Beware of confirmation or upgrade request for chip card replacements: Internet Scambusters #673
If you have a small silver or gold "stamp" on your debit or credit card, it could be one of the new chip cards.
They're supposed to make card transactions more secure against fraud but, in the meantime, crooks are using the introduction of the new cards as a platform for malware and identity theft scams.
We'll give you the details in this week's issue, along with a warning for T-Mobile users whose personal information might have been compromised in a security breach at one of the credit reporting agencies.
Now, here we go...
Scammers Exploit Launch of New Chip Cards
Chip cards -- new-fangled credit and debit cards embedded with a microchip -- have been dropping into mailboxes across the U.S. for several months.
The cards are supposed to make transactions more secure and reduce the risk of credit and debit card fraud -- something we obviously applaud.
Many people have already received their replacements, but the rollout is expected to continue right through 2016 before everyone has them.
That and other delays in distributing the new cards (sometimes called EMV cards after the names of the companies that created them) are being exploited by scammers.
It's easy to spot the chip on your card. It's a little gold or silver rectangle that looks like a very simple circuit board -- with a few, connected little black lines.
Over time, they will replace the use of those black magnetic strips on the back of your card.
Instead of swiping, chip card users place them into a slot on the payment card reader, which then interprets the encrypted information it finds on the chip.
We won't go into why that makes the cards safer but, when the system works properly, trust us, it does.
The problems are that some card issuers have not yet sent them out to their customers, while other issuers haven't fully explained in understandable language why their cards have been changed.
Either way, this gives scammers a golden opportunity to phone or email people explaining that their cards need to be updated or replaced, and then ask them to confirm card and account details.
The fact is that card issuers are not, repeat not, contacting users by phone or email to confirm card details, so any information you give out goes into the hands of the scammers and is used for identity theft.
Emails may contain copied card logos to make them look real. And there are reports that some email messages contain links that lead to phishing pages or malware downloads.
The same processes are being used by crooks every time there's news of a security breach, in which retailers' computer systems have been hacked.
Again, the scammers pretend to be from the credit card company or even the retailer, asking for confirmation of card numbers.
How to Play It Safe
To play it safe with all these tricks, here's what you need to know:
- There's never any reason to give out your card information over the phone or online to anyone unless it's for a transaction you initiated.
- When you get your chip card, as with any other new credit or debit card, it will be accompanied by instructions on how to activate it. This is the only confirmation action you need to take -- and usually you will not be asked to re-key your card number.
- In every other respect, using a chip card is no different from the way you used your previous card. You still have to use your card and security number when buying online or over the phone -- what the card issuers call a "card not present" transaction.
- Your fraud protection rights -- where most card issuers only hold you responsible for $50 or less of any fraudulent transactions -- are not affected by the change.
- Even if you have a chip on your card, the retailer may not be ready to use them and you'll still be expected to swipe your card. The old magnetic stripe is still there.
- Chip cards can still be counterfeited using stolen data and, because the magnetic strip is still there, information can be stolen from these too if they're swiped through a compromised card reader.
The FBI advises: "Consumers should closely safeguard the security of their EMV cards. This includes being vigilant in handling, signing, and activating a card as soon as it arrives in the mail; reviewing credit card statements for irregularities; and promptly reporting lost or stolen credit cards to the issuing bank."
Small Business Alert
Meantime, if you're a small business or store owner, you should know that the FBI has also issued a warning about the use of signature pads rather than PIN numbers, when customers use the new cards.
In most countries, especially in Western Europe, chip cards have been in use for many years and the use of PINs is prevalent; the cards are actually known as "chip and PIN" cards.
Card numbers by themselves become worthless to crooks unless they also know the PIN, whereas signatures are easy to forge.
The FBI says: "Merchants are encouraged to require consumers to enter their PIN for each transaction in order to verify their identity. If a consumer uses a signature, merchants should also ask to see a government-issued photo identification card to verify the cardholder's identity."
Be sure to read the full FBI chip card warning.
Alert of the Week
Credit-reporting agency Experian has confirmed that information it stored about new T-Mobile cellular customers may have been compromised in a hack attack.
The leak relates to customers who signed up for a T-Mobile account between September 2013 and September 2015 and Experian is offering free ID theft monitoring services to those affected.
Are you a victim? Experian says it will be contacting those affected but, just in case, here's the link to the complimentary monitoring service.
That's all for today -- we'll see you next week.