Actually, the analogy works pretty well if you add just one tiny presumption to the mix - that you have no idea how much money there is on your bank account. So you're withdrawing money still, but you don't know how much you have lost by others tapping in. The 'righteous' crowd will of course say they have not taken a single dollar/pound/dinar/etc (or that they would even put it back with interest after checking how the bills look like), but have rather used the card just for avoiding verification purposes on the Internet - thus claiming that even though they broke a few terms of use, you have not actually suffered financial damage. None of the potential scenarios is truly measurable so it's difficult to determine the actual damage - the only clear cut scenario is if you stay away (which many apparently can't bring themselves to).