Millions of Americans have been told their credit card terms are changing for the worse this year.  The only way to ward off the changes -- such as higher interest rates -- is to put the card on ice and stop using it.

Meanwhile, more than 100 million credit and debit card numbers have been stolen recently, and unauthorized credit or debit card charges hit nearly one in 10 consumers every year. This can make for a toxic combination.

Steve Abshagen got one of the unhappy notices from Bank of America in March, indicating his interest rate was going to jump from 9.9 percent to 14.95 percent.  Abshagen was a former MBNA customer until Bank of America acquired that firm's credit card users, and the change came as a surprise. While he carries a "five-digit balance" on the card, he says he's never missed a payment. BofA hiked his rate anyway, in a change that would have cost him about $850 more per year in finance charges.

But Abshagen reads his mail carefully, and spotted the customary "opt-out" alternative offered by Bank of America.  He could decline the change in terms and agree to pay off his balance at the lower rate, as long as he never used the card again.  Abshagen took that option, mailed in his opt-out notice, and began using a different card for new purchases.

All was well until last month, when Abshagen received his monthly statement from the bank. His minimum payment had jumped by $75, and his interest rate was raised to 14.95 percent.

The reason? An unauthorized charge to his credit card.

Abshagen says he made a purchase at Amazon.com and while he entered his new card to
complete the transaction, Amazon accidentally charged his old card, which the site held on file from previous purchases. 

He noticed the charge immediately and had it reversed, but it was too late. That single transaction had triggered acceptance of the higher rate, according to Bank of America, and now he was on the hook for a 50 percent interest rate increase.

Abshagen got on the horn to Bank of America, but the company offered little help.

"The woman was pleasant and she told me she could request from another department that they lower my rate, but she could not promise anything," he said.  She couldn't even give him an answer, he says.  "She said that if the request was successful the lower rate would show up on my next statement." In the meantime, he'd have to pay his current bill, she said.

That seemed unfair to Abshagen, who didn't want to make the higher payment. He threatened to withhold any payment to the firm until the matter was resolved. The call ended in stalemate.

"I refuse to pay a cent on this card until I receive a note saying they've given me the lower rate," he said. "They're the ones who violated the agreement, not me."

When asked to investigate the matter by msnbc.com, Bank of America spokeswoman Betty Reiss told msnbc.com that she couldn't comment on individual consumer's accounts for privacy reasons.

She did say, however, that the bank's policy holds that unauthorized charges should not cause a customer's rate to increase -- and that Abshagen's lower rate had indeed been restored.

"If we determined there was a charge that is unauthorized we would reinstate (the customer's) opt-out status, which is what we did in this case," she said.

Abshagen said he received a call from a Bank of America representative indicating his lower rate had been restored a few minutes after msnbc.com's inquiry.

RED TAPE WRESTLING TIPS
Consumer Union attorney Gail Hillebrand said Abshagen was lucky to have a happy ending, mostly because he was diligent about reading his bills.

There are dozens of ways that consumers can lose their opt-out status -- and get socked by higher rates, she said.  Many consumers link automated monthly bill payments to their credit cards -- such as cable TV service, Internet service, or even mass transit system payments. Even one missed charge could trigger the higher rate. 

"That can be a pain. You find yourself asking, 'What's my login so I (can) stop payment?'" she said. "You'll have to know what all those bills are."

A refund credit to the card could also trigger new terms.  And of course, so could a thief's unauthorized purchase. Earlier this month, the Justice Department announced that a single suspect had led a crime ring that stole about 130 million credit cards, nearly one for every adult American consumer.  A study by security firm Gartner indicated that 7.5 percent of consumers were hit by ID fraud last year, with most victims of credit or debit card fraud.  Given the widespread prevalence of interest rate notices and identity theft, it's likely more consumers will find themselves fighting to restore their opt-out status, Hillebrand said.

"Just as a matter of decency, the bank should restore the rate in that case. Of course, with banks, you can't count on decency," she said.  Consumers in this situation should file an identity theft affidavit with the Federal Trade Commission and file a police report, and send a copy of both to the credit card company as a plea to restore the opt-out status and the lower rate.  She urged consumers to also write to the Federal Reserve, which is right now developing new rules for consumer rights when credit card companies change their terms of service, and recommend that the agency make it easy for consumers to avoid new terms and higher rates.

Become a Red Tape Chronicles Facebook fan

Scott Fedyshyn and his wife recently brought home a bouncing baby boy -- and an unexpected $600 medical bill.  But Fedyshyn, a trained billing consultant, fought back. He demanded itemized bills from his doctor explaining each charge, and why his health insurance wouldn't cover some items. 

Soon, he got another statement from the doctor's office – but this one came with a $20 refund check.

Billing errors are common, experts say. Double-billing, typos, upselling, and outright fraud add up to big unexpected medical bills for consumers -- even those who think they are fully covered by insurance.  A complex web of bills, forms, and other paperwork mean a lot of Red Tape for health care, and often leads to overpayment by consumers. 

Fedyshyn's tale is typical, and simple.  A few weeks after the birth of his son, now 10 weeks old, he received the bill.

"It said, 'Amount due: $600.' And there was no real explanation for it," the 29-year-old from Virginia said.  "I said I wanted a line-by-line breakdown of what was not covered and why."

When he received the breakdown, the reason for the discrepancy was obvious: an ultrasound image of the baby that insurance refused to pay for. The physician's billing department had coded the procedure as if the Fedyshyn family had requested an extra – and unnecessary -- baby image during their initial visit. But in fact the doctor had ordered it because their child was facing the wrong direction when the first "picture" was taken, and the doctor wanted a second look.

"So it should have been covered," Fedyshyn said. "After going back and forth a bit, it was changed."

These kinds of small errors in billing and coding can lead to big bills for patients, said Candy Butcher, CEO of the Medical Billing Advocates of America.  Her firm trains advisors who sell medical billing audit services to consumers.  Most work on contingency basis, taking 20 to 40 percent of the refunds they earn for clients.

"Eight out of 10 bills we see have some error," she said.

Harvard Professor Malcolm Sparrow, author of "License to Steal: How Fraud Bleeds America's Health Care System," said many medical bills seem arbitrary.

"Insurance companies and medical provider billings seem to bill on the basis of 'let's just see what we can get away with,' knowing that many consumers are too timid to question them," he said. Recently, when he questioned a bill, he was immediately offered a $200 discount as a "professional courtesy."

"I took it as sure evidence that (the provider) knew the original bill was unjustifiable," he said. "A sign of how aggressive the billings are would be the apparent ease with which they back off and adjust their demands when called to justify them."

All about coding
Errors can occur in many ways. In Fedyshyn's case, the doctor's office had incorrectly described its treatment to the insurance company when it "coded" the procedure. Each separate medical procedure, treatment, or drug given to a patient is recorded by the doctor or hospital in software, boiled down into a short numeric code. When providers miscode, insurance companies often reject the bill, and the patient can end up paying the difference. It can be easier for doctors to send patients a bill than to resubmit insurance claims.

Robert Tennant, senior policy adviser for the Medical Group Management Association – a trade group that represents physicians – said it's hardly fair to lay the blame for overbilling on doctors. The complexity of billing procedures is a breeding ground for mistakes, he said.
"With the thousands of health plans, complications galore, the lack of standardization, it's inevitable that this is going o be the outcome," he said. 

Here's one glimpse of the tortured billing process doctors face. After a visit, doctors code a patient's ailment using a standard called ICD-9 (International Classification of Diseases).  Currently, doctors must choose from about 17,000 possible codes. There are nearly 10 codes just to signify an ankle sprain, for example. But such coding can still be inexact, and many ailments must be squeezed into one designation or another. It's obvious how errors might occur.

In an effort to improve the precision of the codes, the Department of Health and Human Services (which manages the coding standards with Medicare) has added a host of new designations – there will be 155,000 possible code diagnoses soon.  The new system will allow for recording of far more granular details:  for example, whether a laceration to the head was caused by an ice hockey stick or a field hockey stick. Doctors must implement the system by 2013. An average small doctor's office will have to pay $84,000 just to upgrade their systems to handle the new coding scheme, Tennant said.

"It's a very complicated process," Tennant said.  "And it's going to get even more complex." Blue Cross and Blue Shield, for example, expect coding errors to increase 10 to 25 percent in the first year of the new system.

The penalty to physicians for incorrect coding is severe: Generally, insurance companies will deny all claims with coding mistakes.  And that's just one of the roadblocks to payment that can spring up along the way.  Others abound. There are, for example, about 1,200 potential claim forms used by health insurance companies.  So while doctors must wait until long after they have provided care to receive payment – try that with your auto mechanic – consumers end up utterly confused when they look at their bills, and often don't even know how to begin questioning costs.

"What we're getting at is the question of transparency," he said. "As a patient, you might ask, 'Why can't I just see how much it costs for a medical procedure?'  Well, because it's very obscure even for the provider … and the reality is because it's so complicated errors do occur."

RED TAPE WRESTLING: Four steps to fair billing
Fedyshyn, who managed to get a refund from his physicians, knew the right questions to ask because he's a consultant who challenges balance sheets for a living. But many consumers just pay their bills, happy to be healthy and feeling they don't have the expertise to challenge complex hospital stay bills, Butcher said. Many consumers could do just as well as Fedyshyn, however, if they took a few simple steps during and after their medical treatments, she said. Her tips:

1. Always request a "detailed itemized statement" from a hospital or doctor.  Most will provide only a summary statement unless asked.  The detailed statement is the foundation for any bill challenges.
2. Nothing is routine.  On that detailed statement, many consumers find unfair or excessive charges for routine items like gowns, toothbrushes, gauze, and so on, Butcher said.  Many times, those items are supposed to be included as part of room and board or operating room charges.
3. Kits for procedures are often a source for overcharging, she said.  For example, she's seen separate bills for scalpels when patients are also being billed for operating kits that include the scalpel.
4. Clerical errors. Sometimes patients are billed for medications for days after the doctor stops administering them, for example. Or four X-ray charges end up on a bill when only two are taken.

Naturally, many consumers are in no position to track all these things during their health care stay.  But the original doctor's orders for all procedures should be available to a patient through a request for medical records.  Many times, patients should request those records after they receive their initial Explanation of Benefits (EOB) form from their insurance company, which show what costs are covered by insurance and what kind of bill to expect from the doctor or hospital.

Once a discrepancy is suspected or found, Butcher recommends patients go directly to the supervisor of the billing department at a hospital.  She suggests patients send a certified letter with evidence of the error, and state clearly a desire that the item be placed "in dispute" and a request for a "30-day hold" on the payment process. That should stall any potential collections activity while the dispute is worked out.

Don't be afraid
Challenging a doctor's bill is easier said than done, however. Many consumers feel reluctant to challenge their physician's authority, particularly if they have an ongoing relationship with him or her. Even Fedyshyn said he'd gulped hard after raising an issue with a different pediatrician over tests that had been ordered which weren't covered by insurance.

But Butcher said that shouldn't be a concern. Virtually all doctors she's worked with have been helpful when errors are brought to their attention.

"Physicians most of the time have no idea what goes on with the billing process. ...This has nothing to do with the care that is provided," she said. "It has to do with people hired to work in the billing department and the coding of items. When we bring things to the attention of physicians, they have been more than willing to adjust it off the bill or give some kind of credit. So people should not be afraid to bring it up to their physician."
Naturally, most consumers don't pay a lot of attention to hospital bills unless their explanation of benefits statement indicates they will face a big out-of-pocket expense. But Butcher said patients should scan their bills carefully even if they are fully covered. It pays to watch out for overpayments by the insurance company, she said.  Why?

Consumers can run into annual caps and find themselves forced to pay at the end of the year -- or worse.

"Most policies have a lifetime cap, and if you have a terminal illness, it's very easy to meet that lifetime maximum," she said.  "Even though it may not benefit you financially now, you should still look over those bills. If the insurance company pays something they should not have, in the long run, that could hurt you, too."

 Become a Facebook fan by clicking here

Some American Express cardholders will soon have to pay a $29 fee to rescue their rewards points from late-fee limbo. And that's among the more generous policies you'll find from card-issuing banks.

You probably didn't need another reason to avoid getting mixed up in the credit card reward points game of Russian roulette, but here's one: A single misstep can put all those hard-earned rewards points in peril. And Discover Card holders should know that two missteps can make points disappear altogether.

Rewards programs are still incredibly popular with consumers -- nearly half of all credit cards issued come with some kind of reward scheme, according to Crain's New York Business.

But rewards points largesse has been waning, as credit card issuers reel under the pressure of rising default rates.  Double- and triple-points programs are nearly extinct. Airline tickets that once cost 25,000 points can now cost 50,000 or 60,000.  (HINT: You're much better off with a simple 1 percent cash-back card).

And now comes word of Amex's new policy for Blue and Blue Sky card holders.  In any month that account holders pay their bill late, they forfeit any points earned.  The points can be reinstated, but only by paying a $29 tax for each late month. 

Believe it or not, that's an improvement over some rewards card policies. At Capital One, for example, cardholders simply lose any rewards earned when their accounts are deemed late. There is no shot at redemption. 

Of course, as Bill Hardekopf of LowCards.com points out, $29 is no bargain. Only consumers who spend $2,900 in those months would get full value from resurrecting their lost points, as the points are worth about one penny each. Still, some might be tempted anyway.

"I hope consumers do the math," he said.  "A lot of people might not realize what their point structure is."

American Express says it's making the change to give consumers more incentives to pay their bill on time.

"The rewards program is available to rewards customers for their behavior and their loyalty," said Amex spokeswoman Desiree Fish.  "For someone not paying on time, there is a penalty. … It helps incent customers to be loyal and to pay us."

Of course, there are other incentives to pay up. Late-paying consumers are also hit with late fees and finance charges.

Fish said the change just brings Amex's Blue and Blue Sky cards in line with other Amex cards. But Hardekopf is concerned that the change is a part of a larger trend: Card issuers finding new ways to make money after Congress declared some of their old tactics illegal.

"We feared issuers might make some of these changes and now we see them starting to take place," he said. "These changes will continue as issuers try to find new ways to generate revenue and do anything they can to regain profitability."

INTEREST RATES UP
Fish denied that the change had anything to do with new regulations from Congress. Other recent changes, however, are clearly connected to the new law.  Chase recently began raising minimum payments from 2 percent to 5 percent for some cardholders and closing the accounts of others. And a new study by the Pew Charitable Trusts shows average credit card interest rates have skyrocketed this year.

A soon-to-be released report by the research organization will reveal that credit card rates went up 20 percent in the first two quarters of 2009. And when compared to the banks' lower costs of borrowing (called the marginal rate), interest rates are up almost 40 percent, said Eleni Constantine, direct of Pew's financial research.

"We want people to know what the facts are," Constantine said.

RED TAPE WRESTLING TIPS
You should know what the facts are. If you are a reward program account holder, double-check your company's policy regarding points and late payments.  And Hardekopf recommends keeping careful watch on your mailbox in the coming months – more statements with small print that could cost you big are likely on their way.

 Become a Facebook fan by clicking here.

The best way to get the attention of a classroom full of rowdy kids is to turn the lights off. And the best way to get the attention of Internet users is to essentially do the same thing.

Thursday's Twitter denial-of-service hack certainly grabbed everyone's attention.  Nothing like a total shutdown to make people sit up and take notice. But relatively speaking, denialof-service attacks are harmless. Everyone's been through it - CNN, Yahoo, Microsoft. Heck, Facebook and LiveJournal were hit Thursday, too, by the social media bandwidth bandit.  (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

But Twitter's been hit by far more serious security issues in the recent past..   Just last month, a hacker wormed his way through Twitter and into personal documents of a company executive.  Earlier this year, a hacker managed to impersonate several high-profile public figures (including President Barack Obama and CNN's Rick Sanchez) by hijacking their Twitter accounts.  Not to mention all the spam, viruses, and malicious links that are finding their way around the microblogging site these days.

Oops, we did it again. We invented a cool new technology, got millions of people hooked on it, seduced them into over-sharing information through a false sense of security, and created a wonderful playground for hackers. E-mail, Web browsers, online shopping, Facebook -- they've all gone through the same growing pains.

It doesn't have to be this way, of course. Last week, the world's best security minds gathered in Las Vegas at the Black Hat/DefCon conference. One year ago, researcher Dan Kaminsky got everyone's attention by threatening to quite literally shut down the Internet. A flaw he discovered could have enabled a hacker to render the Web useless in a few minutes. It was fixed promptly.

This year, Kaminsky was back with a slightly less dramatic flaw: a trick that would have basically disabled "https" and those security locks on Web browsers.  That got fixed too. But still, he's frustrated. The vast majority of Internet perils are avoidable, if companies like Twitter baked security directly into their products.  And still, nearly two decades into the grand public experiment of Internet use, nearly all consumer information is protected by a measly user name and password combination.

"Sixty percent of all attacks are just passwords. Missing passwords, stolen passwords," he said. "We have this technology and it's not working. If we don't do things better it's going to be a real problem."

Authentication, he explained, is at the heart of all commerce, and all Web transactions. For the most part, we're no further ahead in authentication technology than we were in 1995.

The hacker who attacked Twitter executive Evan Williams' e-mail claims he got in by simply guessing the answer to one of those silly "Forgot your password?" questions, like "What is your dog's name?"  We warned users about this last year.

Still, Twitter used the technology, Williams allegedly trusted it, and now people know what he purchased at Amazon recently.  Criminals who got into his Twitter account used access to "escalate" their way into Williams' Google Docs account as well, and obtained sensitive information about the company.

Theoretically, it's not that big a deal for someone to hack your Twitter account - everything you say there is designed to be public.  But increasingly, like Williams, Web users are slowly but surely moving everything they do online, and linking it all through various social media and document-sharing tools.

If the thought of not being able to tweet for a few hours bothers you, stop for a moment and consider what might happen if someone was able to access all your online activities, read all your e-mail, or impersonate you and send nasty notes to your boss or wife.

Moving in the right direction
Twitter deserves credit for trying to play catch up. Recently, it quietly instituted a security upgrade - disabling links to known hacker sites.  A positive step, and one that could so irritate- the bad guys, I wouldn't be surprised if there's a connection between this new security tool and the denial-of-service attacks.

Twitter has other enemies, too. Its shining moment came during the recent Iranian uprising, when Twitter proved robust in the face of government censorship.

But the question remains: Why would a service like Twitter set itself up for this string of attacks and bad publicity?  Kevin Haley, director of security response at Symantec Corp., says it's normal "growing pains" for a ragingly successful Internet startup.

"Nobody has a full-blown security plan when they develop their business plan or their site," he said. "At the beginning, you are completely focused on getting your site up and your services up. Anything like security that makes it harder for people to join, you're not going to want to put that into place."

Eventually security problems arise, and then companies address them, he said.
That means you, me, and everyone else who hops on the next great Web thing is really just allowing the creator to experiment with our personal information.

A few hours without Twitter is nothing to be alarmed about.  But today's incident, and other recent missteps, provide continued hints that things at social media sites aren't as safe as we perceive.

It's enough to make you wish that the last hacker to break into a major Web site would turn the lights off when they leave.

RED TAPE WRESTLING TIPS
What does this mean for you?  Once upon a time, it was consumer gospel that you never bought a new car in its first production year.  You let the manufacturer work out the kinks with other suckers for a year before you jumped in. When it comes to exposing personal information, that's a pretty good strategy.  Twitter, Facebook, online document storage, all these services have a lot of promise.  But I'd let these security issues settle down for a while before I trust them with anything meaningful.

Here's a good rule of thumb: Recent celebrity incidents should have taught all of us that anything we say to a police officer during a traffic stop could become public record and end up in front of the whole world --  so it's best not to say anything you wouldn't want everyone to see.  That's a good rule for online services, too. Before you type or post, picture everyone you know reading it. If that gives you pause, you should probably hit the delete key.

Also, it's more important than ever not to use the same password at all sites.  A hacker who breaks into your Twitter account will immediately try to break into Amazon, Yahoo, Hotmail, Gmail, Facebook, and any other ubiquitous site.  Imagine the trouble someone who read your Gmail could cause.

And now's a good time to take a look at those "Forgot Your Password?" links on your favorite sites. If the question is "What was your high school mascot?" and your Facebook picture is you wearing a sweatshirt with a horse on it that says "Lake City 'Stangs," you should change your question.

One theory has a new variant of the Koobface virus responsible for these outages. It's easy to fall for Koobface, because it can arrive as a tweet that looks like it's from a friend, with a link to video.  Clicking on unexpected links is always a bad idea, but those clever "bit.ly" links, and their shortened URLs, create a particular hazard. Because you don't really know where you are going (the landing URL is hidden), bit.ly links are great for hackers, bad for you. Just ask your friend to re-send the full link. That'll foil most hackers.

Finally, if you are so inclined, send a note to the CEO of the companies involved saying you are very concerned about security. The chief reason security pros like Kaminsky gather in Las Vegas every year is to commiserate on this fact: the marketing department always gets much more money than the security department. You could help their cause by letting companies know that you care about security and privacy.

Become a Facebook fan by clicking here.

In New Hampshire, residents pledge to "live free or die." Apparently, that even extends to online banking.

An eagle-eyed New Hampshirite named Dave recently took out his magnifying glass and spotted a new fee in the small print at his bank's Web site. Customers who want to send money from Citizens Bank to an account at other bank — say a brokerage account or a high-yielding Internet savings account like ING Direct — must now pay.

"Just $3 for outgoing transfers to other institutions," the notice says. It came as part of an announcement titled "New, improved Web site."

Dave, who requested anonymity, didn't see it that way.

"Apparently banks are now charging sneaky transfer fees," he said. "With people going to online banking, banks are starting to charge ATM type fees for transfers."

After complaining to the bank and getting an unsatisfactory response, Dave told his bank that he would live free or …

"I told them I would probably look for a new bank," the 45-year-old said.

Easier said than done, however. Dave's other bank, JP Morgan Chase, also charges the outgoing transfer fee. And in fact, many big banks now tell their online consumers they can't send their money to another bank without paying the $3 fee every time. Curiously, incoming transfers are free. In other words, the bank will gladly take your money, but it won't give it back without a fight.

Mike Jones, a spokesman for Rhode Island-based Citizens Bank, said the new fee actually represents a cost savings for consumers. Before August, Citizens account holders had to use wire transfers to send money to other institutions, which cost $18 to $35. The $3 fee is a bargain, he said.

"This is part of several enhancements to our online banking platform," he said. "We are doing it to increase convenience, and it comes with a cost savings for consumers."

The interest-rate chase
Bank-to-bank transfers have become common at a time when consumers are fighting for every quarter-point of savings interest they can earn. Checking account interest rates are at historic lows. Internet-based savings accounts offer slightly better rates and have attracted about $160 billion in deposits since they exploded onto the scene in the early part of this decade, according to the Tower Group, a financial research firm. Other consumers chase higher yields through money market funds offered by brokerage accounts or other banks. It all leads many customers to habitually move money around to capture that interest.

If that's you, watch out. A few transfer fees could wipe out that extra interest you think you're earning.

Many online banks, such as HSBC, waive outgoing transfer fees for their Internet accounts. But traditional checking accounts often come with the fee, a disincentive for moving money out of their accounts.

"It definitely seems unfair, but I'm not surprised. … This is another example of nickel-and-diming customers to death," said Kathleen Day, a spokeswoman for the Center for Responsible Lending. "Consumers account for $7 out of every $10 in this economy, and it is so unproductive that the financial community is sucking every spare penny from consumers for this non-productive enterprise. The irony is that this nickel-and-diming is hurting our chance of an economic recovery."

Greg McBride, an analyst for Bankrate.com, said that consumers should get used to these kinds of fees.

"This is the banks' equivalent of sticking their tongue out at the customer when they take their money out," he said. While consumers get used to the idea that they can improve their returns with just a few clicks of a mouse, banks will continue to devise disincentives to stop them.

"There's more where that came from."

RED TAPE WRESTLING TIPS
Consumers can generally avoid this outgoing transfer fee. Because banks accept incoming transfers free, account holders should always have the destination bank initiate the transfer. In other words, if Dave wanted to move money from his Citizens account to an ING Direct account, he should initiate the transfer from his ING account — telling ING to "pull" the money in, rather than telling Citizen to "push" the money out. At least for the moment, "pulled" transfers remain free.

Curious about high-yielding savings accounts? Visit bankrate.com's interest rate page or highyieldcheckingdeals.com 

Follow The Red Tape Chronicles: Become a Facebook fan by clicking here.