Banks knocked offline, day after day - on Thursday, it was WellsFargo.com's turn. A digital skirmish between two European firms that grew so large it slowed Internet traffic worldwide. If it feels like the Net has been fragile lately, there’s a good reason: Computer criminals are launching more powerful attacks and are gaining the upper hand.

Security firms have been relatively successful in recent years countering denial of service attacks — criminal assaults that overwhelm websites with fake traffic to make them unreachable, the equivalent of speed-dialing a friend's phone repeatedly so no other calls can get through — with software designed to separate real traffic from fake, or simply by purchasing bigger Internet pipes that can absorb the requests.

But the equation is changing dramatically as criminals have learned how to use the Internet against itself.

Among the Web’s dirty little secrets: Economics strongly favor the criminals. They hijack bandwidth used for normal Web operations, concentrate it and aim it at a target. The more money that firms invest in bandwidth to protect against traffic floods, the more bandwidth crooks can steal and use to attack. Worse yet, the bigger the pipes going into hijacked computers, the fewer computers criminals must control to succeed in an attack. 

An attack that might have required 10,000 compromised computers in past years can now be accomplished with 100. That means the costs for the criminals is going down, while security costs are going up. 

"The problem is, this is an asymmetric war, an arms race we can't win because they are using our resources against us," said Rodney Joffe, senior technologist at Internet infrastructure company Neustar, which helps companies fight denial of service attacks. "That's why building larger highways won't help. They just make use of our resources."

Wells Fargo told NBC News that some of those resources were used to knock it offline for part of the day Thursday.
“We’re seen an unusually high volume of website and mobile traffic which we believe is a denial of service attack,” the firm said in a statement.

'Not really much we can do'
Last week, a European denial of service incident that targeted spam-fighting organization Spamhaus and its Internet providers involved an incredibly focused attack that stormed the service with one of the largest measured attacks in history. There is debate about how much the rest of the Internet suffered as a result of the attack — in truth, the impact was imperceptible to most — but it would be a mistake to overlook it.  Experts expect copycats soon.

The Spamhaus attack used a technique that’s more than 10 years old. Domain name servers that run the guts of the Internet were tricked into sending a flood of traffic at Spamhaus. Hijacked computers with disguised, or spoofed, return addresses asked the DNS servers for long lists of data — specifically, to resolve website addresses — which were reflected and sent by the servers to Spamhaus servers.  Exploiting about 1,000 misconfigured DNS servers was enough to generate a record-sized attack. A group devoted to fixing such misconfigured machines says there are 25 million of them on the Web, ready to be exploited.

DNS attacks haven’t been top priority in recent years, partly because servers didn't need large amounts of bandwidth to do their relatively simple everyday tasks of matching numerical Internet addresses with common website names. Today, many are linked with high-capacity pipes, making them newly attractive takeover targets for hackers.

The bank attacks work differently. The group behind them — which calls itself al Qassam — uses an army of thousands of compromised computers called a botnet in coordinated actions to attack banks.  But al Qassam holds an advantage: A single compromised home PC, connected to the Internet with high bandwidth, can generate 100 times the malicious traffic as a similar computer five or 10 years ago.

"There's not really much we can do about that," said Michael Smith, director of the customer security incident response team at Akamai Technologies Inc., which provides website performance optimization and security for some of the companies targeted in the attacks. "Speeds are going to get faster."

Changing tires on a moving bus
Aaron Rudger, a spokesman for Internet traffic measurement firm Keynote, notes that denial of service attacks rarely escalate beyond a major annoyance for companies or consumers. Traffic after the Spamhaus attack was back to normal within a few hours as packets found other routes to their destinations.  Consumers who need access to their bank accounts can use the telephone, or in some cases, even mobile phone apps when a bank’s website is down.

“You can't really kill the Internet,” Rudger said. "The Internet in general is inherently very resilient.”

There are ways to fix the denial of service attack problem, but they are expensive and would require fundamentally changing the protocols that govern the way the Internet works. And it would all have to happen without interrupting Internet service.

“It’s akin to changing the tires on a bus moving 60 mph,” Joffe said. “We have to rethink the entire thing.” Proposed new rules would make it impossible to use fake return addresses, for example, but Internet service providers around the globe would have to agree to the changes.

Avivah Litan, a banking security analyst with consultancy Gartner Group, said that an even more radical change might be necessary, because there’s really no way to get rid of the criminals.

“We might have to put the banks on a private Internet,” she said. “Because we are not going to get rid of the people attacking the banks ... You might think the only way it's going to end is if we take them down, but they are like Al Qaeda, totally distributed. In fact they are 1,000 times more distributed.”

Follow Bob Sullivan on Facebook or Twitter.

Related:

• Cyberattack on banks signal urgent need for security bill, lawmakers say
• Bank website attacks reach new high: 249 hours offline in past six weeks

The Consumer Financial Protection Bureau (CFPB) made its database of complaints against mortgage issuers, student loan firms, credit bureaus and other kinds of lenders available to the public for the first time on Thursday. 

The database covers 90,000 complaints with more than 1 million data points covering 450 companies.

The CFPB spreadsheet allows consumers to find the most complained-about banks in highly specific categories. For example, Capital One received the most complaints about credit cards, and Bank of America received the most complaints about traditional adjustable-rate mortgages.

It's important to note that the data isn't normalized and that banks with more customers receive more complaints.

Data can be sorted at the bureau's website by state or company. It can also be downloaded for free and used in privately developed applications. 

The agency's complaint database was released on a limited scale last year, and included only 19,000 credit card-related complaints. Thursday's announcement represents a large expansion of publicly available data. 

The bureau hopes consumers can use the information to make more informed choices about banks they do business with. "By sharing these complaints with the public, we are creating greater transparency in consumer financial products and services,” said CFPB Director Richard Cordray. “The database is good for consumers and it is also good for honest businesses."

Complaints are listed in the CFPB database only after the company responds to the complaint or after they have had the complaint for 15 days. Records include the type of complaint, the consumer's ZIP code, the company, and the resolution. Consumers' names and other personal information are not shared.

Among student loans and mortgages, about two-thirds of the complaints involve consumers who are having trouble repaying their loans, according to an analysis provided by the CFPB of complaints filed through February. Many of the mortgage complaints reflect consumers' paperwork-related frustrations when attempting loan modifications. 

Nearly three-quarters of the 6,700 complaints filed against credit bureaus involve inaccurate information. Credit card complaints are more scattered, with billing disputes making up 15 percent. A common gripe, the bureau says: Consumers don't realize they have to dispute a suspicious item on their credit card bills within 60 days.

In a blog post that accompanied the release of the data, CFPB official Scott Pluta said he hoped consumers would be creative and find new ways to examine and use the data.

"From infographics to iPhone apps, we’ve seen people do amazing things with the credit card complaint data that was available before today," Pluta said. "We encourage the public, including consumers, analysts, data scientists, civic hackers and companies that serve consumers, to analyze, augment, and build on the information in the database to develop ways for consumers to use the complaint data or mash it up with other public data sets to reveal potential trends."

The bureau plans to expand the data to other complaint categories in the future, he added.

Follow Bob Sullivan on Facebook or Twitter

More from Red Tape Chronicles:

• Celebrity hackers stole data from AnnualCreditReport.com, Equifax says
• Google pays $7 million to settle 'Wi-Spy' case filed by states
• Why consumer agency must go, and why it should be saved

Helaine Olen has begun an important discussion in the world of money: Is anybody's advice worth paying for?

The author's new book, “Pound Foolish: Exposing the Dark Side of the Personal Finance Industry,” has rattled quite a few cages since it was published in January. It's also gotten a lot of attention, including glowing praise from The Economist. We sat down with Olen at our studio in 30 Rockefeller Plaza recently. (You can watch the interview by clicking “play” above.)

Follow @RedTapeChron

Olen points out the folly of simplistic mass-market advice, such as the notion that forgoing a latte every day will make one a millionaire by retirement. She's an equal-opportunity critic, poking fun at everyone from late-night TV stock pickers, to financial gurus who make millions writing books, to newspaper business reporters who have no credentials for doling out advice.

In fact, that's how Olen started her career -- writing "Money Makeover" columns for the Los Angeles Times, where she matched up eager consumers with even more eager finance wizards, and described the advice that was doled out. Ten years on, these stories still gnawed at Olen, as she wondered if the consumers were genuinely helped by the advice. Her book's most telling moments detail meetings with these sympathetic characters, who unsurprisingly have not fared better after hearing the normally high-priced money wisdom.

Olen gets some cheap laughs by going back in time and showing mistakes made by financial prognosticators -- citing Suze Orman's advice to her fans that real estate was the best investment. But something more nefarious is at play in American culture, Olen says, when the myth of the latte millionaire persists. The subtle message from many financial gurus is that consumers simply have to suck it up a little, ditch the extravagances and everything will be fine. That's just not true, she argues.

"We believe very deeply in this country in the myth of Horatio Alger, which is ... this idea that we can do it all by ourselves," she said. "And that's just not true." Harsh economic realities, such as skyrocketing housing and health care costs, play a bigger role in our financial future than our ability to skip pricey coffee, Olen says.

It's undeniable that much personal finance advice is overly simplistic. But it's also undeniable that Americans are terrible at math, and many don't want to take even the simplest steps at improving their financial futures. So it may not be fair to criticize those who give simple advice to consumers who seem to want it. And behavioral economists have produced research for years showing that financial education doesn't do much good anyway, because people tend to take the path of least resistance when making decisions on 401(k)s, mortgages and so on. They prefer nudges from companies and governments, such as automated enrollment in the most beneficial retirement plans. 

What's the harm if financial gurus provide that nudge of inspiration to pay down debt or build up savings for someone who otherwise might not act? Olen didn't have a good answer. Still, her critique is eye-opening, particularly when readers are confronted with tale after tale of advice gone bad. 

Taken as a whole, “Pound Foolish” is a good reminder that you are as qualified as anyone else to control your financial future. As the saying goes, if you want something done right, you should do it yourself. You'll be saving a lot of money in the process, too.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter

More from Red Tape Chronicles:

 ID theft on the rise again: 12.6 million victims in 2012, study shows

'Privacy tax' creator makes his case, says software is 'eating the world'

Death of the price tag: Stolen from us too soon

CLARIFICATION: This story was updated Feb. 1 with additional information about Kathy Sandy’s Work Number disclosure report.

The Equifax credit reporting agency, with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans’ personal information ever created, containing 190 million employment and salary records covering more than one-third of U.S. adults.

Follow @RedTapeChron

Some of the information in the little-known database, created through an Equifax-owned company called The Work Number, is sold to debt collectors, financial service companies and other entities.

"It's the biggest privacy breach in our time, and it’s legal and no one knows it’s going on," said Robert Mather, who runs a small employment background company named Pre-Employ.com. "It's like a secret CIA."

Despite all the information Americans now share on social media and websites, and all the data we know companies collect on us, one piece of information is still sacred to most people: their salaries. After all, who would post their salary as a status update on Facebook or in a tweet?

But salary information is also for sale by Equifax through The Work Number. Its database is so detailed that it contains week-by-week paystub information dating back years for many individuals, as well as other kinds of human resources-related information, such as health care provider, whether someone has dental insurance and if they’ve ever filed an unemployment claim. In 2009, Equifax said the data covered 30 percent of the U.S. working population, and it now says The Work Number is adding 12 million records annually.

How does Equifax obtain this sensitive and secret information? With the willing aid of thousands of U.S. businesses, including many of the Fortune 500. Government agencies -- representing 85 percent of the federal civilian population, including workers at the Department of Defense, according to Equifax -- and schools also work with The Work Number. Many of them let Equifax tap directly into their data so the credit bureau can always have the latest employment information. In fact, these organizations actually pay Equifax for the privilege of giving away their employees' personal information.

Equifax turns around and sells some of this data to third parties, including debt collectors and other financial services companies. 

Equifax declined to be interviewed, but in an emailed statement to NBCNews.com, it confirmed that it shares "employment data" with debt collectors and others, and said it does so in compliance with Fair Credit Reporting Act guidelines. 

"In all cases, these entities must have a permissible purpose to request employment information," Equifax spokesman Timothy Klein said. 

He also said consumers give these third parties the right to access the data "at the time of application" for credit.

"A consumer grants verifiers (creditors) and their assigned debt collectors the right to verify employment should the consumer default on their account," he said. 

Data for debt collectors
Companies sign up for The Work Number because it gives them an easy way to outsource employment verification of former workers. Firms hate taking these calls, which usually come when a former employee is applying for a new job, because they are a costly distraction for human resources departments and open the firm up to lawsuits if someone says something disparaging about the former employee. So they contract with The WorkNumber, which automates the process. In exchange, firms upload their human resources data to The Work Number, which was part of an independent St.Louis-based firm named TALX until it was acquired by Equifax in 2007 for $1.4 billion.

The Work Number offers consumers some benefits. It provides an easy way for prospective landlords to verify an applicant's income, for example. Consumers tell the Work Number they want a one-time access code, which they then give to a landlord so he or she can verify that the potential tenant can really afford the apartment.

But The Work Number serves dual purposes. It’s also a massive database that Equifax monetizes in a variety of ways, despite the reassuring-sounding messages found all over TheWorkNumber.com.

"Can just anyone get my income information from The Work Number?" reads one passage. Answer: "No. You have to give someone authorization to get your income information from the service."

Employers who sign up for the service go to great pains to reassure workers that their data is safe and secret. Columbia University, when it explained to employees it was transitioning to The Work Number, posted this on the school's website:

"You are the only person who can authorize access to your salary information."

But Kathy Sandy of Sommerville, N.J. was surprised to find that a debt collector had accessed information from her report two years ago, something she learned only when she obtained her "consumer disclosure" from The Work Number. Because the data is considered a credit report, consumers are entitled to one free report every year. The report shows what data the report contains, and what entities have seen it.

Sandy's Work Number report, which she shared with NBC News, is 22 pages long -- an amazingly detailed history of every paycheck she had received for years. The first page of the report lists "verifiers who have requested your data in the past 24 months." On the list is "Pressler and Pressler," a law firm that specializes in debt collection. The firm had sued her in small claims court over a credit card debt that she says she was already repaying. It is not clear from Sandy’s report what employment data was shared with Pressler and Pressler; Equifax says it does not provide salary information to debt collectors, but it does provide other information.

"I found out debt collectors can access this information, which is strange," Sandy said. "I assumed with The Work Number, for that information, you had to have a (passcode) … but they got in, and got it somehow without my consent."

In brochures where Equifax advertises sale of the data, it's not shy about the source.

"The Work Number specializes in employment and income verification. It's direct from the source: the employer. It's current, as of the last pay period. It's delivered quickly -- on demand," says one brochure, titled "Portfolio Monitoring."

In his statement to NBC News, Klein confirmed that "pay rate" information is shared with third parties, including "mortgage, auto and other financial services credit grantors," as authorized under the Fair Credit Reporting Act.

He denied that salary information is sold to debt collectors, however.

"Debt/Collection agencies may request employment information -- which may be nothing more than verifying that a consumer is working where they say they are – if it qualifies under permissible purpose," he wrote. "Collections agencies are not provided salary information."

That contradicts an assertion made recently by Equifax CEO Richard Smith in 2009, when he talked about how detailed The Work Number data is.

"With FirstSearch and TALX we can provide information about a debtor’s location, income and employment," said Smith in an interview published on NYSE Magazine’s website, referring to The Work Number’s former parent company. "That can help prioritize which accounts to pursue first. If they’re employed, that business has a better shot at collecting what is owed to them."

Klein said Smith misspoke when describing TALX’s services, and reiterated that salary information on consumers is not sold to debt collectors.

'Unbelievably scary'
With or without the income data, The Work Number data is incredibly valuable to debt collectors -- and it may come as a surprise to many workers that their employers, directly or unwittingly, help debt collectors.

Equifax markets The Work Number specifically to student loan issuers. In another brochure on the firm's website, Equifax brags that The Work Number makes debt collectors' jobs easier.

"The Work Number produced a 5.5 percent lift in Right Party Contact and a 7.3 percent lift in Collections Resolution versus current skip-trace methods," the "case study" brochure says.

Equifax’s resale of The Work Number data doesn’t stop there. It also offers "portfolio monitoring" to financial firms who might want to market their products to consumers … or to get early warning on someone who might soon land in financial trouble. It calls this "proactive managing of risk." 

"The Work Number is part of our employment and income verification service. It provides continual track of changes to your customer or client portfolio, delivered on demand per your schedule," it says. "Simply submit a portfolio of customer or client accounts and The Work Number does the rest. ... Using The Work Number to stay abreast of employment changes can expand your ability to mitigate risk while maximizing product and service potential."

Mather has been in the employer data business for more than 20 years, and he says that if Americans suspected their employers were giving away their personal information to a credit bureau, they'd be shocked.

"The story here is how (The Work Number) is getting this information," he said. "When people find out, no respectable employer will continue to do this."

Larry Ponemon is a privacy expert who operates The Ponemon Institute, a consulting firm. He said he’d never heard of companies selling employer data to debt collectors.

"Are you joking? Oh my god, I'm shocked," Ponemon said when the business was described to him. "This is unbelievably scary. I consider payroll information very sensitive and private." In studies he's conducted, salary data is always among the information consumers say is most private.

"If the public knew about this, there would be such outrage," he said. "It's just ... really depressing."

Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, had heard of The Work Number, but only because some consumers have complained to his agency that the data in its database is inaccurate. Some workers find that when they try to use the information for employment verification, their titles are outdated or otherwise misrepresent their work history, which can be embarrassing for a job applicant.

When told that the data is sold to third parties, he said he was under the impression the data was not shared.

"I think it is something that would be offensive to many people. One typically considers salary information to be shared by your employer just with IRS," he said. 

A glance at the language on The Work Number's website suggested to Stephens that the firm is legally within its rights to share the information, however.

"You get into the 'permissible purpose' doctrine," he said. "Debt collectors have a permissible purpose to look at your credit information. It was my impression that the data was only being given out when employees released it."

'Secret' process?
Data brokers are under heightened scrutiny in Washington, D.C., lately. There are two separate congressional investigations of the industry, and the Federal Trade Commission announced in December that it had begun an inquiry into how brokers obtain their information. Equifax received an inquiry letter from the FTC, but only for the data broker portion of its business involving non-financial data, such as criminal background records and address information.

Credit reporting agencies, such as The Work Number, are distinct from data brokers and are governed by special rules. Ironically, those special rules may open the door for Equifax -- and the credit-reporting side of its business -- to resell the salary information, says Katrina Blodgett, a lawyer with the Federal Trade Commission. She is one the agency’s experts on the Fair Credit Reporting Act. 

The FTC filed a case against TALX and Equifax in 2008 for allegedly failing to provide employers with sufficient notice about their disclosure responsibilities under the Fair Credit Reporting Act. Equifax admitted no wrongdoing and paid a small fine.  

Blodgett said the Fair Credit Reporting Act and subsequent updates give consumers specific legal rights, such as the ability to dispute errors in credit reports. But it also creates permissible purposes for access, including giving financial service companies the right to review credit reports of consumers they do business with. 

"It’s not as easy as it should be to say whether debt collectors can get your consumer reports, because it depends on the circumstance," she said, adding that she believed Equifax could have the right to sell the salary information to debt collectors because it is part of a credit report.

Much attention has been paid to the use of credit reports by human resource departments in recent years, and Congress gave job applicants special rights when a credit report is used during the job interview process. The reverse isn’t true, however, Blodgett pointed out.

"There are special restrictions on how credit reports can be used in hiring decisions, but there are no special restrictions on how employment reports (such as salary information) is used for non-employment purposes," she said.

She said she wasn’t surprised that Equifax is selling the information in The Work Number.

"They are a credit bureau. They sell credit information to lenders," she said.

Mather wants the sale of employee information halted. His firm also performs third-party employment verification, but he does not resell the data he collects.

"I strongly believe there is no reason to resell employee information to debt collectors without the permission of the employer and employee," he said. "This 'secret' process needs to stop. I hope eventually a simple law is passed making it required to get the permission of the employee BEFORE his information is resold. It simply should NOT be used for any other purpose except for employment purposes without permission. In my view, it is a betrayal of trust."

Consumers who want to see what information The Work Number has on their employment history can visit this page on the TheWorkNumber.com. While reports are available online, consumers may have to fill out a form and mail it to The Work Number in some cases.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter.

More from Red Tape Chronicles:

• Telecom firms can't say how 'crammed' charges were billed to unused phone
• Proposed 'privacy tax' would penalize firms that profit from consumers' info
• Net users fall for fake online lovers all the time, victims advocate says

I had just borrowed about a quarter-million dollars and my question was simple: "How do I pay you back?"

The woman on the other end of the phone, however, couldn't tell me. Ten days had passed since I signed the papers to refinance my home and, with the holidays approaching, I was worried my first payment would be late. She tried to soothe me with perhaps the most misunderstood phrase of the refinancing process: "Don't worry. You get to skip a payment."

Follow @RedTapeChron

Had I listened to her, it would have cost me thousands of dollars. And if you are one of the millions of homeowners who will refinance in 2013, it could cost you, too. 

If your new year’s resolution is to save money or get control of the family budget, refinancing remains a really good option. But the idea that “skipping” the first payment can be pain free, financially speaking, is a myth, repeated over and over by loan officers like mine. Sometimes they are lying, sometimes they are misinformed and sometimes they are just trying to get an annoying borrower like me off the phone. But with rare exception, they are giving bad advice.  (News flash: Whenever a bank seems to be doing you a favor, it probably has a hand in your wallet.)

Real estate transactions are already confusing enough. There are questions surrounding when you make your last payment on the old loan, when you make your first payment on the new loan, how many extra days of interest you pay toward both your old and your new loan, and when you are paying for both loans. We'll get to those tricky issues in a moment, but the priciest mistake you might make in a refinance is also the simplest one to correct. 

You've heard this before, but this time, it's probably true: mortgage interest rates are at historic lows, and there may never be a better time to refinance.  It's hard to imagine rates going any lower than the 3 percent range they are at now, but it's easy to imagine that, at the first signs of a real economic recovery or real inflation, they will climb sharply during 2013.  The low interest rates that the Federal Reserve has imposed to boost the economy have been punishing for many, notably savers, who can barely earn 1 percent interest on their bank accounts and certificates of deposit. The one perk for consumers from the Fed’s interest rate policy is the ability to get cheap home and auto loans. If you haven't refinanced your mortgage in the past 24 months or so, you are missing out.

Fortunately, many American homeowners have gotten the message. According to the Mortgage Bankers Association, mortgage holders engaged in $1.3 trillion worth of refinancing in 2012. In fact, more than four out of five new mortgages in 2012 were refinanced loans, not home purchases.

I wish there were a way to know how many of those borrowers chose to skip that first payment.

'Can I get that in writing?' 'No'
My loan officer was lazy, I believe, and -- knowing that my loan had closed and all the commissions were guaranteed -- just wanted me off the phone as soon as possible. My call was unusual.  I am always overly cautious when I set up any kind of new loan payment, as the chances for error are great: a wrong loan number on a check, a bad address, etc. So I always make the first payment early to make sure nothing goes wrong.  That good habit proved profitable this time.

When I signed my loan papers, there were no payment instructions in my closing documents (not terribly unusual). My loan officer said I would receive payment coupons later.  But when 10 days passed, and I heard nothing, I called. She sent me to the bank's customer service line, where I was informed that there was no record of my loan. (Did that mean I didn’t have to pay it back? Sadly, No.) Customer service transferred me back to my loan officer. She assured me that their computers would catch up to my urge to pay the loan, and I’d get payment information soon. Incredulous that they seemed not to want my money, I persisted. She tapped a few keys on her keyboard, made me wait a minute, then told me that my loan had funded on Dec. 5, so I didn't have to make a payment until Feb. 1.

"But my documents say repayment begins Jan. 1," I said. "So you're saying there will be no late fees if I don't pay Jan. 1?"

"Yes," she said.

"Can I get that in writing.?”

"No. I can't do that."

At that point, I did what any mature consumer would do: I laughed. And then I muttered something about the 100 pieces of paper they just made me sign, with innocuous documents putting the finest point on everything you can imagine, like the form I initialed in multiple places agreeing that, yes, I am known by Bob, Robert, Bobby, Robby and various other nicknames. Yet I couldn’t get the bank to put something in writing saying when I should make my loan payment?

My loan officer didn't laugh, but eventually she put me on the phone with a supervisor who sounded very grave. She'd done additional research, she said, and found out that the reason customer service couldn't find my loan was because it had already been sold to another bank. We called that bank together and found out my loan actually funded on Nov. 30, so my first payment was indeed due on Jan. 1. And I would have been liable for about an $80 late fee if I had listened to my loan officer. The manager profusely apologized.

Steep penalty anyway
But I'm not writing to warn you about late fees. There's a much bigger culprit here you have to worry about.  Had I followed my loan officer's advice and skipped a payment, even if the bank waived the late fee (which the manager said was likely), I would have paid a steep penalty anyway.  You've probably guessed the punch line: there's no such thing as skipping a payment. In reality, homeowners are borrowing that money and extending the loan term for an extra month.  The payment will be tacked onto the end of the loan, with interest.  How much? If it's a conventional loan, that’s 30 years’ worth of interest.  Effectively, you are borrowing one month's payment for 30 years. Ouch!

"Skipping is a misnomer. A better description would be ‘deferring with additional interest added,'" said Jack Guttentag, a professor emeritus at the University of Pennsylvania who also runs a consumer education website called MortgageProfessor.com. 

Just how much extra interest can skipping that first payment cost you? There are too many variables to create a decent rule of thumb. But here's an illustration from Guttentag's site with deliberately round numbers. Skip the first payment of $500 on a $100,000 loan at 6 percent, and you will pay an additional $2,993 in interest during the 30 years.

Forget the $75 late fee. That's real money. As Guttentag puts it, "a payment that is miniscule to one is a fortune to another."

Some loan officers say they only won't offer the "skip-a-payment" option unless the refinance closes toward the end of the month, when the homeowner might have trouble coming up with the extra cash for closing costs and a fresh mortgage payment close together.  Others say they offer it all the time.

To be clear: Most borrowers don’t actually complete their 30-year loans before moving or refinancing, so few would end up paying that high a penalty. Also, it's important to note that my bank didn't even hold the loan, so they weren't profiting from the “skip-a-payment” advice.  I believe this is usually a lazy mistake, not a greedy one. Still, the basic truth holds.  Don't be tempted to skip a payment when you refinance unless you really, really need the cash for some unusual expense (Christmas credit card bills are probably not the best reason.)

Skipped payments are not to be confused with other loan closing related interest payments, including:

*Your last payment on the old loan. You can't skip that, either. If your loan closes near the end of the month, you should still make the scheduled payment to your old bank. Why?  Interest is actually paid in arrears, meaning you pay at the end of the month the cost of borrowing the money for that month.  It's confusing, because mortgage payments are really two payments at once -- last month's interest and next month's principal.  To keep it simple, if your loan closes on the Nov. 30, you will be paying November's interest with your Dec. 1 payment, along with December’s principal. You won't need to make the December principal payment if you refinance on Nov. 30, but most folks pay far more in interest than principal because they are early in their loan's term, so the overpayment won't be large. Just pay it to avoid late fees, and enjoy any refund that comes your way. 

*Pre-paid interest. When your loan closes in the middle of the month, your new bank will make you pay up-front (as opposed to in arrears) daily interest for the remaining days of the month. If you close on the 20th, you'll pay 10 more days of interest payments.  That's OK, it means you won't owe the money on the back end of the loan.

*Money for nothing: The three-day (or more) overlap. There's an odd quirk in most refinancing deals in which there are several days when the homeowner will be paying interest on the same loan to both banks. In most states, consumers have a three-day "right of rescission" after signing their refinancing papers, meaning they can cancel the new loan if they get buyer's remorse.  Such regret laws are very consumer-friendly and are necessary because of nefarious loan officers who tricked consumers into bad deals in the past. But, in this case, the consumer-friendly law is also costly, as it means both banks have liability for the loan during that rescission period, and are both entitled to collect interest.  Note: The regret period is usually three business days, so if your closing stretches over a weekend, the double-interest period can be even more costly.

It's important to keep all these quirky, refinance-related interest payments straight when talking to your loan officer, so you'll know what to do when he or she suggests you can skip a payment. None of this should scare you away from refinancing, which is really the only way you can make the recession work for you.

But remember, you are refinancing to save money, and you probably shopped around trying to save $50 here or $100 there on closing costs; don't lose thousands of dollars because of one false move after closing.

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter.

More from Red Tape Chronicles:

• Angry with Instagram? These 'invisible' data brokers sell your privacy daily
• From presidential candidate to paid mouthpiece, politicians cash in
• US bank websites again hit by hackers, who seem unstoppable
• Six ways merchants fill your credit card with unwanted 'grey charges'
• A smartphone bill under $50? Red Tape readers reveal their cell secrets
• Breezy Point teen raises $80k, raises spirits in devastated hometown
• Newest family budget killer? It's the $300 cellphone bill, readers say

John Makely / NBC News

Standing in front of what remains of his aunt's house, Matt Petronis takes in the burned section of Breezy Point, N.Y., where more than 100 homes were destroyed by fire at the height of Hurricane Sandy on Oct. 29. It was his first day back in his hometown from college since the storm.

Matthew Petronis sat in his dorm room on Oct. 29, watching TV in horror as "my childhood burned down."

Petronis had spent the past three summers working as a lifeguard on Breezy Point beach, and had spent the first 19 years of his life learning how to walk, read, swim and throw a baseball in the idyllic Queens, N.Y., neighborhood. A sophomore at Catholic University in Washington, D.C., he thought he was a safe distance from Sandy's unforgiving storm surge. But as the first reports of a devastating fire on Breezy Point began to circulate, fear gripped him. His schools, his friends, almost everything he knew was there. He'd celebrated all 18 of his Thanksgiving Days with family there. 

As the night wore on, it became apparent that the combination of wind, water and fire had dealt Breezy Point a potentially mortal blow. He felt helpless in his dorm room -- but not for long.

A star pitcher at Xaverian High School near Breezy Point, Petronis is now a promising southpaw on the Catholic University pitching staff. So he knows a little about working his way out of trouble.

Only a few hours after the near destruction of his community, Petronis set up the first fundraiser to help the neighborhood get off the mat. Before people routed by Sandy could even begin to assess the damage, he had embraced the new form of crowd-sourced charity and set up an online-donation tool at WePay.com. Within hours, he'd raised a few thousand dollars. He topped $10,000  a couple of days later. 

Follow @RedTapeChron

Offers started pouring in, not just money. Accountants and lawyers offered to help him set up nonprofit status, which was granted by the IRS this week. Others offered to come to Breezy Point and help with reconstruction. Architects, carpenters, construction workers and good-hearted volunteers from across the country have offered to come for a week or two to Queens and help anyway they can. Petronis is managing both the money and the volunteers.

"People are running marathons to raise money for us, having free concerts for us. It's just crazy," Petronis said this week. In a way, the teenager has been the most personal link between Breezy Point, the most local of neighborhoods, and the outside world, full of folks desperate to help resurrect this treasured place.  

John Makely / NBC News

Matt Petronis waits for the bank to open in Breezy Point to set up the account for the donations he has received to help rebuild Breezy Point on Wednesday.

By Thanksgiving morning, nearly 1,400 donors had driven the fund above $78,000, all generated by a few creative clicks on a keyboard. Unlike other Sandy recovery funds, the money Petronis is collecting will go directly toward rebuilding Breezy Point.

In some ways, Petronis is lucky. His family – his parents, two brothers and two cousins they took in who recently lost their parents – has been squeezed into a studio basement apartment in Brooklyn for three weeks, looking for a more permanent place to live. Petronis' dorm room seems like a luxury accommodation in contrast. Naturally, he feels guilty about that -- but his life is hardly easy at the moment. He's juggling classes, mandatory study hall for baseball, keeping up with his family's rebuilding issues and managing the donations and volunteers.

"In other words, he's using business management major skills in a pretty useful way," said Catholic University baseball Coach Ross Natoli. "He's a free spirit, yet a caring kid. He has that New York can-do attitude. He's a terrific teammate."

In fact, the entire Petronis family knows something about being team players, Natoli said. Not only do they attend many games -- both home and away -- but Petronis' father, without being asked, started buying lunch for the players during long doubleheaders last year. Doubleheaders at smaller colleges tend to be long, inglorious affairs, often lasting 5 hours or more.  

"When you play a sport in college you try to emphasize importance of what it really means to care about teammates and have their back," Ross said. "Matt is one of those guys. What he's done has not surprised me."

Petronis' fund did so well because he set it up quickly, taking advantage of all the publicity that Breezy Point received in the immediate aftermath of the storm. It's now the main gift-giving tool for outsiders who want to help Breezy Point. The money will be given to the Breezy Point Disaster Relief Fund, to be administered by a seven-member board of directors.

"He did all this on his own, it's as simple as that," said Steven Greenburg, who will chair the disaster relief fund. "What he's done is magnificent, and a perfect example of what we do here in Breezy Point. It's just nice to see young people step up like this."

The money will be doled out to people who apply for it using anonymous forms, Greenburg said.

John Makely / NBC News

Matt Petronis gets a hug from Anne-Marie Willis at the Catholic Club, which has been turned into a distrubution center for donated supplies. Petronis celebrated his Catholic confirmation in the building.

"We have to do it that way, because everyone knows everyone on Breezy Point," he said.

For Petronis, the fight is personal.

"The place where I grew up during my childhood is almost gone, but that is not the case for the children that are growing up now," he wrote on the wepay.com page. "They deserve to enjoy the same little piece of paradise I enjoyed when I was younger, so this is not just only for Breezy. It’s for the younger generation as well that I want to have the same childhood, but better."

The last few weeks of the fall semester -- the crush between Thanksgiving and Christmas, tend to be the busiest time in a student's calendar. But despite the papers and exams staring him down, Petronis went home Thanksgiving week to help with the cleanup. It was the first time he'd seen the destruction of his family’s Beach Road house in person.

Read more of NBC News' coverage of Breezy Point

"You just stare at in disbelief. I have so many emotions going through my mind," he said. "But there are so many positive things going on, and I really just want to help out, so I’m going to stay positive."

Petronis, who appeared in three games last year as a Catholic University freshman, had a disappointing end to his fall baseball season, pitching in a 2-1 loss to the Naval Academy. But one gets a sense there are a lot of wins in his future.

Already, Thanksgiving week has brought good things to his family. On Wednesday, Petronis was helping move furniture into a new apartment the family had just scored in Bay Ridge, Brooklyn, not too far from Breezy Point. There, they'll be able to find a little more normalcy while they plan to rebuild their home and their lives. But the new apartment isn't nearly big enough for a family gathering so, for the first time, they'll be eating turkey dinner outside New York City – at an uncle's home on Long Island.

"It's going to be weird, switching it up is odd. But we will be around family, and that's what Thanksgiving is about," he said. And he vows Sandy will be just a bump in the road, that holidays will come to Breezy Point again.

To give to the Breezy Point Disaster Relief Fund, visit Petronis' WePay website at:

https://www.wepay.com/x4c0ok9/donations/hurricane-sandy-raising-money-for-breezy-point

Or http://breezypointdisasterrelief.org/

Or send a check to:

Breezy Point Disaster Relief Fund/C/O The Law Office of Lee and Kane
2175 Flatbush Avenue
Brooklyn, NY 11234

Other places you can donate for Sandy relief, or offer help:

http://usnews.nbcnews.com/_news/2012/10/30/14805994-sandys-aftermath-how-you-can-help?lite

* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter. 

More from Red Tape Chronicles:

Privacy's last stand is taking place not far from The Alamo in Texas right now, to hear some people tell it. Two schools in San Antonio have begun tracking students using radio-enabled computer chips embedded in their ID cards, allowing administrators to know the precise whereabouts of their charges on campus -- be it in class, in the bathroom, in a stairwell or AWOL -- all while sitting at a computer.  

The stated purpose of the so-called RFID ID cards is simple: Because state aid is based on attendance, and the chips help schools count kids, tracking equals funding. The district also says the technology makes kids safer.

But at the intersection of technology, parenting, schools and privacy rights, things frequently get messy. Are schools merely modernizing, or are they teaching children to silently accept a Big Brother state? Should parents be happy that teachers can more easily keep tabs on their kids, or should they worry that vast databases of detailed location information might one day harm the children?

Technology with potential privacy implications is shoehorning its way into schools around the country, creating thorny issues at every turn.

Should district be allowed to demand middle-schooler's Facebook password?

Before San Antonio's implementation, Houston ran a trial in 2010 and found the RFID ID cards did in fact help boost attendance figures. RFID tracking has also been tried in California, where one preschool embeds chips in kids' clothes. Biometrics -- usually fingerprints -- have been used by some schools. In Carroll Country, Md., some kids now flash their palms instead of cash to pay for food. And the Daily Princetonian earlier this month revealed that new keyless locks opened by ID cards installed in dorm rooms feed a central database that records each time students enter buildings and rooms. University officials responded to the story the way every school does -- and nearly every data collection authority does -- by saying officials don't monitor the data but they reserve the right to access it in an emergency.

Children desensitized to being watched?
The definition of an emergency can be dicey, however, and that logic has already led to some celebrated privacy and technology lawsuits. Several districts around the nation have run into trouble for demanding students' social media passwords or asking to rummage through kids' cellphones without a warrant. 

A few parents in San Antonio are putting up a stink about the RFID cards, arguing that schools shouldn't be a playground for new privacy-invading technologies. A group calling itself "Chip Free Schools" has tried to organize opposition. Another parent is objecting on religious grounds.

Gov't agencies, colleges demand applicants' Facebook passwords

Chip Free Schools has received support from a larger privacy advocacy group -- Consumers Against Supermarket Privacy Invasion and Numbering, or CASPIAN, which was formed more than 10 years ago to protest the proliferation of supermarket loyalty cards.

Follow @RedTapeChron

E-mail a tip to Bob Sullivan

"RFID is used to track factory inventory and monitor farm animals," said Dr. Katherine Albrecht, director of CASPIAN. "Schools, of all places, should be teaching children how to participate in a free democratic society, not conditioning them to be tracked like cattle."

Of course, the fight against loyalty cards didn't get very far, and privacy concerns may take a back seat as schools are tempted by new technologies that help them manage their districts, warns Jay Stanley, a senior policy analyst with the American Civil Liberty Union’s Speech, Privacy and Technology Project.

It's often hard to see the long-term privacy issues created by technology through the fog created by short-term gains, he warned. Location tracking can have a chilling effect on casual congregating, for example -- kids who consider forming a club may skip the idea once they are aware that administrators will know about every meeting. 

"The consequences of tracking are that as people become more aware they are being tracked, they become less free," he said.

There's also concern that students who learn to accept tracking as teen-agers will enter adulthood desensitized to being watched by government agencies.

"Schools shape children not just by what they tell them, but also what we demonstrate to them," he said. "We don't want to see the next generation of citizens growing up thinking about this kind of invisible eye in the sky."

'Prisoners in their own schools'
There are also several practical problems with tracking students and collecting data on them, Stanley warned.  The practice can provide a false sense of security, for example, as kids might find a way to separate themselves from their RFID chips ("As a parent, I would wonder, do they know where your kid is, or do they know where your kid's chip is?" Stanley said). While the data might be collected for one use -- paying for lunch -- there might be mission creep. One day, it could be used as part of an adjudication procedure to find witnesses to a fight, for example. Long term, perhaps it will end up in the hands of political operatives, forcing a future presidential candidate to explain why he missed so many history classes. There's some concern -- theoretical at this point -- that the radio signal sent by the chip or the data collected could be stolen by others who might harm children. And there are worries about the cost.

NBC News' Charles Hadlock on the school's controversial use of tracking technology

"You should ask, 'Is this just a gimmicky solution to a problem that's been solved already, like using lunch money,’ and the funds might be better spent on education?’ " he said.

Katie Deolloz, who is helping coordinating RFID ID card opposition for CASPIAN, argued that the switch to an RFID card was really motivated by money.

"Students deserve to be treated with dignity and respect, not forced to wear microchips that track them like cattle," she said. "(The district) has spent upward of $500,000 solving a non-problem. Relying on RFID to track and monitor students during the school day shifts the burden of responsibility away from the administrators and teachers. (The district) needs to be in the business of educating children, not treating them like prisoners in their own schools."

Failing to provide Facebook password gets teacher's aide fired

Stanley concedes that parents confronted with tracking technology at schools might have a very different reaction than privacy advocates. Many already pay cellphone providers so they can use mobile GPS tracking tools to keep tabs on their children. Parents also tend to keep kids much closer at hand then they did a generation ago, when it was common for kids to spend entire days biking around the neighborhood unsupervised. When concerns about school tracking are raised, they sometimes respond with a simple shrug. 

Meanwhile, school officials point out that students have reduced civil rights when on campus. According to school spokesman Pascual Gonzalez, the kids have no right to privacy at school.

"During the school day, when they are within our four walls, we've got to know where those kids are," he said. "We reject the argument (that their privacy is being invaded). People saying that are not charged with the safety of children."

He dismissed the idea that the cards represent a tracking device, calling it instead a "locator."

"There is nobody sitting at a bank of monitors looking at a bunch of dots on a computer screen," he said. "We only go and look for a student when we have reason to.|

Implementation of the RFID pilot program -- which involves 4,200 students at two of the district's 112 schools -- has gone on without a hitch, he said. 

So far, it appears parents are buying the district's argument. Gonzalez says only two district families are opposing the cards. If those students continue to refuse to wear the cards, they are subject to being kicked out of school, he said.

Stanley said he's not surprised at the lack of protest from parents. Many have become much more comfortable with the technology, and there is an apparent lack of consequences stemming from its use. There are no tales of sexual predators hacking databases of kids' fingerprints, no evil school principals who've posted detailed charts of kids' whereabouts on their Facebook page. So when the cost-benefit analysis is presented, it's hard to spell out that cost.

"With privacy, the issue is almost like the environment. We have to ask what kind of society we want to create long term," he said. "These things do have a very real effect on our freedom, but it's very gradual and often very subtle."

* Follow Bob Sullivan on Facebook.

* Follow Bob Sullivan on Twitter.

The economy is so bad in Argentina that the government recently said it would start taxing overseas credit card purchases. It also demanded that banks report all credit card transactions -- foreign or domestic -- saying the data would be used to find tax cheats.

Even George Orwell couldn't have imagined this meeting of Big Brother and Big Data: a handy database of every single purchase made by citizens, ready to be categorized and analyzed by the government.  Let your mind wander for a moment and you can imagine the disturbing possibilities of a government so invasive that it knows when and where you buy milk and bread. 

The obvious question: Could it happen here?  There are grand cultural and economic differences between Argentina and the United States, but if the history of privacy tells us anything, it is this: Governments and corporations can rarely resist the temptation of using technology to gain the upper hand.

"This gives me chills," said Gartner banking consultant Avivah Litan, who was in Argentina recently consulting with that nation's government banking officials. "I think it is a reminder that our data can be looked at by anyone and probably is being looked at."

Argentina is not the first government to examine credit card receipts. In 2011, Brazil began taxing overseas credit card transactions. And Spain recently outlawed cash transactions over $2,500, a tactic that forces consumers to use traceable, electronic purchasing tools for big-ticket items. 

Big Brother is not behind these drastic measures. In Argentina, where only about 50 percent of the population buys with plastic, a currency crisis and high inflation have led to a dramatic rise in overseas purchasing. Taxing foreign purchases is an attempt to stem this tide, and encourage domestic spending. Brazil's motivation is similar. 

Follow @RedTapeChron

E-mail a tip to Bob Sullivan

But once the pipeline for data is established and the database is built, what's to stop mission creep? Argentina has said it will examine domestic transactions for evidence of undeclared purchases or other signs of tax evasion. What else could a government find in a database of transactions?

"When I first saw the story it kind of took my breath away," said Bill Hardekopf, who operates the credit card information website LowCards.com "I thought, 'Oh my, a government can track the purchases of every one of their citizens?' " 

There is a way to avoid becoming a line item in a government credit card transaction spreadsheet: pay with cash, something one in two Argentinians still does. But in the U.S., cash has become passé. Last year, only 27 percent of point-of-sale purchases were made with cash, compared to 66 percent for credit and debit cards, according to Javelin Strategy and Research, which expects that number to dip to 23 percent by 2017.  

Meanwhile, a host of new payment tools -- still rough around the edges -- are about to find their way into consumers' pockets and purses. Mobile cellphone payments are coming of age, with a quarter-trillion in annual transactions expected by 2016, according to IE Market Research.  And even the simplest of cash transactions -- "Buddy, can I borrow $5?” -- might not be long for this world.  Starbucks recently partnered with Square, a simple tool that allows cellphone users to accept casual payments from friends or small business clients. The convenience of such tools is undeniable; so is their traceability.  

"As we become more and more of a cashless society, the likelihood of purchases being tracked increases. Whether that is used for negative purposes, or will cause personal privacy issues, I don't know, but I can see the possibilities," Hardekopf said. 

But could it happen in the U.S.? Hardekopf said he had trouble imagining Washington could get away with the Argentinian tactic. He believes privacy interest groups would scream, other safeguards would kick in and the U.S. population just wouldn't swallow it.

But there are no laws preventing this kind of information sharing between banks and government agencies, Litan points out. Law enforcement officials routinely obtain personal information, such as cellphone locations and credit card receipts, during the course of criminal investigations.

"The (U.S.) government does have access to this information now because it regulates the banks," she said. "There's no secrecy laws like there are in Switzerland. There's no privacy laws that would prevent this."

Dan Mitchell, an economist at the libertarian Cato Institute, said there have already been attempts by both state and local governments to more broadly obtain detailed consumer financial data. The health care reform bill included a provision that required merchants to report credit card processing volume data to the IRS, for example.  And recent efforts by states to enforce sales tax on online purchases will necessitate detailed reporting on credit card transactions by merchants, he warned.

“So it's just a question of expanding the existing set of Orwellian laws,” Mitchell said.

Probably the strongest firewall against such an intrusion would be banks themselves, which would no doubt fight massive data requests.  But transaction data sharing from banks to government officials has risen sharply since the Sept. 11, 2001, terrorist attacks. The number of Suspicious Activity Reports filed by banks with their federal regulators has soared from 281,000 in 2002 to 1.5 million in 2011 (.pdf), according to the Financial Crimes Enforcement Network. Much of that increase can be attributed to a rise in mortgage fraud, but it demonstrates a dramatic increase in cooperation between banks and government officials. There also is a long history of federal authorities buying access to large troves of consumer data – such as the one once operated by commercial data broker ChoicePoint, now owned by the same firm which operates Lexis-Nexis.

That's why privacy expert Rob Douglas says that Argentina's data sharing is not an isolated incident.

"Given the explosion in the collection and retention of personal data by governments around the world under the guise of national and economic security, I fear the Argentine model is where all countries - including the U.S. - will end up under one scenario or another," he said. "After all, government by its very nature constantly seeks to know more about the governed. With the ever-expanding ability to store and sift vast amounts of personal data, it's inevitable that governments will do so unless reined in by the governed."

* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter.

 More from Red Tape Chronicles: