Although October 1, 2015 was the deadline for retailers and credit card issuing companies to switch over to using the new EMV credit cards containing a computer chip that creates and encrypts a new number every time the card is used, a recent study shows that 30% of Americans still don’t have an EMV chip enabled card. Ingenious scam artists, the only criminals we refer to as artists, are taking advantage of the situation by contacting people by email posing as their credit card company and prompting them to either provide personal information in response to the email or click on a link in the email in order to update their account to get a new smart EMV chip card. If you provide personal information to the scammer, you will end up becoming a victim of identity theft. If you click on the link, you may also download keystroke logging malware that will steal your information from your computer or smartphone and use it to make you a victim of identity theft.
But individual consumers are not the only ones being targeted by EMV chip card scams. Merchants are also being contacted by phone by scammers posing as employees of MasterCard or Visa who tell the merchant that the merchant’s credit card processing equipment is not compatible with the latest changes to the credit card processing requirements necessary to use the EMV chip cards, but that the credit card processing equipment can be reprogrammed at no cost to the merchant to bring it into compliance. However, if the merchant cooperates with the reprogramming of the credit card processing equipment what will happen is that each transaction will be redirected to an account of the scammer, which results in double billing to the consumer and major problems for the merchant.
So how do you know as a consumer if you receive an email purporting to be from your credit card company that it is legitimate?
First check the address of the email sender. If it appears to come from someone or some company wholly unrelated to your credit card issuer, it is a scam. Many scammers use hijacked email accounts that become a part of a network of controlled computers referred to as a botnet to send out their emails so that it is difficult to trace the scams back to the scammer.
Merely because the email appears legitimate, is written in proper English and even carries the logo of your credit card company does not mean that it is legitimate. It is easy to copy the logo of a company on to an email. If you get an email from your real credit card company it will generally be addressed to you specifically by name rather than a generic greeting of “Dear Cardholder.” In addition, the email to you will generally reference your account by including the last four digits of your account. However, even paranoids have enemies so if you do get an email that appears legitimate, but you still have concerns, merely call the company at the number found on the back of your credit card to confirm that the email is legitimate.
As for merchants, you cannot trust a phone call purporting to be from your credit card processing company even if your Caller ID indicates that the call is from MasterCard or Visa. Caller ID can be tricked through a technique called “spoofing” to make a scammers call appear to be legitimate. Never provide sensitive information to anyone over the phone who calls you unless you have verified that the call is legitimate. In the case of a call from your credit card processing company telling you to reprogram your credit card terminals, you should hang up and call your credit card processing company at a telephone number that you know is legitimate in order to determine whether the original call was a scam.