The credit card industry is undergoing a massive change as it switches to chip-based cards, and scammers are taking advantage.
Banks have been sending out new credit and debit cards that have an embedded microchip to meet an October 1 liability change deadline. But not everyone has received a new card yet: A September survey showed almost 60% of card users haven’t received a chip-enabled card.
The uneven distribution of new cards is leaving a window open for scams.
Fraudsters are sending out fake emails pretending to be credit card issuers telling people they need to update their account by sending a response confirming personal information or clicking on a link in order to get an upgraded card, according to The Federal Trade Commission.
Scammers can use the provided information to steal a consumer’s identity, and clicking on the link could install malware and compromise the computer’s security.
“There’s no reason your card issuer needs to contact you by email — or by phone, for that matter — to confirm personal information before sending you a new chip card,” the FTC said in a blog post Monday.
If you’re not sure if an email is legitimate, the FTC recommended calling the phone number on the back of the credit card to get more details.
“Don’t trust links in emails. Only provide personal information through a company’s website if you typed in the web address yourself and you see signals that the site is secure,” the FTC warned.
The new cards provide more security because the microchip creates a unique code for each use to help authenticate a transaction. Older cards store that payment data in the magnetic stripe on the back, which is easy to steal, replicate and put on fake cards.