At the end of 2015, there were nearly 600 million EMV chip cards in circulation in the U.S. That number is expected to climb as the payments industry continues its EMV migration in the coming months.
Since millions of American consumers already carry chip-enabled cards, fraudsters have set their sights on those who have yet to receive their new cards.
In a new phishing scheme, scammers, posing as financial institutions (FIs), are sending out fraudulent emails to cardholders. These phishing emails tell cardholders that to be issued new EMV chip cards, they need to either update their accounts by confirming personal information or click a link to continue the process. Providing this personal and account information results in identity theft. Furthermore, cardholders who simply click on the provided link risk downloading malware capable of tracking computer keystrokes, thus hacking passwords and other sensitive information.
Community FIs should take this opportunity to educate consumers on how to detect fraudulent information requests and how to spot look-alike websites.
Below are a few tips FIs can pass along to consumers to help them avoid this EMV card scam:
- Be aware — Encourage cardholders to be leery of emails originating from unrecognized senders. Advise them to be particularly wary, if the email requests confirmation of personal or financial information, is not personalized or includes threats if the requested information is not provided.
- Think before you click — Remind consumers of the dangers of clicking on links, downloading files or opening attachments in emails from unknown senders. The best practice is for recipients to only open attachments when they are expecting the email and are aware of what the attachment contains.
- Think security — Educate consumers on the importance of protecting their computers with firewalls, spam filters and anti-virus or anti-spyware software. Encourage them to update these security features regularly to ensure new viruses and spyware are effectively blocked.
- Monitor activity — Urge accountholders to review their account activity and statements regularly. Monitoring accounts helps ensure the timely detection of unauthorized transactions.