply reject the transaction.

In a paper world, fees make sense
Courtesy overdraft can save consumers money in the world of paper checks. The fee is the same as a standard insufficient funds fee, but consumers who would have bounced checks without it won't face additional fees from merchants.

But the advantage ends in the electronic transaction world. Consumers who are unaware of courtesy overdraft do not know that the price of their Big Mac can jump from $1.99 to $42 in an instant.

It's true, as bankers like to say, such fees are avoidable. Consumers can keep tabs on their balances, and as long as they do not live near the edge, dangling their balance near zero, they will never see this fee. And in fact, most consumers never pay overdraft fees. Every consumer who spends money they don't have bears responsibility for that.

But banks shoulder the blame, too, for making it so easy to overdraw -- and for muddying the line between "where the consumers' balance ends and the overdraft protection begins," said Greg McBride, a senior financial analyst at Bankrate.com.

Remember the surge of marketing that began a few years ago encouraging consumers to use debit cards instead of credit card for purchases? Debit cards were supposed to be the safer tool, the preferred tool for consumers trying to be responsible about their personal finances. Because debit-card buyers draw instantly from their own money in their checking accounts, they do not run up high-interest, revolving credit card debts. The implication, of course, was that debit cards would not allow you to spend what you don't have.

Scratch that.

There are other factors that make it easier to fall prey to courtesy overdraft fees. Balancing a checkbook has become a much more complex affair. In an age of Internet banking and multiple automatic payments and deposits, it is easy to lose track of account balances day by day.

Lopsided changes
In addition, the advent of electronic check processing (called Check 21) has meant check deductions are drawn faster from consumers' accounts -- but deposits are still commonly held for three to five days. So consumers need a healthy cushion in their accounts to avoid the near occasion of overdraft sin, and not everyone has such a cushion.

"This hits families who are living paycheck to paycheck," said Halpern. "It is likely at (any) point in time that the consumer does not know their exact balance. But the bank knows the exact balance."

Banks could warn consumers that an overdraft is imminent, he said. But instead, they approve the transaction and collect the fee.

"This is a situation where the bank has much more information than the consumer," he said.

Liz Pulliam-Weston, author of "Deal with Your Debt," and MSN.com personal finance columnist, says that there are easy ways for consumers to protect themselves from overdraft fees. With a simple phone call or visit to a branch, consumers typically can link their checking accounts to their savings account or credit card. Then, if an overdraft occurs, the money to cover the purchase will be drawn from their other accounts. A small fee will apply, but it will generally be a tiny fraction of the potential courtesy overdraft charge. Consumers can also apply for a bank line of credit and link that to their checking account, Weston said.

Many consumers may be confused by the various names for overdraft protection – bounce protection is costly, courtesy overdraft is costly, traditional overdraft protection is not.

But Weston offers a simple rule of thumb. If you are using your own money to cover an overdraft, that's inexpensive. "But, if you are borrowing the bank's money, that's expensive," she said. "Everyone should have true overdraft protection."

Online banking can help also, she said. While bank Web sites don't always provide an exact,up-to-the-moment balance because transactions may not post immediately, the sites are useful for monitoring balances.

There's one more warning consumers should have, Weston said. Not only can they unknowingly overdraw by making debit card purchases, but they can overdraw while getting cash from ATMs, too. That might not sound possible -- after all, once upon a time, ATMs would simply deny withdrawals that exceed balances.

Scratch that, too.

Banks ignore customer data
Many banks now allow consumers to withdraw money from the kitty included in the automatic overdraft protection. Bank customers hate this idea – only 2 percent said they wanted banks to permit such withdrawals and tack on their overdraft fees. Most said they'd rather the withdrawal was rejected.

Instead, banks seem to be encouraging the use of these short-term loans to get cash, perhaps as a way of competing with the tide-you-over short-term loans offered by various paycheck advance loan retail stores. There are reports that banks even pad the "available balance" displayed on ATMs with amounts from the courtesy overdraft kitty. In other words, a consumer might only have $50 in their account, but an ATM might indicate a $250 "available balance." Then a $100 withdrawal would incur that $39 overdraft fee.

It's not clear how common the practice is -- the matter is being examined now by a federal agency in a major overdraft fee study that's due late this year. But McBride said it is indeed happening.

"It's elusive to pinpoint how prevalent this is ... but I know anecdotally that it's happening," he said.

The problem doesn't appear to be extensive. In the Center for Responsible Lending study, only 2 percent said they'd been forced into overdraft protection by an ATM withdrawal.

Still, the only real defense against an ATM that might lie to you about your balance is to keep your own cushion in the account.

An opening shot has been fired in the fight against sneaky credit card fees.

At least that was the impression Elizabeth Warren, one of the credit card industry's leading critics, had after a Senate Banking Committee hearing Thursday.

It's hard to say if it was a cannon shot across the bow or a smoke grenade, however. Fixing the flaws in credit card billing practices requires fundamental changes in consumer protection laws, and it remains to be seen how much of an appetite the new Democrat-controlled Congress will have for offending the industry, which packs a powerful lobbying punch supported by hefty campaign contributions.

Warren, a Harvard law professor and author of "The Two-Income Trap," was one of a host of consumer advocates who undressed card-issuing banks at the hearing, accusing them of a myriad of unfair tactics. High interest rates are just the beginning, Warren said. Late fees, over-limit fees and other "tricks and traps" can hit consumers with effective interest rates of over 115 percent, she said.

"Credit cards are unsafe ... because they are designed to be unsafe," she said. Card issuers make hefty profits from consumers who don't make their payments in full every month, so card issuers are constantly looking for the "sweet spot: Consumers who stumble but don't quite collapse" into bankruptcy, she said.

Few of the complaints about tricks and traps of the industry were new.

But it seems significant that the new Democratic committee chair, Sen. Chris Dodd of Connecticut, chose credit card marketing practices as the subject for only his second hearing as chairman.

Execs on the hot seat
Clearly, the three credit card executives in the room from JPMorgan Chase & Co., Barclaycard US, and Capital One Financial weren't terribly comfortable. All three disavowed common industry practices like universal default and double-cycle billing, a practice JPMorgan Chase just ended recently.

In universal default, card companies regularly check cardholders' credit reports and raise interest rates if the consumer is late on other monthly bills. Double-cycle billing is a confusing practice that allows card firms to retroactively charge interest rates on purchases even after they are partially paid for.

Warren said one in every seven dollars of revenue generated by the industry comes from fees or interest charges that in some cases "it's hard to believe any reputable business would charge."

The credit card market is "broken," Warren said, and in need of regulation that protects consumers akin to product safety laws that regulate automobiles or toasters.

"No one needs to be an engineer to buy a toaster. No one needs to be a crash test scientist to buy a car," she said. "And no one should need to be a lawyer to take on a credit card."

Credit card executives broadly accepted the need for improved disclosure, but didn't budge much beyond that. Fees and interest rates are low for consumers who pay their bills on time, they argued, and credit is more widely available today than ever.

Debate on card company practices can be as confusing as one of those 30-page card-member agreements -- heavily lawyered and full of half truths.

At one point, Richard Vague, CEO of Barclaycard US, asserted that as few as 1 percent of cardholders made only the minimum payments on their card balances every month.
But close to one-third make payments very near their minimum balance each month, said Travis Plunkett, legislative director of the Consumer Federation of America. And Warren said on any given month 20 to 25 percent of consumers make only the minimum payment.

Meanwhile, Capital One's John Finneran, president of corporate reputation and governance, bragged about a tool the firm has to warn consumers of the dire consequences of making only the minimum payments on credit cards. A warning is inserted into customers' bill, he said, urging them to visit a Web site with a calculator that shows the total amount they'll owe if they continue to pay only the minimum.

He didn't mention how many consumers actually read the notice, then visited the Web site and played with the calculator. He also didn't mention putting the total cost of payments, a standard fixture on home loans and car loans, on the actual bill sent home to consumers.

The American Bankers Association did not send a representative, but left an information sheet for reporters bragging about the current state of consumer credit card benefits. Fifteen years ago, the sheet asserts, the average credit card interest rate was 20 percent; now it's 12 percent. And fifteen years ago, most cards had annual fees -- now, very few cards impose such fees.

"Consumer fee levels have remained under control," the fact sheet says.

That's hard to square with the explosive increase in credit card penalty fees -- $17.1 billion collected in 2006, according to a report by R.K. Hammer, and cited Thursday by Dodd. And the interest-rate assertion doesn't factor in the overall cheaper cost of credit today than during the recession of 1991.

The credit card fee debate is of little interest to about half the population, which pays its bills in full each month. Such consumers know little of over-limit fees, double-cycle billing, and the like. But some 50 millions Americans don't pay their credit card bills in full each month and face hefty fees.

The penalty fee issue is critical. Most consumers compare credit cards based on advertised interest rates and perks, said Plunkett. Few if any think enough to compare late fees, over-limit fees, and the like when choosing their credit card. In fact, such comparisons may not be possible. The fees are hard to find, and they can change at any time. That means economic forces that would normally keep such prices in check are not at play.

"The market is broken," Warren asserted. "If the consumer can't tell a safe card from a dangerous one, then the marketplace will not reward the safe card issuer."

Sen. Robert Bennett, R-Utah, seemed incredulous at this, and asked the credit card executives present -- who had disavowed some controversial fees - why they wouldn't advertise their fee-free qualities.

"It seems (you) would want to make it a competitive advantage," he said.

The same old tricks
But low up-front pricing followed by confusing back-end fees is a standard trick of American pricing now. Consumers never respond to reverse advertising that suggests, "We won't screw you like the other guy." They respond to price points. In fact, companies that don't charge hidden fees are often penalized in a regulatory environment that allows them.

In a landmark economics paper published last year called "Shrouded Attributes, Consumer Myopia, And Information Suppression In Competitive Markets," MIT professor Xavier Gabaix and Harvard professor David Laibson described the inevitability of hidden tricks and traps in today's marketplaces. Bennett and any other legislator interested in helping consumers get a fair deal from credit card companies would do well to read their paper.

Robert Manning, author of "Credit Card Nation," who also testified Thursday, was skeptical that sweeping reform was in the offing. Instead, he expects a law that bans some of the industry's more unsavory fees -- many, like universal default, have been fallen out of vogue anyway.

It should be obvious that middling legislation won't work, as credit card fee-makers will simply go back to the drawing board and cook up new and ingenious traps for taking money. Only a comprehensive law that requires clear, up-front pricing will do any good.

Warren, who argues "The Two-Income Trap" that American families now live closer to the financial edge than ever before, was much more optimistic. Senators from both sides of the aisle are now seeking her counsel, she said. And credit card firms seem to be backing off on some issues.

In the last legislative session, Dodd, introduced legislation to reign in fees called the "Credit Card Accountability Responsibility Act." The law would ban some excessive interest charges and fees. As banking chairman now, it's reasonable to expect some form of the bill will make be approved by the committee.

But Warren warned that Congress must act soon. A slowdown in the housing market, combined with the new, tougher bankruptcy law which took effect last year, could soon put the squeeze on credit card debtors.

"It's time for safety regulation in credit cards," she said. "Fifty-one million Americans need your help, senators, and they don't have much time."

The resurgence of spam is generating a lot of attention right now, so here's a quick explanation of what's going on, and what to do about it.

One reason spam is once again clogging up your inbox: Spammers have turned anti-spam technology against us right now.

Many Web sites require users to create accounts by typing in a word or scrambled letters that appear in a graphic (and sometimes, that word is too hard to see). That technology is called CAPTCHA, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart. Web site designers employ this tedious process because it prevents spammers from creating millions of fake accounts -- it turns out to be a very difficult problem for computers to "read" images.

Frustrated by CAPTCHA, spammers turned the tool on its head. Now, about half of all spam comes as pictures, which are often impossible for computers to distinguish from snapshots of the grandkids. Image spam is the big reason your inbox seems out of control again. A more detailed explanation of what's going on was provided in Friday's column.

Similar to the problem of computer viruses, there is no simple solution for spam. Instead, it's a cat-and-mouse game between the bad guys and the companies trying to send us our e-mail. So unfortunately I can't tell you precisely what to do to clean up your inbox. But there are some things you can do to minimize your exposure to spam, and to help the institutions that are fighting it.

The first and most important step: Remove your e-mail address from any Web sites where it appears. Web "scraping" of addresses is still an effective tool for spammers. Don't make their job any easier. If you must post the address, turn it into an image and post that. You might as well use the techniques the spammers use.

Guard your e-mail address like your credit card number. Only give your primary address to people you trust. Create "junk" accounts for newsletters and Web sites that force you to log in with an e-mail address. When they get overrun with spam, discard them.

Also, when at all possible, don't open e-mail from people you don't know. Opening some spam automatically sends a message, sort of like a return receipt, back to the spammer. Now he or she will know you're a live person, and you'll never hear the end of it.

For additional information on spam, you can browse through some of the stories we've done at MSNBC.com, including a project called "Spam Wars" we published a couple of years ago. At the home page for the project is an interesting infographic on the cat and mouse games spammers and anti-spammers play.

You'll also find out what happens when you answer spam in "Who profits from spam?"and see what's going on ""In the trenches of the 'spam wars.'"

For a more detailed list of suggestions, click through Spam: What is it and how to fight it.

Additional tools:
*If you really want to get involved in fighting spam, you'll have to learn how to read e-mail headers, then regularly send complaints to Internet service providers that spammers use. Here's a simple primer on reading headers is available here.
*A fascinating article by Paul Graham on the origins of the spam-fighting efforts, and the creation of intelligent filters to fight spam, is located here:
*A thorough description of word salad -- those random text blocks you see in unwanted e-mail
*A great blog on all things spam
Spam is governed by the CAN-SPAM Act, which sets out the legal requirements for commercial e-mailers. Many doubt the laws efficacy, but the Federal Trade Commission explains the highlights
*The agency also asks anyone receiving spam to forward it to the agency, so it has a database of real spam to pick through when it is filing CAN-SPAM complaints.
Reports can be filed at the agency's spam Web site
*Those receiving stock-related spam should also send a copy to the Securities and Exchange Commission, which files spam securities fraud cases, at enforcement@sec.gov.

If you feel like your inbox is suddenly overrun with spam again, you are right.

Not long ago, there seemed hope that spam had passed its prime. Just last December, the Federal Trade Commission published an optimistic state-of-spam report, citing research indicating spam had leveled off or even dropped during the previous year.

Instead, it now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.

In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now.

"Traditional methods have failed spammers, so they are resorting to more and more sophisticated tactics," said Dave Mayer, a product manager at IronPort, which makes anti-spam products.

The tactics are working. There are 62 billion spam messages sent every day, IronPort says, up from 31 billion last year. Now, spam accounts for three of every four e-mails sent, according to another anti-spam firm, MessageLabs.

Image spam is a big part of the resurgence of unwanted e-mail. By using pictures instead of words in their messages, spammers are able to evade filters designed to detect traditional text-based ads. New computer viruses have contributed to the uptick, also, particularly a surprisingly prolific Trojan horse program called "SpamThru" that turns home computers into spam-churning "bots."

Some small organizations are having real trouble with the spam surge, IronPort officials say. One county government office called the firm after its mail server shut down. "(It) could not even slowly process mail," said IronPort spokeswoman Suzanne Matick. "They ended up with no mail going to their 7,500 users for seven days." She declined to identify the agency, citing confidentiality agreements.

Of course, there wouldn't be this much spam if it didn't work.

Concentrated stock spamming has the ability to send share prices of penny stocks soaring, said Graham Cluley, a consultant for computer security firm Sophos.

"They absolutely storm up in value. And then there's the inevitable fall," he said.

Last summer, California-based Southern Cosmetics was forced to issue warnings to investors after spam campaigns touting shares of the company. During one such campaign, the firm's stock value rose from below 1 cent per share to a high of 6.6 cents.

The Securities and Exchange Commission has prosecuted some spam pump-and-dumpers, and on other occasions, has suspended trading in firms after it spotted a spam campaign. But the agency can hardly keep up with millions of stock spams each day.

Attempts to manipulate stock prices through e-mail are nothing new, said John Reed Stark, chief of the Securities and Exchange Commission's Office of Internet Enforcement. But despite the agency's "hefty track record of bringing cases" against spammers, the technique persists.

No clicks required
Stock spam is effective because no Web link is required, Cluley said. In old-fashioned spam, criminals generally try to trick recipients into clicking on a link and buying something. Many e-mail programs now block direct Web links from e-mails, rendering click-dependent spam much less effective. But stock messages merely have to make the recipient curious enough about a company to motivate him or her to buy a few shares through a broker.

There is another element that helps perpetuate stock spam, Stark said – he believes speculators unrelated to the original spam sometimes try to "play the momentum" surrounding a spam campaign – either getting in early on a pump-and-dump campaign to profit as shares rise, or by "shorting" stocks, betting that they will fall after the spam campaign flames out.

"There are all these people pushing the envelope in sometimes desperate ways to try to make money," Stark said.

Image spam, which seems not inseparable from stock spam, can arrive entirely devoid of text, but that's not common. Most messages have what appears to be nonsense text pasted above and below the image. Experts call this "word salad," or "good word poisoning." Below this story, we've pasted some examples of what we call "spam haiku." Here's one:

"I thought I was Train cars derail, catch fire in KentuckyMassive fireIdol begins this week!"

'Word salad,' or not-so-random text
The word jumble is generally borrowed from news headlines or classic books like Charles Dickens' "David Copperfield," the text of which are often available online. The seemingly random text actually serves and important purpose -- to foil or confuse word-based spam filtering. Many spam filters determine the likelihood that a message is spam based on the individual words in the body of the e-mail. The presence of obviously spamish words like "Viagra" or "sexy" tilts filters to categorize a mail as spam and block it or route it to a junk mail folder. But because normal conversational words tend to persuade filters that a message is legitimate, spammers paste in bits and pieces of text to fool the filters. There's debate about how well that trick works, but there's no debate about how much word salad there is – it's everywhere.

Spammers continually refine and combine their techniques, said Doug Bowers, senior director of anti-abuse engineering at Symantec. The firm recently found spam attached to legitimate newsletters that appear to be from big companies, including a Viagra ad atop a 1-800-Flowers e-mail newsletter and another on an NFL fantasy league letter. Such e-mails are simply spam masquerading as authentic, with real content borrowed from legitimate companies. They are similar to phishing e-mails, and so are much more likely to be opened by recipients than traditional spam, Bower said.

"They craft an e-mail that looks like a newsletter, but change as little as a single line and insert an image," Bower said. "As in phishing, they are copying the look and feel of the legitimate e-mail."

One way companies are combating image spam is to turn off all images arriving in inboxes. But that can be a draconian measure, as it will cut off pictures of grandchildren, too.

'Never invest based on spam'
Consumers can sometimes spot image spam without opening the message, thanks to hyped-up subject lines like this: "MHII.OB Best terms and conditions for your investments."

Spotting spam before you open it is a plus -- sometimes spam messages contain small images that report back to the sender as soon as a message is opened, teaching the spammer that your e-mail address is valid. More spam is sure to follow.

But in some cases there is no way to tell if a message is spam without opening it. So for now, the best defense consumers have is their delete key -- and a heavy helping of skepticism when investing based on anonymous tips.

The SEC's Stark puts it bluntly: "Never invest based on spam."

SOME SAMPLE "SPAM HAIKU"

EXAMPLE 1:
This is directly from a Harry Potter book;
deep sleep. I found myself out in public, in the middle of the match,
and I saw, in front of me, a wand sticking out of a boys pocket. I had
not been allowed a wand since before Azkaban. I stole it. Winky didn't

EXAMPLE 2
Many others are just jibberish
Brother simon, simons wife maria garcia.
Known remarks has ties san jose california idaho. The charred remains woman! Wife maria garcia who both been charged accessory.
People in elmore county the charred remains, woman her? Raul solario solorio date.

EXAMPLE 3
This is truly word salad
Male build, medium race. Sons aged, four were found inside burned out vehicle.
May have fled michoacan be traveling with his brother.
Out vehicle on august, each.
Dangerous if you, any concerning. Of ten most wanted fugitive, jorge, alberto? Garcia who both been charged!
Most wanted fugitive jorge alberto.
Either head or chest considered armed extremely.

EXAMPLE 4:
Clearly compiled from various news sources
an extremely guiltyIdol begins this week! Train cars derail, catch fire in KentuckyMassive fireNigeria clashes prompt Shell evacuationsgoing to be an architect,

EXAMPLE 5:
Hard to say where this comes from
Christian saint video graphics chip amiga mato. Human if, an article link led you.
Poetsaint christian saint video graphics chip amiga mato, grosso.
By randy ho singer! Human if an article, link led you.
Meanings etymology and see can refer toin.
Modified, december all text available under terms gnu. The free denisefrom to navigation searchlook up in wiktionary. Saint video graphics chip, amiga mato grosso, brazilthis.

EXAMPLE 6
This is a jumbled passage from Charles Dickens' "David Copperfield"Confused blind way, to recall how I had felt, and what sort of boy boys especially the smaller ones were visited with similar a child, and the natural reliance of a child upon superior years determination to do better tomorrow. Mr. Creakle cuts a joke
was the same with the places at the desks and forms. It was the confused blind way, to recall how I had felt, and what sort of boy boil. On seeing the master enter, the old woman stopped with the was standing opposite, staring so hard, and making me blush in

Of all the fibs uttered to you by corporations, here's the one I bet you are least likely to fall for: "Your call is important to us."

It's usually followed by a sentence you wish weren't true: "It will be answered within 22 minutes."

Ah, the classic dance of the customer service call. When you're in it, you'd rather be doing anything other than listening to that hold music. Your sense of powerlessness grows as Barry Manilow reminds you how much you'd rather be spending a weekend in New England.

And yet, what happens when someone finally answers the phone is worth a lot of money to you. Getting mad won't get you anywhere. What you want is to get your money. Here are 20 ways to increase your chances of success with customer service, complete with insider tips from operators who answer complaint calls every day.

During his 2005 Customer Rage survey (the fact that such a thing even exists should tell you something) consultant Scott M. Broetzmann found that 70 percent of consumers experienced rage in the past 12 months. Perhaps that's because 25 percent had one incident that took at least nine hours of complaining to resolve.

Like death and taxes, these blood-boiling phone calls are now inevitable for all of us. Anyway you look at it, the call will cost you. Whether it's your lunch break, work time, or a Saturday afternoon on the rocking chair, calling customer service will rob you of valuable time. And while you wait, your blood pressure will almost certainly rise, leading you to perhaps be not at your level-headed best when you finally get your turn.

But if you let your frustration get the better of you, you've really wasted those 22 minutes, or however long it took for Barry Manilow to win back Mandy. So the first rule of a successful customer service call is maintaining composure. Perhaps this mantra will help:

Don't get mad. Don't get even. Get your money. Now, how to do that?

Before you call
There are many things you can do even before you pick up the phone to increase your chances of success. One: Make sure you have a decent speakerphone. Nothing makes those 22 minutes pass more slowly than a strained neck from pressing the phone against your ear. If you can move around while you're waiting -- say if you can fold the laundry -- the time won't feel quite as wasted.

It's also important to be realistic about your time investment. If you're trying to challenge a hidden fee on your cell phone, don't place the call when you have to leave for work in seven minutes. Two: Set aside at least a half hour to confront the problem.

Three: Get a human. Of course, negotiations cannot begin until you get someone to negotiate with. Most U.S. companies will force you through a frustrating automated telephone tree. In the business, they're called IVR systems, for Interactive Voice Response. There might be times when these work for you, say, if you just need to hear an account balance. But most times, you'll want a person. A visit to Paul English's GetHuman.com Web site is in order. There, armed with information from thousands of volunteers, English publishes the tips to faking out IVRS systems (For Telecheck, for example, the site says, Press 1, 3, * at the prompts.) and getting an operator on the line.

The most important precall tip is this: Four: Gather your evidence. Nothing makes customer service calls go more smoothly than specifics, particularly when you get into the nitty-gritty of negotiating with underpaid, overstressed customer service representatives.

Get a human, be human
After you get a human, remember tip Five: Act like a human. You may want to start out by shouting "This is the 10th time I've had to call to get that overdraft fee refunded," but it's still the operator's first time talking to you. Save the yelling for the moon.

Here's the best way to get into the right frame of mind, courtesy of Timothy Warner, who runs a Web site called Mother Tongue annoyances: "Six: Have a Copernican Revolution." Copernicus was the astronomer who first asserted that the Earth was not the center of the universe. Neither are you. However awful that unfair charge may be, it will only help your cause to understand the circumstances of the person you are talking to.

Customer service representatives often work in third-party call centers, which means they don't work for the company you are calling to complain to. So yelling out, "You people are thieves!" rarely works. Asking questions like, "How are you?" or even, "What options do you see on the screen in front of you," will probably get you further.

The rest of Warner's column, "Zen of Placing Customer Service Calls," is worth a read.

Seven: Know your enemy. Picture this: You're a college student earning extra money at night dealing with a steady stream of manic customers upset about cell phone text message rates. And you must take 50 to 100 calls a shift. To give you an idea of their perspective, here's what one cell phone customer service representative wrote to the Red Tape Chronicles recently: "I say 'no' because its fun," he said (picture David Spade in the Capital One credit card commercials). "If somebody wants to be rude with me, I'll step down to their level because my company allows it as long as I don't use profanity."

You may think ill of this operator, who perhaps suffers a bit from a Napoleon complex. But neither frustration nor psychological diagnoses help you get your money. In fact, with someone like him, extra "pleases" and "thank yous" are likely more effective.

For an even better picture of what "they" think of "us," visit CustomersSuck.com. At this site, frustrated agents tell stories of greedy, cheating and uneducated consumers, which they refer to as "SCs," for "sucky customers." Here's one example of what they think of us: A recent post on the site is titled: "I Didn't Kill You. You're Welcome." Here's another: "No, I cannot stay on the line while you hold another conversation!" You can probably guess where that post is going, but here's a flavor of it:

"I had a gentleman today who needed help setting up his Internet connection, yet I had to repeat the instructions almost five times before he got it right. Every time I told him what links to click and what to type in, he always ended up with errors. Yet, I got to listen to he and his wife bicker about the car insurance rates, how much the gas cost them that they put into their car earlier, when this man's mother was coming for a visit, how Junior's diaper needed to be changed. …"

Now, imagine you as the one friendly call this agent receives on a given night. You are warm, you are even keeled, you are reasonable. You say "please" and "thank you." You will have a leg up on every other caller that night.

Run out the clock
One piece of advice that's an absolute necessity: Eight: Have a pen and paper handy before you pick up the phone and take copious notes while you talk. The first question out of your mouth is tip Nine: Ask for the operator's name and a number to call back if you are disconnected. If he or she won't give you a name, try to get a first name, an operator number or an extension. As a last resort, have the operator write down your number in case your cell phone battery dies or some other surprise occurs. But you really want a record of whom you talked to for the inevitable second conversation when you'll need a reference point.

It's long been advised that if you aren't getting the answer you want from one service representative, it's time to employ tip 10: Hang up and try another operator. That doesn't work as well as it used to, said Broetzmann, because sophisticated databases track customer calls now in detail. Representatives enter copious notes about calls, so you are likely to hear, "I see you just called in a minute ago."

But according to one anonymous Red Tape reader and working call center operator, consumers should do just the opposite. His advice: 11: Run out the clock on call centers, which are often paid per call.

"The strongest tool a customer has is call length," he wrote. "They pay these companies a very small amount for each call taken, so the call center wants to have the shortest call length possible, and take as many calls in a given period of time as possible. They want to see 3 to 5 minutes per call. … If your call goes 10 minutes, you (or the rep you're talking to) have the attention of a supervisor. The supervisors have computerized call monitors that alert them to long calls."

At a certain point, the economics tip in favor of the caller: It's more expensive to keep saying "no" to you on the phone than it is to give you what you want.

Keeping the line open requires smart tactics. You'll ask for a supervisor; you'll be told none are available. The operator will offer to have a supervisor call back. That will never happen. So remember tip 12: Do all you can to hold the line open. Say you set aside this afternoon to resolve the problem and you really need to do it today. Adopt the same strategy the customer service representatives are taught: 13: Keep calmly repeating your story. Don't raise your voice or swear, which makes it easier for a service representative to hang up on you.

Better negotiating
The first rule of negotiating in this circumstance is simple: 14:Say exactly what you want, as soon and as briefly as possible. Example: "I see a $36 fee on my phone bill. I was never told about this fee. I want a refund."

There is a corollary to this rule: 15: Never ask for a "yes" from someone who can only say "no." Make sure the person you are talking to is empowered to give you what you want. A front-line person may very likely be unable to grant you a credit. So ask for a manager. You'll be told the manager can't do anything else for you. Say you want to talk to him or her anyway.

Jill Kurz, a 47-year-old Chicago area Cingular customers recently had several unexpected fees refunded by following a principle she calls "complaining with a smile."

"If someone says there's nothing they can do, then you're not talking to the right person," she said. "Somebody at every company knows if there are no customers, there's no company."

When you are speaking to someone who can give you what you want, think like a manager yourself, and, 16: Make a business case for what you want, not an emotional argument, said Broetzmann.

"I had a problem with a credit card company recently, and when I called, I said, 'You'll see I've spent $50,000 in travel expenses on this card in recent years. Do you really want to lose me as a customer?"

The business case must be real, however. A vague "I've been with the company for years" statement probably won't work.

More Zen
Another important rule to follow is 17: If you expect companies to be honest, be honest yourself. Service reps tend to very quickly adopt a bunker mentality about their jobs -- read CustomersSuck.com -- and you'll get the sense they think we're all cheaters. And with calls like the one below, that might be understandable.

"Wanted help with troubleshooting their Internet, when I asked them to head over to where their modem and router is they would go, 'That's gonna be kinda hard as I'm using someone else's router,'" posted one frustrated agent.

When you call and lie about what you deserve, it is bound to come back and bite you. So stick to the truth.

Some companies have caps on refunds. Put another way, as the fiscal quarter draws to a close, the strings on the courtesy credits might grow considerably tighter. Remember tip 18: You might have better luck calling early in the month of a new quarter, or even early in the day, when the kitty for kick-backs is more likely to be full. Broetzmann is skeptical of this strategy, but offered a similar suggestion: He says consumers have more luck if they apply tip 19: Try to find a young, new, not-yet-jaded customer service rep.

Of course, you won't win them all. Jill Kurz, who we mentioned earlier, ultimately had to put into practice tip no. 20: Pull out a computer and type an e-mail to a company executive. When you do, print out the e-mail and snail mail it, too. The more attack vectors, the better. As for when to know you are reaching a complete impasse with customer service, CustomersSuck.com offers some good advice:

"I have been talking to some friends and we have discovered that we use different phrases or words that should signify to the customer that the call is not going to go any further," one writes. "My all time favorite is "Sir or Ma'am, is there anything else I may help you with?"

Of course, the best trick of all is to make as few customer service calls as possible. That means buying reliable brands (not the cheapest!) and buying from retail stores that will stand behind their products and take complaints directly.

CustomersSuck.com's Top 10

But if you must deal with customer service, it's best to know the enemy well. To that end, we asked the operators of CustomersSuck.com to provide their own top 10 list to consumers. Here's what they came up with, compiled by site owner and anonymous customer service representative Rapscallion:

1: Be civil. We do understand that this is a frustrating problem for you, and your frustration is probably compounded by the wait you had to get through to a real live human being, but the more civil you can be (not abusive, sarcastic, profane or belligerent), the more likely it is that you will walk away with a satisfying resolution to your problem.

2: Allow the rep to talk. While this seems like an insignificant point, a good many frustrations arise because callers "talk over" a rep trying to explain something crucial. A good rep will let the caller have his or her say, and then explain the problem

3: Don't ramble. Jot down the salient points of the problem on a piece of paper if you know you have a propensity to ramble. It's very helpful in allowing you to get right to the point, thus helping solve the problem quicker. The rep doesn't need to hear about all the details of your hernia operation when you are calling to dispute charges on your phone bill.

4: Don't blame reps for corporate policies. The nature of call centers, etc, is that the employees within them are relatively low-level in the organization. They cannot change corporate policy no matter how much they are screamed and yelled at. If you are dissatisfied with an aspect of corporate policy, ask the rep (civilly!) for the address of the corporate office and the names of the customer services manager and head of strategy, and write to those individuals complaining about the policy.

5: Remember that the person you are talking to is just that -- a person. They are not a machine, or a mindless computer-generated voice. It could be your neighbor, your son or your mother working there. They are as frustrated as the caller by poor policies, but each caller only has to deal with the problem once. The rep has to hear the same litany of complaints over and over again. There is no reason to be deliberately unkind or upsetting to the rep; it just makes the caller look like a fool.

6: Demanding a supervisor will not always work. Doing so for a minor matter is insulting to the representative to whom you are talking, but there very well may be no supervisor available. Many 24-hour call centers have no supervisor at night, and there is often one supervisor per several dozen representatives. Supervisors have to
follow the same policies as the front-line representatives in most cases, and will often tell you the same thing. Demanding a supervisor for something the initial representative
is unable to do for you is tantamount to calling them a liar. A supervisor should only be needed if the representative doesn't have the training or knowledge to help you.

7: Be reasonable and retain a sense of perspective. Decide whether or not throwing a fit over a small inconvenience or 20 cents or so is worth losing your dignity, or the risk of verbally assaulting an innocent representative of the company. Threats of legal action go one of two ways -- either you're seen as blowing things out of proportion with an empty threat or you will be referred to the company's lawyers as it then becomes a legal matter for which the phone representative cannot help you.

8: Consider seeing a therapist if you find yourself screaming at a powerless representative.

9: Accept that sometimes you cannot be helped. There will be some circumstances when the entire company cannot do anything for you. Sometimes, the only answer the service reps can give is, "no."

10: Don't tell us how long you've been on hold. We're sorry that it took us 15 minutes to get to your call, but you don't need to tell us about it-we know about it -- we've been answering calls non-stop during that time. Now, the extra 2 minutes you're taking to tell us this is an extra two minutes that is spent not helping you and not helping others on hold.

If you saw this line on your online banking statement -- "Service fee: $3 (more info)" -- What would expect to see when you clicked on the hyperlinked words "more info"?

More information, I would suspect. But that's not what you would get.

At Wachovia Bank, clicking on those words doesn't shed any light on the fee. The window that pops up reads merely "Service Fee. Quantity: 1. Total $3."

The other day, colleague Andy Gallagher showed me his fee-laden Wachovia checking account statement, his blood boiling from unintelligible fees. But it was the "more info" thing that really stuck in his craw. You can see why by looking at the graphic below. 

"What's this for? I have no idea," he said, pointing to the $3 fee on the screen. Seeing the swelling veins in his neck, I set out to find "more info."

Bank fees are a powerful source of revenue for America's financial institutions, and one of consumers' top headaches. If it feels like the bank fee noose has closed tighter around your neck in recent years, it has. The Federal Deposit Insurance Corp. says the nation's largest banks now generate 44 percent of their revenues from fees. Estimates of how much that amounts to vary between $30 billion and $50 billion a year, but it's clear banks are rolling in money they take from customers, often without explaining themselves very well.

How do banks make all this money? Let me count the ways. A $20 withdrawal from the wrong ATM costs an average of $4 in withdrawal fees. An attempt to withdraw $500 from the wrong ATM can result in a rejection and a $1.50 ATM withdrawal fee. Getting close to an empty account? Don't worry, your bank will automatically provide you with overdraft protection, for $31 an occurrence. BusinessWeek recently told the story of a college student who used a cash card linked to any empty account to purchase seven Christmas gifts for a total of $230, then was hit by $217 in overdraft fees.

Then, there are crazy credit card fees, like the over-limit fee. If you spent a lot on plastic during the holidays and are near your limit, beware: Banks can lower your credit limit, citing a credit risk, and then charge you an over-limit fee.

What the #%$& is this fee for?

Gallagher's fee was much simpler than that. No complicated math involved. Just a $3 fee. But Andy had the same question so many other American consumers find themselves asking every day: What the #%$& is this fee for? The Wachovia Web site provided no answer. Despite its lofty promise, there was no "more info."

But Jim Baum, a Wachovia spokesman, did find "more info" for me. The service fee represents a recurring fee Andy is charged every month for the type of account he has, called a "simplified checking account." Baum recommended that Andy upgrade to another, free account. I said that wasn't the point.

"Why isn't there 'more info' where the site promises 'more info?'" I asked.

Baum had to do more research to answer that. And he did.

The service fee, in this case, really means "regular monthly fee." It turns out some Wachovia account holders are charged multiple monthly recurring fees each month on the same day. When that happens, Wachovia lumps them all together on the same line item on the Web site. Were there one $3 fee and one $4 fee, for example, the statement would show: "Service fee: $7."

The "more info" feature would then list each fee separately, Baum explained. So it might read: "Service fee. Quantity: 1. $3./Service fee. Quantity: 1. $4. Total: $7."

The logic was clear now. But I remained skeptical of the "more info" boast. So I pressed on. I asked Baum why the pop-up box doesn't say something obvious like, "Recurring monthly fee charged to simplified checking account holders?" It could even include a link that said, "Want to get rid of this fee? Here's how."

He told me to make that recommendation to Wachovia's online customer service division, which I did.

David Stone, the bank's director of online customer service, explained that the "more info" system, which was put in place a year ago, was popular with consumers in usability testing. Many had complained about the site's former policy of bundling a series of fees into one line on the statement. But he conceded the link doesn't work well when it only lists one fee. He said the firm might reconsider the "more info" link presentation if more customers complain.

Something is wrong

In the meantime, another Wachovia spokesman, Matt Wadley, pointed out, correctly, that the bank does have a 24-hour hot line customers can call with questions like mine. Gallagher could have called and gotten the same explanation I did, he said.

Wadley also said that statements mailed to consumers the old-fashioned way would provide more details on that $3 monthly service fee. I wasn't able to verify that. Wachovia also told me that Gallagher had been paying that fee for years, dating back to even before Wachovia acquired his account when it purchased CoreState Bank eight years ago. Perhaps he should have remembered what this $3 fee was for.

Those are reasonable points, but I do know this: Any time a bank takes money from your account, it should tell you why as clearly as possible. And any time clicking on a link that says "more info" only brings up another box with the same info you already had, something is wrong.

Have you encountered difficulties tracking down bank fees on your accounts? Feel free to sound off below.

Best reader comments:

I retired from Comerica Bank Detroit and have very good "insider" information on the folks down the hall in a room with a sign on it saying "Danger-Think Tank". These folks stay up all night devising ways to create and sock fees at customers. Comerica earns over 46% of non-interest income from "Fees". If you think the military is bad on the "don't ask-don't tell" policy, banks are 100 times worse. I have advised four of my family members "don't bank there"..they will fee you to death ! Granted, if youmake a mistake and the bank incurrs a cost, the customer should pay for the mistake ..but.. Comerica actually has "data miners" in that dark bleak room Think Tank, searching for customer usage patterns and pricing fees according to statistical analysis or a probable "hit rate". They basically study "human nature" and create and price fees according to how profutable they can be ! OH ... I get free bank services and never have to pay for a screw up on my part ..I know the director of customer service ..were friends and I always get my fees reversed !

-Name purposefully not given ..the Thinkers might read this post !

As we always joked at the credit card bank where I worked in Risk Management: "THE BEST THINGS IN LIFE ARE FEE!"

One time I called Wells Fargo to ask about a service fee. When I got my next statement, it has a $2 "service call" fee for that call I made!

As a former Wachovia employee, I can tell you this. Yes they are quite aware of the money that they are making out of NSF fees, unexplained service fees and ATM fees. Unexplained fees are deliberated because they know that a high percentage of customer wont give it a second glance. They know that a small percentage will complain. However the majority wont and thus thats why do it. Managers have meetings of how much money will be made in NSF's fees. Its in the billions!!! They also have automated phone systems that make it impossible to talk to a live person because again (they know that a large % will give up trying to ask questions). Even their concierge is setup outside on the platform so that way customers will feel embarrassed to ask for NSF refunds. This concierge/manager desk was not created to help customers but rather to make them shy away from requesting refunds. (management explained that to us.) It works effectively. Trust me, I have seen the numbers. Our focus is to get you to start using the debit cards so you can charge up those NSF fees, because the purchases that you make will not show in your account until many days later.

As a former bank employee of UnTrust, I know what it's like to hear the customers complain about the fee's they're being charged. While I haven't personally seen a credit line lowered and then over the limit fees charged, I have seen some pretty shady things happening. At UnTrust they have a policy in place that makes it much easier to overdraw your account, and once that happens, you're basically out of luck. Take for example their item processing order. During their week long training of their own employees they go over in a no less confusing manner the order that they process deposits/withdrawals. First they'll tell us that all items are processed from highest to lowest at the end of the day and not necessarily the order that they came into the bank. Then they'll contradict themselves by saying that all physical checks are processed first followed by ACH debits(electronics checks) and finally ATM/Check Card debits. When a customer would call up to ask how they had overdrawn their account we would tell them the policy of whatever way drew more fees from their account. Take for instance you have $500 in your account. Now you write a $450 check and use your check card in 5 other places for $5-10 each (quick swipes like picking up lunch at McDonald's or something you forgot at the grocery store) then you go to the gas station and swipe your card for a $50 in gas purchase. This is where they get you. At the gas station, they "authorize" only $1 to guarantee that the card is valid. They don't actually process the final amount until a couple days later which then the bank legally has to pay the full amount of whatever they ask. Now the bank gets all of these processing on the same day. They'll process the $450 first, followed by not the smaller items which you used prior to getting gas, but the $50 gas item. Now you have 5 other small items not only overdrawing your account, but charging you $30 per item. Now your $1 gas authorization just cost you and extra $150 in fees and theres nothing you can do or say about it. As a "courtesy" to you they may offer a one-time refund for "one" of the charges, but generally speaking that fee should have been a single overdraft fee of $30. This seems to be a standard pattern with the big 3, UnTrust, Walk-all-over-ya and Bank Against America. I'm now at a Credit Union only and will never even visit another bank again. It was the first time in my life that I really felt dirty working for a company. Being forced to explain their fee's and policy's until confusing the customer enough that they'll let the situation go and forget that we just screwed them out of a couple hundred dollars.

I think if people don't like bank fees they should stop using money they don't have. Plain and simple, don't overdraw your account! From working in a bank and having to use a bank, I know most people being charged fees are the same people that have no idea what's going on with their account, don't balance their checkbook, write bad checks, post date checks, use the ATM balance (like it knows if you're writing checks all over town) and generally spend money they don't have. Then they blame the bank for their posting order of transactions and say it's a conspiracy to steal their money. If you overdraw your account, you are essentially taking a loan from the bank..... you will be charged. Take responsibility for your own actions, grow up and manage your finances.

People need to understand in this day and age that managing your finances and making sure you aren't being taken advantage of takes work, maybe even a few hours a week. Review every charge on every statement that you receive. It is not a fun way to spend time (nor is holding for customer service when you have questions) but it is the reality of living in today's world. Don't expect them to tell you when you could save money by switching to a different account, monthly plan, etc. Check up on all of your services from time-to-time to see if there are better deals available.-Michael, H., Harrison, Ark.

One moment Dave DeSmidt had $179,000 in his 401(k) retirement account, the next he had nothing. In an instant, 25 years of savings had disappeared.

With a few clicks, someone raided DeSmidt's retirement account with J.P. Morgan & Co and ordered a full disbursement to a private checking account.

Then came the really bad news. While credit card and online banking accounts are legally protected in the event of fraud, DeSmidt's brokerage account came with no such insurance. Two months after the theft, his balance still read $0.

With hacking of brokerage accounts increasing, the legal gap facing DeSmidt and other victims has regulators and critics debating the need for new consumer protections.

'I don't have a clue'
The theft was the shock of a lifetime for DeSmidt, who plans to retire in a few years with his wife in their Mukwonango, Wis., home.

"That was a pretty good chunk of what we were going to retire on," DeSmidt said. "I don't have a clue how it happened."

The theft occurred on Oct. 23, while DeSmidt was on assignment for his company in China, near Shanghai. Just before lunch, someone else logged onto J.P. Morgan's Web site from a computer connected to the Internet through Comcast Cable Communications in Cherry Hill, N.J., and entered DeSmidt's user ID and personal access code.

While DeSmidt slept on the other side of the world, his imposter found that he had a balance of $179,000.43 in his account. A few more clicks, and the DeSmidts' linked checking account was changed to a Bank of America account and an electronic transfer of all available funds was requested.

A report by J.P. Morgan suggests the criminal was a bit anxious, perhaps disbelieving the good fortune of hacking such a valuable account. The imposter logged in again from the same computer 41 minutes later, at 1:06 p.m., and again at 11:30 p.m. to review the pending transaction.

The next day, the money was sent to Bank of America. The name on the checking account didn't match the name on the 401(k) account, but that discrepancy didn't raise a red flag high enough to halt the transfer.

DeSmidt didn't know it yet, but a quarter century worth of savings and investment gains had just disappeared.

The theft wasn't tax-efficient. Since DeSmidt isn't yet of retirement age -- he's 57 -- there were severe penalties for the early 401(k) withdrawal, and J.P. Morgan held back about $35,800.09 to pay these taxes. Still, it was a good day's work for the hacker. The company sent the remaining balance -- $143,200.34 -- to an account under his or her control.

SEC: Brokerage attacks 'on the rise'
Computer criminals have made the logical progression from credit card fraud to online bank attacks and now to big-ticket brokerage accounts, analysts say.

Hacker attacks on brokerage accounts make sense from a criminal's point of view. Brokerage accounts tend to have higher balances, making them worthwhile targets. And while a six-figure transfer out of a checking account would surely trigger fraud pattern detection software, large transfers from brokerage accounts are fairly standard.

John Reed Stark, chief of the Securities and Exchange Commission's Office of Internet Enforcement, acknowledged that online brokerage hacking is "on the rise" and warned of possible consequences for consumers.

With simple credit card fraud, customers need only call their bank and refuse to pay for an item, he said, but brokerage account hacking is much more dramatic.

"People need to understand this kind of fraud," Stark said. "This is very serious stuff. … People wake up in the morning, look in their account, and their money is all gone."

Stark said any consumers who have encountered brokerage account fraud should contact his office for assistance at enforcement@sec.gov.

Covering tracks
Criminals who target brokerage accounts clearly know their craft. A day after successfully transferring DeSmidt's money out of the 401(k) account, the hacker started trying to cover his or her tracks.

On Oct. 25, logging in through an SBC Internet Services connection in San Francisco, the criminal deleted the Bank of America account information from DeSmidt's account. Four hours later, using a Cox Communications connection out of Atlanta, the hacker re-entered DeSmidt's original checking account information. Other than the zero balance, there were no obvious signs remaining of the hacker's visits.

A few days later, DeSmidt checked his retirement balance online, as he does regularly, and spotted the theft. Then the paperwork nightmare began.

"This has been very stressful," he said. "My wife is going crazy."

A flurry of e-mail, faxes and registered letters followed. JP Morgan ordered an investigation, and sent the results to DeSmidt on Dec. 1.

"J.P. Morgan concludes there was no external or internal breach of controls with the J.P. Morgan environment," the report said. "Access and authentication controls established within J.P. Morgan worked appropriately."

The report dismissed the possibility that the crime was an inside job, as the request came from outside computers and the criminal knew DeSmidt's user name and password.

The report's conclusion: "Investigation Status: Closed."

It wasn't clear to DeSmidt what that meant; the firm never said it wouldn't issue a refund. But he was stuck in limbo, awaiting further instructions.

Promised a refund
Two more weeks passed, and DeSmidt started to fear his retirement money was indeed gone for good. By the time he contacted MSNBC.com, he said he had written to every government agency he could think of to no avail and hadn't been able to find a lawyer willing to take his case.

"I can find lots of attorneys that will defend me if I am the one accused of the crime," he wrote.

DeSmidt's story, however, had a happy ending.

When MSNBC.com contacted J.P. Morgan, the firm said its continuing investigation had borne fruit. Spokeswoman Mary Sedara said the stolen funds had been recovered and would be refunded in time for Christmas. The firm would even make good on any market gains DeSmidt missed out on while the money was missing, she said.

The story didn't have to end this way, though.

Few consumers appreciate the fact that, unlike credit card and checking account transactions, there are no federal consumer regulations specifically protecting consumers in the event of brokerage account hacking, said Gartner fraud analyst Avivah Litan. And with hackers targeting investment accounts more frequently, the legal loophole could leave investors with some ugly surprises.

'They need to protect the assets'
"This should be a call to action for the regulators," she said. "They are never going to protect against all the (criminal) methods. They need to protect the assets."

Both credit card transactions and electronic account transfers, such as online banking payments, are governed by Federal Reserve regulations that strictly limit consumers' losses from theft. Consumers who report credit card fraud are only liable for $50; liability for fraudulent checking account transfers is capped at $500 if the consumer reports the theft within 60 days. Refunds for checking account thefts must generally be issued within 10 days.

The regulations are designed to boost confidence in the systems. But the Federal Reserve doesn't regulate investment firms, and the Securities and Exchange Commission doesn't mandate any similar protections for brokerage accounts.

And Desmidt's tale is hardly an anomaly. Last year, several trading firms revealed they were hit by hackers. E-trade, for example, reported in October that it had lost $18 million to crime rings based in Eastern Europe and Thailand.

Despite the lack of legal compulsion, some investment firms have taken to offering broad consumer protections anyway. Both e-trade and Charles Schwab offer credit-card style guarantees. Money stolen from Charles Schwab's Web site will be returned to consumers as long as the theft is reported in a timely way, said Schwab's Greg Gable.

'We want people to feel secure'
"There is a fundamental business need to do it," Gable said. "We don't want clients concerned about the safety of their assets. … We want people to feel secure."

Gable wouldn't say how many Schwab customers had asked for theft refunds, saying only such cases were "very rare."

Stark said that in every recent case of brokerage hacking he's familiar with, consumers who complained have received full refunds. But the largesse is voluntary – unless the brokerage makes a clear promise like Schwab or e-Trade -- and it may not last forever.

"Firms are reimbursing everyone (who) has that kind of loss," he said. "But they didn't always do that (and) I don't know how long they can continue doing it."

Brokerage account hijacking has the attention of regulators, but at the same time criminals are getting cleverer. In late December, the SEC moved to stop a pump-and-dump scheme involving an Estonian firm.

The SEC said the firm's Russian owner earned $350,000 by purchasing penny stocks, then hacking into other investors' accounts and purchasing large blocks of the stock before selling his own shares at inflated prices.

Web-based investing scams have DeSmidt's attention, too. He is grateful JP Morgan promised to return his funds, but he's not about to let lightning strike twice. He told the company to shut down Web access to his accounts.

"I prefer to keep the account access only over the telephone for now," he said.