Millions of drivers around the country use E-ZPass and other electronic toll collection systems to speed them on their daily drives, but consumers are discovering that there is a price to be paid for the convenience: loss of privacy, haggling between state systems, accidental fines. Now, add to that list the "orphan exit."

You probably know you should read your bills carefully every month looking for signs of fraud or overcharging by retailers. But if you're like most people, you probably don't do it anyway. Fortunately, Pennsylvania driver Kathy Suntato is that special consumer who keeps her magnifying glass nearby when scanning her bills.

Once each week, Suntato gets on the Pennsylvania Turnpike at Philadelphia and gets off at Willow Grove, about 20 miles up the road. Under the turnpike's toll scheme, that should cost her 75 cents. But seven times in recent weeks, Suntato was charged $5 instead. The reason: "orphan exits." Never heard of them? If you drive on a highway that collects tolls electronically, you'd better get to know the term.

Suntato, like millions of drivers around the country, keeps her E-ZPass box with the radio-enabled computer chip attached to her windshield. Every time she enters or exits the highway, a Pennsylvania Turnpike Authority computer makes note of it, and deducts the toll from a prepaid account that's replenished regularly by charges against Suntato's credit card.

Privacy advocates have long warned of the dangers of a system that knows where drivers are coming and going, but consumers have embraced the E-ZPass system because it lets them speed past traffic jams at toll plazas. In some states, including New Jersey, E-ZPass users even get a discount.

Extra charge

But Suntato isn't getting a discount; in fact, she's paying extra. Toll fees on the Pennsylvania Turnpike are based on distance -- the farther you drive, the more you pay. But what happens when the system doesn't know how far you drove because the computers don't know where you entered the highway?

In Pennsylvania, you pay a $5 "orphan exit" charge.

"We modeled it after the ticket system, where if you lose a ticket, you pay the full fare," said Tom Cohick, a customer service representative with the turnpike authority. Full fare on the nearly 500-mile highway is more than $20, so the agency figures it's being fair by charging only $5.

Suntato isn't so sure about that. Seven times in recent weeks her car was not registered entering the highway, but was recorded as it left. The mistake has occurred at the same highway entrance every time, with both her cars and two different E-ZPass gadgets.

"(This is) another way E-ZPass is ripping off consumers," she said. "They make more money when they don't read the tag. ... It seems clear to me they have equipment problems and are not correcting them, because hey, it's easier and more profitable to just charge five dollars."

Orphan entrants, too

What really steams the 52-year-old from Yardley, Penn., is that most consumers never receive paper statements from the E-ZPass system because they cost extra. Drivers must look online to see the tolls they are paying. As we've already said, few consumers are likely to take the time to study every toll charge and spot the problem.

"What about all the people who are trusting them to do their job correctly and are being ripped off?" Suntato said.

Kathy Suntato

Cohick and turnpike authority spokesman Bill Capone say orphan exiting is not a revenue-producing trick. In fact, they note, the computers also register “orphan entrants” -- the system knows when the car got on, but not when it got off. Those people drive for free.

There are plenty of possible reasons for the errors, Capone said. Among them: low batteries in the E-ZPass car gadget; drivers who wave the device in front of their windshield rather than leave them on the windshield in the car; and, of course, the occasional system glitch.

Orphans are rare, but perhaps not as rare as you'd think. Cohick said about 1 percent of total transactions are orphans, but systemwide they tend to balance each other out.

That's no help if you are on the wrong side of the equation, like Suntato -- who might now be the state's biggest advocate of watching E-ZPass tolls carefully. But are the problems enough to make her revert to the old cash system? That's just not practical, she said, because there are now so few human cash toll takers on the job that toll-booth traffic jams are even worse.

"It would cost me at least a half-hour every time," she said.

Ultimately, Suntato was out only about $35, which the state is now refunding, but not before she was told to fill out a state form seven times -- once for each overcharge. To get help finding the form, she had to call the state's customer service agency during regular business hours, since the office is closed on nights and weekends. Those hassles make it likely most drivers end up just paying the full amount, Suntato figures -- leading to a phantom toll increase.

Easier to raise taxes

The problem of E-ZPass toll creep isn't isolated to Pennsylvania, or to orphans, however.

A recent study published by Amy Finkelstein (PDF), an economics professor at the Massachusetts Institute of Technology, says that states with implement electronic toll collection ultimately raise tolls more than states where drivers pay cash.

Finkelstein studied toll taking in all 31 states that make drivers pay. About two-thirds of those states have at least some electronic toll booths. In her paper, she provides evidence that e-toll states raise their prices 20 to 40 percent higher than they would have without electronic toll collection. And remember, E-tolls are supposed to reduce labor costs, as fewer toll-takers must be hired.

The conclusion makes sense, because consumers are always willing to pay more for things when they don't pay right away. Credit card companies figured this out long ago. And automated deductions make overcharging much easier. It's easy to see what a great tax-collecting tool that could be!

The E-ZPass system also has had other shortcomings.

No judge, no jury
In Baltimore, NBC affiliate WBAL-TV recently reported that drivers who appeal E-ZPass violations must fight a steep uphill battle. A former E-ZPass worker told the station that customer service workers are trained to reject appeals, and do so 90 percent of the time. Many drivers don't even receive a letter of explanation, the station said.

State officials told WBAL there are 1,000 E-ZPass appeals each month 70 percent of them are denied. The state collects $6 million in revenue for violations each year. A judge and jury are nowhere to be found.

Increased private operation of toll roads also looms as another source of potential problems. A cross-border skirmish broke out early this year between Indiana and Illinois, with the international consortium Cintra-Macquarie, headquartered in Spain, at the center of the controversy. Cintra-Macquarie runs Indiana's new toll road near the northern border. Indiana drivers in Illinois currently get a discount for using electronic toll booths; but the Spanish company did not plan to extend a similar discount for Illinois drivers on its road in Indiana. In retribution, Illinois considered raising the price of driving on Illinois roads....but only for Indiana drivers. Cooler heads eventually prevailed. For now.

All this means that drivers shouldn't assume anyone with direct access to their bank account or credit card – a company or a government agency -- won't make mistakes or intentionally inflate charges. Electronic toll collection users should examine their accounts for orphans and other overcharges with the same verve as they hit the gas pedal while flying by those lines at the cash tool booths.

After nearly a decade of bickering, Congress in 2003 finally granted every American the right to a free peek at their credit report each year. Now dozens of Web sites – many of them either owned by or affiliated with the major credit bureaus -- are hard at work tricking people into paying for that free report.

Search for "free credit report" on the Web and you will find pages and pages of Web sites offering free credit reports. All but one, however, charge for those "free" reports and place all sorts of conditions on purchases. One site, for instance, requires enrollment in pricey credit monitoring service, which can only be canceled online after precisely 23 days. Another automatically enrolls users in a discount travel service. And some hint that the real free credit report site established by Congress -- AnnualCreditReport.com -- isn't all it's cracked up to be.

"Remember, all free credit reports are not created equal," says FreeCreditReport.com, which is run by credit bureau Experian.

That's an interesting statement, because AnnualCreditReport.com also is run by Experian, along with the other two credit bureaus, Equifax and Trans Union. It sounds as though Experian is saying the credit report it sells is better than the one Congress said it must give away for free.

Consumers Union's Web Watch, run by the same folks who publish Consumer Reports magazine, recently commissioned a study of the "free" credit report Web sites. Robert Mayer, a professor at the University of Utah and author of the study, came away with the opinion that most of the sites are "sleazy."

"You get the feeling that they said, 'We know we have to give these things away but we're going to do everything we can not to do that," Mayer said.

Though the sites charge various amounts for their products, they liberally use the word "free" to advertise their wares. Some examples:

• TheFreeCreditReportSource.com
• FreebieCreditReport.com
• FreeCreditReportsInstantly.com
• Free3BureauCreditReport.com

Mayer focused on the 24 sites that come up most often on search engines, and painstakingly scoured them. He found the word "free" a whopping 312 times -- an average of about 13 times on each page.

Six products in one!
Part of the lure of the sites is the promise that consumers can get three credit reports and three credit scores -- essentially six different products -- all at once. While credit reports can be had for free, thanks to Congress, credit scores still cost money. Visitors to AnnualCreditReport.com can order their scores there for $6-8 while getting their truly free reports. Total cost for all six items is about $22.

At the "free" sites, these things cost quite a bit more. At NationalCreditReport.com, three scores and three reports costs $39.95. Experian, on its Web site, offers three credit reports and one credit score for $29.95. The price at AnnualCreditReport.com for that package would be $7.95. TrueCredit.com – run by Trans Union – offers the three reports that could be obtained for free at AnnualCreditReport.com for $14.95.

Bundling scores in with reports might not sound like that bad a deal until you consider this: The credit score consumers buy from any of these sites is very likely not the same score that's used by their bank or insurance company to compute rates. Many institutions use their own formulas to compute such scores. Auto insurers use something called an "insurance score," for example.

All these free sites want to sell you more than a one-time credit score purchase. They really want to sign you up for a monthly "credit monitoring" product costing about $10 a month that will allegedly help protect you against identity theft. The virtues of such products can be argued, but a credit monitoring service has nothing to do with your right to see a copy of your credit report.

Watch those free trial terms
These sites also muddy the waters by using confusing terms. Most of the sites say the offer is free because they allow consumers to sign up and then cancel their subscription during a free trial period. But read that fine print carefully. At FreeCreditReportsInstantly.com, consumers have seven days to back out of their purchase. At MyFico.com, even stranger terms apply for a "free trial" of a service called "ScoreWatch"

"You can use the link below to cancel your Score Watch ... AFTER your subscription has been active for at least 23 days and BEFORE your subscription automatically renews after 30 days," the site says. "If you are outside these time requirements, you will receive an error message and will need to call or email us."

If you forget to cancel, or miss a reminder e-mail, you'll be billed the annual subscription rate of $89.95. Users can cancel later, but must pay for a minimum of three months of service.

Craig Watts, a spokesman for Fair Issac, which operates MyFico.com, said criticism of the cancellation system was unfair because consumers could cancel their subscription by telephone or e-mail at any time. He added that Web-based cancellations required a 23-day waiting period as a way to "encourage people to give the service a fair shake."

Consumers who buy their credit scores from FreeCreditReportsInstantly.com also find themselves signed up for something called "SavingSmart." But don't worry, memberships go for the "special low price of $1." A representative of FreeCreditReportsInstantly.com did not respond to requests for additional information.

But Jack Rustenhoven, who runs FreebieCreditReport.com, defended his site's sales tactics.

He said he marketed his credit report service "long before AnnualCreditReport.com" came into existence and noted that he includes a link to the free site on his home page, adding "I encourage (users) to try both services." He also said that "it's no secret" to site users that they must sign up with Experian's credit monitoring service before getting copies of their credit report from his site.

"I can only speak for myself, but I know many of us … are in no way trying to imitate the annualcreditreport.com Web site." He said. "We're just doing what we've been doing for years before that site existed."

Many sites trace back to Experian, Trans Union
The Consumers Union report suggests that smaller sites are actually part of a large network. Most of the sites surveyed are either owned by or affiliated with the major credit bureaus. Trans Union, for example, works with PrivacyMatters.com, which runs Free3bureaucreditreport.com, FreeCreditReportsInstantly.com and a number of other free credit report sites. At the bottom of the PrivacyMatters Web site home pages, you'll find this message: "Credit services provided by TransUnion Interactive, Inc."

Maria Fernanda Rodriguez, spokeswoman for PrivacyMatters.com, would say only that the two firms have a "business relationship." Trans Union did not respond to requests for information about Privacy Matters.

One thing you will have trouble finding on the sites affiliated with Trans Union: Mention of the true free credit report Web site. In fact, 10 of the 24 sites studied don't mention AnnualCreditReport.com anywhere, and only 8 mention the real free site on the home page.

Experian also runs a family of free credit report sites, starting with FreeCreditReport.com and FreeCreditReports.com. Those sites include a prominent mention of AnnualCreditReport.com. Of course, it wasn't always that way. The Federal Trade Commission had to initiate legal action against Experian in 2005 to get the firm to point to the congressionally mandated Web site.

If Experian's commercials are to be believed, that link doesn't hurt business much. In recent TV advertisements for FreeCreditReport.com, an actor says that 20 million people have gotten their "free" reports from Experian. That's not including the free credit reports given away by Experian at AnnualCreditReport.com, according to Experian spokesman Don Girard.

Girard said Experian would not grant an interview concerning the Consumers Union report.

The third major credit bureau-- Equifax -- didn't pop up in the Consumers Union study and apparently doesn't use the free credit report sales tactic. But Mayer, the study's author, was very critical of Experian and Trans Union.

"The reason why was FACTA (The Fair and Accurate Credit Transaction) was passed was to help people get their credit reports for free," he said. "Well, Experian and Trans Union are doing all they can to keep this as something that they sell. ... That's pretty upsetting."

Quick quiz: Do you know when your cell phone contract expires? The question isn't as easy as you'd think -- and getting it wrong could cost you hundreds of dollars.

Yon-Paul Siebeneck, of Salt Lake City, Utah, went shopping in a Sprint store last fall and said he was told that both his family cell phone contracts would expire on Nov. 30, 2006. His wife, Chris, even called Sprint to double-check, he said. Believing they were both cell phone free agents, on Dec. 14, he purchased two new phones from a rival cell phone firm and canceled his Sprint phones.

But in January, a Sprint bill arrived for more than $300. Siebeneck's two contracts, Sprint now said, were in force until the end of January. So after paying for nearly 23 months on two two-year contracts, Siebeneck was now stuck two early termination fees of $150 each. Adding insult to injury, taxes were applied to early termination fees, so the total bill was almost $340.

"We would have waited until the expiration dates to renew or change service, being only a month away," Siebeneck said. The monthly bill was only $35 per phone. "It would be irrational to cancel a contract with early termination fees a mere month prior to that date."

Siebeneck dug up his paperwork and found that the original Sprint contract he signed indicated it expired in August 2006. He says he doesn't remember doing anything that would have extended it six months.

So Siebeneck, 38, dug in his heels and refused to pay the bill. Sprint took a hard line, too, transferring the debt to a collection agency, which is calling and writing demand letters. Meantime, with interest and penalties, the debt has swelled to about $450.

Sprint says it's done nothing wrong and is simply following the terms of the contract.

"We reviewed (the situation) and our records show that all the appropriate procedures were followed," said Sprint spokeswoman Roni Singleton. She said the firm couldn't provide additional details, citing privacy rules.

Siebeneck is likely to lose the dispute even with paperwork indicating his contract should have ended last August, consumer attorneys say. It may not seem fair, but cell phone companies can extend consumer contracts with a simple verbal exchange, which can take place during virtually any telephone conversation with customer service.

Yon-Paul and Chris Siebeneck

Consumers who change their monthly minute plan, add text message service or even call to dispute a late fee sometimes find they've made new two-year commitments to their cell phone provider, said Ed Mierzwinski, program director of the consumer advocacy organization Public Interest Research Group.
Operators are supposed to clearly explain the contract extension, but that doesn't always happen.

Extensions can be applied "based on any communication with consumer where any supposed change is made," he said.

Siebeneck never received written confirmation of the contract extension. Sprint's Singleton said written confirmation notices are not required, but added that "I'm sure there was a verbal agreement."

FCC didn't help
Siebeneck has complained to the FCC, which opened an inquiry. But Singleton said Sprint has satisfactorily proved to the agency that Siebeneck terminated his contract early and the fee is legitimate.

But even though Siebeneck is getting calls from debt collectors, and his credit score is suffering, for now, he's not budging.

"It's not about the money," he said. "It's the fact that they misled us into thinking we were clear. I shouldn't have to pay."

Siebeneck is hardly the only consumer frustrated with early termination fees. In 2005, PIRG released a study showing that about half of all cell phone consumers would switch providers if they didn't have to pay early termination fees.

'A rogue industry'
"This industry is virtually a rogue industry," said Mierzwinski, who helped write the report, titled "Locked in a Cell." "Their business model is to see how much of this they can get away with."

The practice has not gone unchallenged. Sprint, Verizon and Nextel all are facing a class-action lawsuit in a California state court over early-termination fees.

In many cases, "People are clueless that their contract has been extended, they just don't understand," said Stacy Canan, a consumer lawyer for the AARP who is co-counsel on the class-action suit. "Wireless companies use any event to as a mechanism for locking customers in for another two years."

Cell phone companies often defend the fees as compensation for subsidized cell phone handsets. Consumers get cheap phones in exchange for service commitments, they say, so they are entitled to compensation if a customer quits early.

But that theory falls apart in the case of extended contracts, said Jacqui Mottek, the lead attorney in the California lawsuit. A consumer whose two-year contract becomes a three-year deal would have already paid his debt to the cell phone company, she said.

Mottek is arguing that the fee is really a penalty, and under California law penalties must bear a connection to an actual cost incurred by the company.

The California case was certified as a class-action case last summer, and it includes any California consumer who has ever paid an early-termination fee. The cell phone firms have filed a motion for summary judgment, which the plaintiffs will answer shortly, Mottek said. Still, any relief from the lawsuit is several years away.

And it wouldn't help Siebeneck anyway, since he doesn't live in California. In fact, Mierzwinski didn't have much good news for him.

"It is difficult for individual consumers to get satisfaction," he said, adding that Siebeneck will almost certainly have to pay the bill to preserve his credit score.

Rather than fight a losing battle against the cell phone companies, consumers who feel they've faced unfair early-termination fees should complain to the FCC and their congressional representatives.

"Only meaningful action by the FCC or a legislative change will ultimately make a difference," he said.

RED TAPE WRESTLING STRATEGIES
There are a couple of things Siebeneck can do. The Fair Debt Collection Practices Act offers several helpful provisions. Consumers can contact the debt collector in writing and instruct it to cease all contact. After that, other than specific notices of legal action, the collector must stop harassing the consumer. More detail on how that law works are offered at the FTC's Web site. The letter should also tell the debt collector that the bill is in dispute and ask for any evidence the firm has of the debt.

He also can contact the credit bureaus and dispute the negative entry in his credit report and ask for a "reinvestigation." That begins a legal process which can at least stall the negative impact of the unpaid bill. Reinvestigations can be initiated online with Experian, Equifax, and Trans Union.

Third, Siebeneck should ask Sprint for evidence that he agreed to a contract extension, including copies of telephone call recordings. Sprint may not be able to produce the evidence, which would bolster any potential legal case; or the company may decide producing the paperwork is too much trouble, and abandon the case.

But for now, consumer lawyers agree, if Sprint sticks to its guns, Siebeneck will either have to pay up or find another lawsuit to join.

An employee who works for the company that processes Disney Movie Club transactions was caught trying to sell customer credit card information, Disney told its customers this week. The story echoes an incident revealed by Fidelity National Information Services earlier this month.

The employee was nabbed in an "undercover sting operation" run by a federal law enforcement agency, according to a letter sent July 6 by the Disney Movie Club to its members.

The employee did not work for Disney, but rather for Alta Resources Inc., which processes transactions and fulfills orders for the Disney Movie Club, the letter said. The employee has been dismissed and the Secret Service is continuing to investigate, according to Disney.

Like traditional music clubs, members of the Disney club sign up to receive one Disney movie each month at a discounted rate, which they can accept or return. It's not clear how many customers received the notice from Disney. Eric Maehara, a Disney spokesman, said the firm was asked not to reveal additional details about the incident, including the number of stolen card numbers. The Disney Movie Club has 1 million members, but not all had their data stolen, he said. In some cases, the stolen data included telephone numbers and e-mail addresses.

A spokesman for Alta Resources did not immediately return phone calls.

Bill Elrick of Utah was one club member who received the notice.

"My first thought was, 'oh crap, not again.' I was also a victim of the TJ Maxx incident," Elrick said. "I just got done closing my account and opening a new one. ... Now I have to do that again."

Elrick is now waiting for another replacement debit card to arrive in the mail from his bank.

"This is a hassle," he said. "I am extremely irritated."

Elrick also said he was aggravated because his data was shared with Alta Resources, a company he'd never heard of.

"I don't remember giving Disney permission to share my information with anyone," he said.

Disney says it has informed the major card associations about the incident, but that it believes consumers have little to fear. The thief apparently bungled the job, and didn't steal all the data necessary to commit most frauds.

"We have been assured that the card security code (e.g. the CVV or CVC code) for your credit card was not included," the Disney letter said.

A wider trend
Still, the incident highlights a problem companies face that gets much less attention than cases of mysterious hackers breaking into company databases from across the Internet -- the inside job. Earlier this month, Fidelity announced that 2.3 million customer records were stolen from the company by an employee of an outside contractor and sold to marketing companies.

"Although the hacker story always gets better media play, the insider threat is more dangerous," said Larry Ponemon, a researcher who runs The Ponemon Institute, a privacy consulting firm "We are starting to see more stories about malicious insiders. Perhaps they are realizing there's a lot of money to be made with this data."

Insider data theft is hardly new. In 2002, Philip Cummings stole steal thousands of credit reports while working for a company that supplies tech support to the nation's credit bureaus, for example. But companies still don't spend as much as they should to stop insider theft, said Avivah Litan, a computer security analyst with research firm Gartner.

"One case of insider fraud does as much damage as 100 hacking attempts," Litan said. "They know where the data is, which accounts to steal, and often, they have access to it."

New technologies offer hope, Litan said. So-called "content monitoring" software watches employee computers for signs of suspicious activity, such as an attempt to download thousands of credit cards. Unfortunately, Litan said, most firms are too caught up in monitoring e-mail and Web browsing abuse to pay attention to data theft. While most firms monitor employee e-mail, for example, only about 5 percent watch for signs that workers are moving data on and off of company servers.

"A lot of this is easy to catch, but you have to have policies and software in place," Litan said. "Unfortunately, most firms have very few policies in place to prevent this kind of fraud."

If you feel that bank fees are getting worse, you're right. A new study by the Center for Responsible Lending claims that banks rake in $17.5 billion in overdraft fees each year.

That figure is far more than the agency's 2004 estimate of $10.3 billion. And it's even more than the amount banks lend to cover overdrafts, the study suggests.

Let me explain: When consumers bounce a check or withdraw more money at an ATM than they have in their accounts, banks lend them a few bucks to make up the difference. Then they charge a fee. Each year, consumers borrow $15.8 billion in overdraft coverage, and they pay $17.5 billion for the privilege, the Center for Responsible Lending says. The consumer advocacy group says it estimated the figures by examining a database of consumer bank account overdrafts and publicly reported bank fee income.

The results are consistent with many real-world experiences offered by Red Tape readers, who have responded to prior columns on the subject by saying they are often hit with $35 overdraft fees for even small overdrafts.

"Some of our largest financial institutions are hiding behind a smokescreen of misleading terms and murky practices that encourage costly overdrafts," said Eric Halperin, who helped write the study. "Banks should protect customers' funds, not plunder them with high fees and harmful practices."

The study was released in time for Wednesday's congressional hearing on what some call abusive overdraft fees charged by banks. A House Financial Services subcommittee is debating legislation that would change the way overdraft fees are assessed by banks.

The Consumer Overdraft Protection Fair Practices Act would force banks to alert consumers before they overdraw accounts with ATM withdrawals or debit card purchases, and give consumers a chance to abandon the transaction at that point.

"Customers should be told when they are about to take out more money than they actually have," said Rep. Carolyn Maloney, D-N.Y., one of the bill's sponsors. "And customers should be able to choose if they want overdraft protections or if they would rather not pay the fees and not have the transaction. These are common sense -- almost due process -- principles."

In the past, banks have said issuing such warnings to consumers wasn't technically feasible. Maloney isn't buying that.

"You would think the sky was about to fall from the industry's perspective: They didn't want customers to be told about the fee," she said. "When you cut through the jargon, what the industry seems to be saying is that they just can't tell you how much you have in your account, so they can't tell you if you are going to overdraw or not, This strikes me as straining credulity. … At most ATMs you can ask for your balance. Is that number they give you wrong?"

Nessa Feddis, senior federal counsel at the American Bankers Association, said at the hearing that consumers are in the best position to know what their balance is, and should be responsible for avoiding overdrafts.

"Only (account holders) know what checks they have written, automatic payments they have authorized, and debit card transactions they have approved. Simply put, consumers are in control of their finances and can avoid overdraft fees," she said, according to prepared remarks posted on the committee's Web site.

Feddis did not address the Consumer for Responsible Lending study or its conclusion that the industry earns $17.5 billion per year from overdraft fees.

'Bounced checks' are passe
Last year, The Center for Responsible Lending issued a separate study showing that the majority of "bounced check" charges were actually the result of electronic transactions like ATM withdrawals and debit card purchases. That's due in part to the fact that check use is declining. But the center also claims banks subtly encourage overdrafts by posting charges almost immediately while delaying the posting of deposits, and by processing large withdrawals and checks before smaller ones, leading to multiple withdrawal fees.

Maloney's bill would not regulate the amount of fees banks could charge. But it would outlaw this so-called "high-low" check processing.

Maloney said banking regulators, like the Office of the Comptroller of the Currency (OCC) and the Federal Reserve, have not done what's needed to protect consumers.

"I have been disappointed that the OCC and the Fed have not issued better guidance on this point as well. Several of the OCC's recent letters bother me in that they seem to encourage check manipulation," she said.

Testimony from the hearing, including the response from the banking industry, is available at the committee's Web site.

RED TAPE WRESTLING TIPS
A more extensive discussion of this topic can be found in prior columns on the topic
Debit cards fuel overdraft outages
and
Bank overdraft fees: Help may be on the way

But the best thing to do is call your bank and opt out of "courtesy" overdraft protection. Sign up instead for a service that links your checking account to a savings account or credit card. That way, if you do slip up, you'll be borrowing your own money instead of the bank's money.

While hundreds of thousands of eager consumers waited anxiously for the iPhone last week, most probably didn't know about the hidden fee attached to their purchase.

Now the obvious question is this: With all the words spoken and written about the iPhone prior to launch, why didn't someone tell them?

The iPhone battery will only survive about 300-400 recharges, the company says. Because the unit is sealed, consumers can't swap out dead batteries. Instead, dead phones must be sent to Apple, where battery replacement will take three business days and cost $79 plus a $6.95 shipping charge. Those who can't live without their cell phones for those three days can rent a spare iPhone for $29.

This pricey, and apparently inevitable, aftercharge never made it into any of the voluminous news stories written and filmed about the iPhone prior to its launch on June 29. Why not?

According to the Foundation for Taxpayer and Consumer Rights, Apple's Web site made no mention of the battery fee on the morning of June 29, when thousands of Apple faithful lined up all around the country to buy the phone, which costs $500 or $600, depending on model.

Harvey Rosenfield, director of the foundation, is calling on Apple to promise free battery replacements to the estimated half a million iPhone buyers who may have purchased the phone without knowing its true costs.

"This was insensitive, inappropriate and possibly illegal," he said. "We're going to monitor their response carefully."

Explanation of the fee now appears on Apple's Web site, although it's not clear when that was posted. Published reports indicate the notice was posted as early as the evening of June 29, though it was not easy to find.

Apple didn't immediately respond to requests for an interview for this story.

One week later
Blogs began mentioning the battery replacement fee early last week, after the launch. The first prominent reference to it seems to be in a Wall Street Journal column written by Walt Mossberg, which appeared in the newspaper on July 5.

But mention of the fee was absent from Mossberg's largely positive review of the iPhone, published in the Journal June 27.

In fact, price of the battery replacement was omitted from all four hands-on iPhone reviews published ahead of the product's release. Apple carefully controlled review units of the iPhone before June 29, allowing only Mossberg, The New York Times' David Pogue, Newsweek's Steven Levy, and USAToday's Ed Baig to examine it. All four wrote extensive, highly detailed, and generally positive reviews. No mention of the $79 replacement fee or $29 rental fee appeared in any of them.

Those details didn't appear in any of the the various "hands-off" reviews published by MSNBC.com prior to the iPhone's launch, either.

Rosenfield said he's concerned that Apple deliberately chose to withhold the information from the public.

"The half million people who bought the iPhone were never told by the folks who wrote the reviews some of the most crucial information you have to have to make your purchase decision, and you have to ask why," he said.

Mentioned in passing
Some reviewers did allude to the battery replacement costs, but none offered specifics.

Pogue's column mentions the battery issue. He wrote that Apple told him the unit could only withstand 300-400 charges, and that there would be a fee for replacement. Possible battery failures also were mentioned in his tongue-in-cheek video, which appeared on the Times' Web site. Pogue said he didn't learn of the actual cost for the iPhone replacement until about a week later.

"I reported exactly what they told me," Pogue said. "They said the price hadn't been determined, but that it would be 'very similar to the iPod program.'"

Mossberg said he wouldn't discuss details of his reporting.

Levy, who wrote the lengthiest review, said he expected all along that the iPhone battery replacement cost would be in line with iPod battery replacement -- which costs about $65.

"It turns out that it will cost more, but not by a shocking amount considering that the iPhone is one costly piece of technology, as I certainly do mention in my review," Levy said.

He added that he didn't believe battery replacement would be a significant issue for consumers.

"Though my review was lengthy, there was a lot to discuss, and I felt that the flaws I did write about were definitely ones that would affect the experience of using an iPhone more than the one-time annoyance of replacing a battery," he said. "In discussing the iPhone with people, I found that the main battery concern was how long it would last on a single charge, which was something I could and did test."

Baig's e-mail indicates he is on vacation and was not reachable. His story mentions possible battery problems in passing: "You'd have to send the device to Apple or presumably a third party to swap a spent battery," he wrote.

Given the public controversy over iPod batteries, and the stiff price of an iPhone replacement, Rosenfield said that tack-on price should have been an obvious element in any news story about the iPhone. Keeping the information out of early reviews could constitute a lack of disclosure on Apple's part, he said.

"The question you have to raise, after all the conversations about the iPod problems, how could every single top reviewer fail to mention … the practical problems associated with the iPhone?" he said.

Like iPod failure, only worse
There is a significant difference between iPod battery failure and iPhone battery failure. If an iPhone fails before two years pass, consumers will still be obligated to pay their monthly subscription fee to AT&T, regardless of whether or not they can use the service. Apple's iPods have no associated monthly fee. And of course, for most people, living without an iPod for a few days is much more palatable than living without a cell phone.

The replacement fee does not apply to consumers who must replace the battery while it is covered by Apple's 1-year warranty. But given Apple's expectations of a 300-400 recharge lifespan, many iPhones will predictably require replacement during the second year of a contract.

Rosenfield also complained about other hidden iPhone fees: the iPhone return policy is only 14 days, as opposed to AT&T's 30-day return policy. And even consumers who beat that 14-day deadline -- say, if they bring the phone home and just can't get a working cell signal -- must pay a 10 percent restocking fee.

"We all love how cool Apple products look, but that doesn't mean there isn't something wrong with these policies that need to be recognized and addressed," Rosenfield said.

It was hailed as the world's first real cyberterrorism trial. Three British men, all teen-agers when their careers began, were accused of using the Internet to raise money, incite hatred, and help plan terrorist attacks. Two months into the trial, all three suddenly pled guilty this week.

As details emerge of their cyber-terror plots, their case provides a chilling look at what can happen when jihad spills over onto the Internet.

The case is also among the first to show direct links between identity theft, hacking, and terrorism. And it will give readers yet another reason to vigilantly protect their personal information while surfing or reading e-mail.

Authorities say the terrorists used phishing e-mails to trick recipients into divulging personal information, thereby making Westerners unwitting donors to al-Qaeda.

The three British citizens – Younes Tsouli, born in Morocco, Waseem Mughal, a British native, and Jordanian-born Tariq Al-Daour – all pled guilty this week to inciting others to commit terrorist acts outside the U.K. Their jail sentences range from 6.5 years to 10 years.

Their trial largely was progressing in obscurity, while British media focused on other terror cases, such as the infamous fertilizer bomb plotters, convicted in April, or the Operation Vivace trial, involving a failed plot to bomb London in 2005. But even if you've never heard of the three cyberterrorists, you know their work. Their conviction might mark the first genuine case of teen-age hackers turned al-Qaeda fighters.

Tsouli, the best-known of the three cyberterrorists, set up a series of jihadist Web sites in the months after the attacks on September 11. His chief claim to fame: posting gruesome execution videos, including those involving Wall Street Journal reporter Daniel Pearl and American Nick Berg. Tsouli, now 23, used a vast network of hijacked Web sites to publish the videos. He went by the revealing moniker "Irhabi007" – in English, Terrorist007, hinting at the fictional character James Bond.

But it was Tariq al-Daour – who began his career as a credit card thief as early as 15 years old – who provided the money for the operation, authorities say.

"(The three suspects) admitted together purchasing Web sites using stolen identities and credit card details, and used the Web sites to publish the extreme propaganda and recruiting material produced by al-Qaeda in Iraq," said Colin Gibbs, a prosecutor on the case. "The material was crafted to incite and recruit suicide bombers accessing the Web sites and forums internationally."

The three men only knew each other over the Web, and never met until they were arrested. They managed to carry out their cyber-jihad in the privacy of their own apartments.

"Behind the apparent normality of their daily lives, these young men firmly believed, supported and set about inciting others to follow an extreme ideology of violent holy war against so-called disbelievers," Gibbs said.

Phishing and terrorism
During the trial, reports from British newspapers say the prosecution alleged that the three men managed to steal about $4 million through credit card fraud and identity theft.

Al-Daour used old-fashioned phishing – fake e-mails that solicit personal information – to trick Internet users into giving up credit card numbers and other personal information, said a U.S. investigator who helped prepare the case for Scotland Yard.

Like many other credit card thieves, Al-Daour ordered merchandise with the stolen credit cards, had them shopped to a series of "drop" sites, and used a network of thieves to turn the stolen goods into cash. He also stole identities of Internet gambling site members and wracked up winnings to help raise funds.

The official spoke on condition of anonymity because he was not authorized to speak on behalf of British authorities. He could not provide additional details on how the money was ultimately spent.

Al-Daour, now 20, honed his credit card theft craft at the non-defunct CarderPlanet.com Web site, which he joined in 2002 – when he was just 15 years old. He also used computer viruses developed to steal personal information that were published on another hacker haunt named RATSystems.org, the U.S. official said.

CarderPlanet.com was for years the one-stop shopping arena for all manner of identity thieves. It provided an active market for the buying and selling of credit card data and other personal information. There also were extensive training manuals for up-and-coming hackers.

Eventually the site became a favorite haunt for journalists, too, before it was finally shut down by federal investigators in 2004, along with a companion site, ShadowCrew.com. At the time, the U.S. Secret Service said 28 members of the site were arrested worldwide.

But not Al-Daour. He wasn't arrested for another year.

It's not clear if any of the CarderPlanet members knew that a member of Al Qaeda was among them.

Al-Daour and the others were rounded up by British authorities in October 2005. When arrested, their computers yielded a wide range of terrorist-related material. Most alarming for the United States: Tsouli's hard drive contained a pictures of landmark buildings in Washington D.C., suggesting he might be gathering data for a possible attack there, according to Newsweek.

On Thursday, a possible link between the three cyberterrorists and the recent spate of attempted bombings emerged. As part of their Web site jihadist efforts, Tsouli created chat rooms and bulletin boards where terrorist methods could be discussed. In one post from 2005, one posted message read: "We are 45 doctors and we are determined to undertake jihad and take the battle inside America."

So far, British authorities are calling that link a coincidence. But there is another intriguing mention of a possible connection between health professionals and terrorists.

Back in 2005, when all three were arrested, the BBC reported that a slip of paper with words "Hospital=attack" was found in the Mughal's bedroom.

Not really cyber-terror
British authorities say this is the first time anyone has been prosecuted for using the Internet to fuel terrorism. With publication of details about the group's cyber-jihad, some computer security experts might be tempted to suggest that a long-promised arrival of cyberwar might be upon us.

But Cyberterrorism expert Dorothy Denning says that's unlikely. She said that despite Britain's characterization of the three as cyberterrorists, Al-Daour, Mughal, and Tsouli weren't planning to commit crimes that most people would call cyberterror – Web-based attacks on critical infrastructure systems, such as electrical grids.

Instead, they were raising money and attracting publicity through the Internet. While their efforts were successful, neither technique was especially new, Denning said. The Millenium Plot terrorists, who planned to blow up Los Angeles Airport on New Year's Eve, were caught with a laptop computer full of stolen credit cards used to fund their activities. Imam Samudra, who planned the deadly Bali bombing, wrote his memories in prison and included a chapter on computer hacking, Denning said.

"The thing to pay attention to is how they are using the Internet to organize and get people to conduct attacks," Denning, now an instructor for the Navy, said.

Internet-based destruction is not out of the question, however. Earlier this year, attackers using a network of hacked computers –known as bots –attacked Estonian Web sites after a diplomatic skirmish between Russia and Estonia. Several government sites were rendered useless by the attacks, which lasted for about one week.

Toppling Web sites or stealing credit cards is a far cry from the long-promised Digial Pearl Harbor Richard Clarke warned about back in 2000. The likelihood of the Internet being knocked off-line by hackers, or even the likelihood of a power utility being disrupted through the Web – is remote. But Al-Daour's ability to raise money, and Tsouli's ability to attract online attention, signals a less dramatic but more practical way for terrorists to use the Internet as a tool.

"There are people, including law enforcers, who initially thought these guys were computer geeks or hackers," Evan Kohlmann, a U.S.-based terrorism consultant who gave evidence in the case, told the Associated Press. "But they were a lot more dangerous, they were the key aides to al-Qaida. There was no one more skilled at what they did."

What is the penalty for a train or airline passenger who's late? Often $50 or more. What is the penalty for a company when a train or airplane is late? Nothing. How can that be fair? It's not. But this imbalance, and many others you can probably recite by heart, can be blamed in part on the proliferation of one-sided contractual relationships called "contracts of adhesion."

A contract of adhesion sounds like something you might catch by using the wrong public toilet or dancing too closely to someone in the wrong disco. It actually can be something even worse: small print.

Every one of us finds ourselves in contracts of adhesion every day, with virtually every consumer product we buy. Contracts of adhesion are pacts between two entities that are not equal, a David and Goliath agreement, where Goliath offers the deal on take-it-or-leave-it terms. Nothing can be negotiated, so everything can be unfair. Buying a car? You have to sign a piece of paper that says you'll never sue the dealer. Won't sign the paper? You can't buy a car. And since all auto dealers require these one-sided terms, consumers don't really have a choice -- either abdicate your right to sue, or don't drive.

Recently, I ran into trouble precisely because I tried to avoid driving. On a trip from Washington, D.C., to New York, I was late for my train. Well, by my way of thinking, I was on time. I was at the gate at precisely 8:10 a.m. for my 8:10 a.m. train, but the gate agent would not let me board. Pointing to the clear evidence of my just-in-timeliness on the digital clock above her head -- which read 8:10 -- did me no good. So I was sent off to the ticket counter to exchange my ticket, and pay my inevitable penalty.

There, I received good news and bad news. I could board another train in just a few minutes, at 8:45! But I had to pay another $29. I quickly paid and hustled back toward the gate.

But as I walked away from the ticket counter, I saw on the departures screen this cursed line: "8:45 a.m. train -- DELAYED." I had just paid $29 extra for a ticket on a train that I was told would leave in 10 minutes. That was a lie from the moment the agent made the offer. It would be nearly an hour before my train actually pulled away from the station.

Did anyone offer to refund me that $29? You laugh. But why? If I faced a penalty for being late, why not Amtrak? The answer, of course, is in the small print.

In general, contracts in the United States are only valid when they are negotiated between two equal parties. That makes sense: Only people on equal footing can engage in fair, arm's-length negotiations.

Take-it-or-leave-it
Consumer contracts don't fit this bill, however. They are almost always take-it-or-leave-it, non-negotiated contracts. When you purchase a cell phone, you agree to never join a class-action lawsuit against the cell phone provider. When you get a credit card, you agree that the terms and conditions for that card can change at any time. If you don't agree to these things, you can't get a cell phone or a credit card. That's just how it is. Take it or leave it. It's all on those pieces of paper you sign, or somewhere on the firm's Web site, in very, very small print.

It's these kids of arrangements that are called contracts of adhesion. Standard "boilerplate" language, often laden with booby traps, is a part of life now. It's easy to see how they can become one-sided fairly quickly. After all, when consumers buy software or board a train, there is no time to discuss contract terms. And, in fact, doing so wouldn't be in anyone's interests. If contract terms were negotiated separately with each business dealing, commerce would slow to a crawl. So standard terms and conditions apply in these run-of-the-mill transactions. To prevent abuses, courts have held repeatedly that contracts of adhesion fall into a special category. Despite what you might have heard, unfair provisions inserted into such contracts are not legally enforceable -– even if you signed the piece of paper. Such provisions are given the drastic legal term "unconscionable." A judge who finds a provision of a contract of adhesion to be unconscionable will void that provision.

There is a problem, however: Absent activist government intervention, everything is legal until someone sues. Long ago, companies noticed this and began pushing the boundaries on contracts of adhesion. As long as no one drags them to court, anything goes.

Since no one will ever sue over the cost of a train ticket or a few text messages, cell phone companies and train companies find themselves in an enviable legal position. They can make up whatever one-sided terms they want. For example: If you quit your cell phone company early, you'll have to pay $200. But if your cell phone company goes out of business, or their service suddenly stinks, will someone pay you $200?

Still, consumers could always read the small print, and if they don't like cell phone rules, they should just avoid cell phones, right? Even that age-old advice to read everything isn't good enough. For example: It's nearly impossible to buy software today without agreeing to a "shrink-wrap" contract, even though you generally can't read the contract until you get the software home and open the box. Many terms of shrink-wrap contracts are unfair. They are also very hard to stop. Kind of like a train.

As it turns out, Amtrak's refund and change policy actually isn't as Draconian as airline policies. Amtrak issues refunds pretty liberally at consumer requests, minus a 10 percent refund fee. That fee is waived if a train is two hours late or more. The refund fee is also waived when riders miss connections because of late trains. Try asking an airline for those terms.

Of course, no one really wants a refund when they are halfway through a trip to Hawaii or Europe. We all just want to get where we're going for a fair price. But why does the idea of refunds for late service sound so crazy to our American ears? Particularly when we, as consumers, must so often cough up the dough for a late fee?

Five minutes late? A refund
In Spain, the remarkable high-speed Ave train makes a promise that sounds insane to us Americans. If the train is more than 5 minutes late, passengers are entitled to a full refund. Nothing unconscionable about that contract.

Not surprisingly, refunds are rarely issued.

Not long ago, I arrived at the gate for a 3:15 p.m. Ave train from Madrid to Seville at precisely 3:15 p.m. (OK, it's a bad habit, I know.) The train was moving, just beginning to creep out of the station, but the conductor still let me jump on. In the same situation in the U.S., I fear I would have just been jumped -- for extra fees.

RED TAPE WRESTLING TIPS
Would that it were so easy to simply say, "Read everything!" What good is that if you ultimately have to sign the deal anyway? Know that unfair provisions of boilerplate contracts are not enforceable, so just because you signed it doesn't mean you have to do it. You may have to get a lawyer involved, or your state's attorney general's office, however. Still, simply knowing your rights might make you a little more convincing when you are discussing your problem with a customer service agent.

The most disturbing element on consumer contracts of adhesion are binding mandatory arbitration clauses that force consumers to surrender their rights to sue. For more information on those, visit GiveMeBackMyRights.com.