Here is the story. The bank was made aware of a breach of security involving their customers debit cards, and accordingly they mailed out replacement cards. As responsible and prudent individuals, we promptly activated our new cards and shredded our old ones. At this point we (quite reasonably) assumed that the bank would deactivate the old cards, since its only conceivable use at that point would be by criminals who were hoping to fraudulently benefit by directly accessing my bank account using a counterfeit debit card.
About a week later, shockingly enough, someone used a copy of my wife's debit card to charge around $600 at a couple of locations in and around Montgomery, Alabama. As it turns out, despite being on notice that the cards had been compromised and that we had received and activated our new cards, the bank LEFT THE OLD CARDS ACTIVE, even for face-to-face (card present) transactions. They claim to have done this on account of the possibly of recurring automatic payments, but the last I checked those cannot be accomplished via card present transactions, so I am forced to conclude that they are just being lazy.
My advice? Bank locally. If you are going to have to bitch and grouse at great length about your bank losing your money and then making you bear the risk of the loss during the interim period during which their fraud analysts think about possibly getting around to dealing with problem and restoring your stolen money, you may as well have the pleasure of doing so in person. It is far more satisfying and effective that way.