Beware of Scams Involving New ‘Smart Chip’ Credit Cards


The AARP Fraud Watch Network has sent an alert to credit card holders warning about bogus emails that could result in the installation of computer malware and/or phish for account information and log-in credentials in new "smart chip" credit cards.

The new cards, issued by companies such as MasterCard, Visa and Europay, contain a small computer chip that creates a unique transaction code that cannot be used again — unlike magnetic-stripe cards that store unchanging account details that aid scam artists.

Here's what you should know:

  • Legitimate emails from card issuers should be short, to-the-point notifications that your new EMV ard is being mailed. They should not include links or attachments promising details or urging action to "update your account" or the like. That is the calling card of scammers.
  • As a general rule, don't trust links in emails and before clicking always hover your computer mouse over the link. If it doesn't display the sender's company name, assume the worst. It's also safer to access any business website by typing its URL yourself and not use provided links. Or all the phone number listed on your card, not provided in emails.
  • Bogus PayPal emails are making tbe rounds with malware-laden "Update Your Account" attachments. Legitimate PayPal emails never include attachments. 
  • Authentic emails from card issuers will address you by name and include some specific reference to your credit card, such as the last four digits of your account number. Those from PayPal,eBay or other businesses will also include your name. Emails addressed to "Dear Cardholder," "Customer" or "Account Holder" are often scams.
  • Even if the email includes your name, don't trust it unless you previously provided your email address to that business (i.e., if you enrolled in online banking). Email mailing lists with account holder names can be purchased by scammers.
  • Be suspicious of phone calls or text messages supposedly from card issuers about EMV cards. These could be "vishing" (for voice phishing) or "smishing" (SMS technology that sends text messages) attempts to glean account and personal information.

If you have any doubts about the company or the nature of the contact, call the appropriate company to make sure the email or phone call is legitimate.  That's good advice in this new year of 2016 — or any other time.