My husband owns a microscopically small Small Business (6 employees). Yesterday, we received a Credit Card Merchant Statement from National Data Payment Systems, Inc. (known as "NDC E-Commerce," a credit card processor) for December 31, 1999. Chase Manhattan Bank is also noted on the statement as the bank.

Trouble is, we have never processed our credit card transactions through NDC, nor have we EVER had any transactions with Chase Manhattan.

The statement informed us our checking account had been debited for certain fees. It also asked us to change the telephone number in our card processing terminal.

This morning I called Customer Service at NDC and talked to a very nice Cheryl. She pulled our "account" up on her screen and immediately apologized. Her words: "It's a y2k glitch. We are refunding the money we took out of your account."

I said, "thanks, but not so fast. How did this happen?" Here is her explanation. NDC was given a mailing list for cold sales contacts "originally generated by a bank," according to Cheryl. I asked what bank and she said she didn't know. I told her Chase Manhattan's name appears on this so-called statement. She said "then, that's the one."

She said this mailing list was somehow entered into their systems as active accounts. But she seemed to be placing the blame on Chase Manhattan (don't mean to disparage them, but Cheryl is assuming this is the bank that generated the list).

I asked if the money had actually been debited from our account. She said, "yes, but we are replacing it right away." I said, "but how can Chase Manhattan or NDC debit my checking account when I have never had any dealings with either of you and I have never signed a form authorizing AWDs from our account?" She said she didn't know.

She said maybe our little neighborhood bank forwarded our name onto a bigger bank. Somehow, our account information became part of a mailing list to "see if we would like to switch to them for processing our MC/VISA transactions." She said this list generated from 1996. Through a y2k glitch, this information was transformed from a mailing list to active accounts -- complete with DEBITING OUR ACCOUNT!!!

How ironic that my husband and I -- y2k doomers -- are caught up in this mega y2k glitch. How many other databases will be magically transformed into active accounts in the coming weeks?

When our bank opens, you can be sure I'll be on the phone with our banker asking how come they process AWDs with no signature card authorizing the transaction?

Ed Yourdon, DON'T YOU DARE CAVE IN!!!

Just a dumb, naive housewife,

-- J Wheel (motherof5@wellprepared.noregrets), January 07, 2000

Answers

Janie Wheeler is that you?

Sounds like a lot of finger pointing is starting.

-- Richard Allen (rama@i-plus.net.spamstopper), January 07, 2000.

Do you like to mudwrestle?

-- King of Spain (madrid@aol.cum), January 07, 2000.

Thanks for the first hand report J Wheel.

Deep pocket companies may have to withstand a lot of losses from this type of computer mistake. It may depend on how many fathoms deep those pockets are.

-- snooze button (alarmclock_2000@yahoo.com), January 07, 2000.

Sounds like law suit time. If someone gave out details of your account without your knowledge AND has accessed your account without your permission, then they are liable. Period. End of Report. Next case. Y2K or not this is a major breach and I would not let it go without pressing the little button that says 'see you in court'.

-- ..- (dit@dot.dash), January 07, 2000.

Having had several 'buisness' accounts at banks, I have found that there is no privacy accorded them. The names and account numbers are sent round and about without any safeguards. There are a lot of unannouced 'fees' etc. that have to be chased down and argued over.

If your buisness is so small, consider using a DBA (doing buisness as) account in your personal name instead of your buisness name. It is accorded more protection.

Also, this demonstrates the insecurity inherent in all digital money. Cash in hand is never siezed, appropriated, attached, or whatever name is given to the theft. Use cash and keep receipts.

-- Forrest Covington (theforrest@mindspring.com), January 07, 2000.

It gets curiouser and curiouser.

Our banker called NDC and talked to a different person. This fellow says our glitch actually was caused by Select Insurance Services, which provided the data and account number to NDC.

No, I don't know who Select Insurance Services is either. Many years ago, we did have an AWD from a different insurance company, but that was cancelled out four or five years ago. Maybe Select Insurance bought out the other insurance company, merged their data and accidentally resurrected it. Or perhaps one insurance company sold our data to the other. I lean toward the "bought out" theory because I think it's highly unlikely anyone would be so stupid as to sell our account number, too.

Regardless, our account number is now floating around out there in the control of banks that think they have authorization for AWDs from our account.

The tough question for our banker (which he was unable to answer) is: since you have no authorization from us allowing this AWD, how did you allow this to go through? Says he doesn't know. Will look into it and get back to me. In general, though, he gave me the impression that when these electronic AWDs come through from other banks, there isn't much scrutiny going on at the receiving bank. They kind of all trust each other. With y2k here, let's hope they pay a bit more attention.

The only permanent cure for us is to change our checking account.

No, I'm not Janie, but regards anyway.

-- J Wheel (motherof5@wellprepared.noregrets), January 07, 2000.

Damn.......be very, very careful with this one.

I'd recommend getting hold of your accountant, and lawyer ? - immediately, becoause it appears your day-day business account is threatened with a "now it's there, now it's not" money; plus "she put it back in, he didn't approve so it's not back in..., they said ..., he said ..., it transferred automatically...."

Between all the "blah-blah'-blah's" - your next checks to your venders and suppliers could easily bounce sky high.

-- Robert A Cook, PE (Marietta, GA) (cook.r@csaatl.com), January 07, 2000.

Paging Gary North ..... paging Gary North .....

-- (squirrel@huntr.com), January 07, 2000.

wow J Wheel, this is REALLY interesting.

Could this fall into the corruption of data across systems catagory? Banks and financials were supposed to be some of the best prepared entities.

argh.

Mike

====================================================================

-- Mike Taylor (mtdesign3@aol.com), January 07, 2000.

This might be asking too much of your banker, but how about requesting a block to be placed on all auto withdrawals other than the ones you specify???? Get it in writing.

Just a thought. Good luck.

-- OR (orwelliator@biosys.net), January 07, 2000.

My mind twists and turns at how Y2K could cause a mailing list to get transformed into a list of active accounts. I suppose it could happen but...

Perhaps a more plausable explaination is the fact that Congress passed legislation that protects companies from lawsuits on 'Y2K' related bugs. I would think that NDC could have legal action taken against them for this kind of slip up - unless they 'label' it as a Y2K bug, then they are home free.

Makes me wonder whether (and how often) companies will be using this "get out of liability free" card in the future...

mark (a programmer still wondering if data is being corrupted, unnoticed, even as we speak...)

-- mark (anvilmark@yahoo.com), January 07, 2000.

Problems could be caused not from the date rollover directly, but from new or patched software that was not properly tested.

-- A Stevens (astevens@ocdus.jnj.com), January 11, 2000.

Mark,

I agree with you. Those who are willing, as Cheryl obviously was (and certainly she was not only TOLD that the error was "Y2k", but NOT told to keep it quiet), to say something is a Y2k problem are those likely to have the more severe and numerous problems...problems that cannot be hidden because of the enormity of the population affected. My first thought when I read that NRC had so casually said "Y2k problem" was that they would have no liability for the damages. EVERYONE is responsible for the passing around of a bank account, no matter who originated it...an authorization must be present from the account holder at some point.

The bank who has the account, though, cannot claim Y2k, so here is your bottom line recourse.

Look for more admissions in banking and related fields.

And, if there is no admission, file a lawsuit and see how fast your problem becomes "Y2k"!

-- ECON101 (dwc1980@yahoo.com), January 12, 2000.