When the ATM asks whether I want a receipt, I usually say no. When a Web site wants my credit card number, I usually say yes. When I pay bills online, there is no paper record of the transaction. In my failure to demand physical evidence when money changes hands, I am not very unusual. Most Americans now conduct at least some of their financial transactions without paper, or at least sleep happily knowing that others do. Yet when it comes to voting -- a far simpler and more straightforward activity than electronic bank transfers -- we suddenly become positively 19th century in our need for a physical record.
In fact, she might be better off asking for a receipt. Here's scourge of the UK banking system Ross Anderson in Security Engineering (pp. 203-204):
John Munden was one of our local police constables, based in Bottisham, Cambridgeshire; his beat included the village of Lode where I lived at the time. He came home from holiday in September 1992 to find his bank account empty. He asked for a statement, found six unexpected withdrawals for a total of £460 (then about $700), and complained. His bank responded by having him prosecuted for attempting to obtain money by deception. It came out during the trial that the bank system had been implemented and managed in a ramshackle way; the disputed transactions had not been properly investigated; and all sorts of wild claims were made by the bank, such as that its ATM system couldn't suffer from bugs as its software was written in Assembler. Nonetheless, it was basically the constable's word against the bank's. He was convicted in February 1994 and fired from the police force.This miscarriage of justice was overturned on appeal, and in an interesting way. Just before the appeal was due to be heard, the prosecution served up a fat report from the bank's auditors claiming that the system was secure. The defense demanded equal access to the bank's systems for its own expert. The bank refused, and the court therefore disallowed all the bank's computer evidence--including its bank statements. The appeal succeeded and Munden got reinstated. But this was only in July 1996--he'd spend the better part of four years in limbo, and his family had suffered terrible stress. Had the incident happened in California, he could have won enormous punitive damages, a point bankers should ponder as their systems become global and their customers can be anywhere.
These routine denials should sound awfully familiar--they're the same thing you heard from the voting machine manufacturers.
In Germany, most ATM-related crime was indeed attempted fraud by the real account owner. The number of complaints dropped dramatically when banks started to take pictures of customers while they were withdrawing money from ATMs.
Only relatively recently, we see an increase in high-tech fraud, involving wireless webcams, manipulated ATMs, and even completely bogus ATMs. (In Europe, the ID cards used by ATMs are easily duplicated because all data is stored on a magnetic stripe, but this is going to change Real Soon Now.)