Chip Card Scam_October 2015

With chip card use underway in the U.S. — and the Payment Liability Shift put in place October 1 — payment security is ramping up. Yet, about 60 percent of Americans still don’t have a chip card, according to a recent survey by — reflecting the slow rollout of issuing the new encrypted cards.

Moreover, many merchants are contributing to this sluggish transition. The majority of small businesses “plan to comply either at a later time (34%) or do not plan to upgrade their systems to comply (21%),” according to a Wells Fargo/Gallup survey. And as of July 2015, that same survey found that 49 percent of small businesses were unaware of the shift and the upgraded payment system it requires.

It is important to note that the shift is not a law, but rather an industry-wide payment standard that will be enforced by credit card companies and financial institutions (entities that previously held the liability for fraud on their customers’ accounts). Despite not being legally mandated, businesses that fail to comply will be liable for any card-present fraud on chip cards.

What does the disorganized state of EMV mean for consumers? Quite simply: be as cautious as ever with your personal and financial information. Because in the midst of this disjointed transition, scammers are taking the opportunity to capitalize on the confusion — in the form of chip card scams aimed at intercepting your money.

How Chip Card Scams Work

Victims receive a phishing email or phone call from someone claiming to be from their financial institution. The email briefly explains the benefits of chip cards, states the consumer is eligible for one and requests further action to begin the process of obtaining their new card.

This further action either entails providing personally identifiable information (PII) or clicking on a link. Some examples of how the scammers may word these requests: “confirm your identity,” “update your account information,” or “click here to get your chip card.”

Do not reply to these emails or click on any links within them. Nor should you provide any information to anyone who contacts you by phone.

If you provide your PII, scammers may use it to open new financial accounts in your name — this is identity theft. And by clicking on links you may unknowingly download malware onto your computer. Using malware, a cybercriminal can remotely spy on your activities, including what you type. This could give them access to your online accounts, such as your bank account.

Some chip card scams may even threaten recipients with legal action or risk of fraud liability if they do not comply. Both of these threats are completely false.

What You Should Do

  1. No chip card? No problem!

The number one way to avoid falling for one of these chip card scams is to keep your cool. Meaning, if you haven’t received one yet, don’t worry!

Financial institutions and card issuers have a major incentive to get these more secure, liability-transferring chip cards to consumers. In the meantime, consumers should remember for non-chip cards that the same consumer protections are in place that have always existed.

If you are still eager to get a chip card, contact your bank to request one.

  1. Be skeptical of phone calls from your bank

Your bank will rarely contact you by phone regarding security concerns. If you do receive a call, never provide any personal information. If in doubt, hang up and call the bank using the number provided on their official website.

  1. Keep a watchful eye for phishing emails

Phishing emails are incredibly deceptive and highly effective. Many even include company logos, giving them an air of legitimacy. So how can you spot them?

Look at the wording and see if anything sticks out. Phishing emails commonly contain spelling and grammatical errors. And always make sure the email addresses you by name rather than an all-encompassing term like “Valued Customer” or “Dear Sir/Madame.”

Verify where the email is from and where it’s sending you. Make sure the sender’s email address is professional and not a slight variation of the company’s name or from a public email domain (i.e. Google or Yahoo). Always hover over links within the email to see where they will take you before clicking on them.