PERSONAL FINANCE

Weisman: Beware of new smart chip credit card scams

Steve Weisman
for USA TODAY

October 1st was the deadline for retailers and credit card issuing companies to switch over to using the new EMV credit cards which contain a computer chip that creates and encrypts a new number every time the card is used, which will dramatically reduce the amount of credit card fraud.

U.S. banks are in the process of replacing tens of millions of old magnetic strip credit and debit cards with new cards that are equipped with computer chips that store account data more securely.

Under the newly implemented regulations, if a business does not switch its credit card processing machines over to the new EMV cards or if a credit card issuer does not provide new EMV chip cards to its customers, in the event of credit card fraud, the responsibility for loss will be on either the credit card issuer or the retailer, whichever has not complied with the new law.

For us, the customers, our liability does not change from the legally mandated limit of $50, which is generally not even assessed against consumer victims of credit card fraud.

Ready or not, it's credit card chip and dip time: What you need to know

Changing over to the new EMV credit cards by credit card issuers as well as installing and activating the new credit card processing equipment at stores is a daunting task. More than a billion credit cards will have to be reissued. Some stores have been more proactive and responsible than others. Target, WalMart, Walgreens and Costco have changed to the new card processing equipment, but many companies are lagging behind in updating their card processing equipment.

Meanwhile, according to a survey of CreditCard.com only about 40% of Americans have received new EMV chip cards from their credit card companies. According to Stephanie Ericksen of Visa, by mid September, Visa had reissued 151.8 million EMV chip cards and while that may seem like a huge amount, that number only represents 20% of the total credit cards that need to be reissued.

And there is found the opportunity for scammers.

Ingenious scam artists, the only criminals we refer to as artists, are taking advantage of the situation by contacting people by email posing as their credit card company informing them that in order to issue a new EMV chip card, they need them to either update their account by confirming some personal information or click on a link to continue the process. This is a case of you are in trouble with either option.

If you provide personal information in response to the email, you have just turned over this information to a scammer who will use it to make you a victim of identity theft. Alternatively, if you click on the link, you may end up downloading keystroke logging malware that will steal the personal information from your computer including your Social Security number, passwords and sensitive financial information that will be used to make you a victim of identity theft.

With new chip credit cards on way here's what consumers need to know

So how can you tell if the email purporting to be from your credit card company is legitimate?

For starters, the fact that the email may carry the logo of your credit card company is absolutely no indication of legitimacy. It is a simple matter to make a counterfeit logo. The first thing you should do is check the address of the email sender. If it appears to come from someone or some company wholly unrelated to your credit card issuer, it is a scam.

Many scammers use hijacked email accounts to send out their emails accounts. These hijacked email accounts are often part of a network of remotely controlled computers referred to as a botnet, which is used by the scammers because it is difficult to trace the scam emails back to the scammer. People whose computers have been hijacked and made a part of a botnet are not even aware that their computer's security has been compromised. You personally may be a part of a botnet without even knowing it.

Merely because the email appears genuine and is written in grammatically correct English with proper spelling does not mean that the email is legitimate. Emails from scammers posing as your credit card company often start with a generic salutation such as "Dear Cardholder" rather than specifically being addressed to you by name. In addition, emails from your actual credit card issuer will usually reference in the email the last four digits of your credit card number. Most importantly, there is no reason that your legitimate credit card issuer would need to contact you by email to confirm personal information before providing you with a new EMV credit card.

Many retailers haven't met deadline for chip-card readers

Even paranoids have enemies so if you do get an email purporting to be from your credit card company either asking you to provide personal information or click on a link for whatever purpose, the safest thing to do is to look on the back of your credit card for your credit card issuer's 800 number which you can call to confirm whether or not the email was legitimate.

Finally, it is important to note that the EMV cards will not stop credit card fraud involved in online purchases where the chip is not used and some sophisticated scammers have already developed tactics to manipulate the EMV cards to their benefit when used in brick and mortar stores, but that is a story for another time. For now, however, we should be happy because the changeover to the new EMV cards will dramatically reduce credit card fraud and that is good news.

Steve Weisman is a lawyer, a professor at Bentley University and one of the country's leading experts in scams and identity theft. He writes the blog scamicide.com, where he provides daily update information about the latest scams. His new book is Identity Theft Alert.