Protecting our identities and finances online is hard enough as is, but it’s even harder when you’re trying to relax on vacation in an unfamiliar place – particularly if that place is a foreign country. Having your money pilfered out of your bank account is one thing, but it’s a special kind of miserable when it happens to you while you are away from home on vacation. However, if you’re willing to invest a little time prior to your trip, there are a handful of measures you can take that could protect you from some serious anxieties while away.
To begin, you’ll want to make sure you’ve downloaded all available updates for every device you’re planning on traveling with, ensuring you’re working with the most up-to-date version of your devices’ operating systems. You’ll also want to make sure you have an authentication barrier set up on each device you own, so go ahead and lock everything up with a strong, unique, and complex password ahead of time. Furthermore, you’ll want to make sure you’re running a solid security product. It may seem extreme, but if your computer is vulnerable then so is your money.
If you want to take it to the next level, then you should encrypt the hard-drive on any device that has one and only connect to the Internet through a virtual private network that will route you through an available wireless network (perhaps one at a cafe or hotel) and into a network you know and trust. It may also be worth considering using a travel computer.
I’m headed to Las Vegas next week for the Black Hat security conference. While Black Hat doesn’t have as notorious a reputation for hacker-shenanigans as the cash-only DEF CON conference does, which kicks off the very next weekend, it’s still a bit unsettling to take my computer to a place guaranteed to be swimming with hackers and computer-tinkerers of every kind. Luckily I own a Chromebook that is perfect for the occasion. I’ll simply wipe the device ahead of time and use it to take notes during briefings. If I want to access email, online banking or any of my other various online accounts, I can simply go back to my hotel room and connect through a VPN using my other laptop.
As for mobile devices: if you’re going to use your phone to check email or monitor your bank balance on the go, then, as usual, you’ll want to avoid using public WiFi. It’s not free, but it’s more secure to buy a temporary global data package from your carrier that will allow you to browse the Web on 3G or 4G than it is to sign onto any old network you can find.
If you’re using a laptop, again, invest in a VPN. Set up mobile verification with your bank if it allows so that some form of two-factor authentication is required. Most online banks will offer a second layer of authentication with a mobile transaction authentication number (mTAN). These can work in a couple of different ways, but simply put, the user gets a list of numbers and is required to enter the number whenever he or she attempts to withdraw money or perform a transaction. Each mTAN is good for one use. Oftentimes a user can access a bank account by normal means (i.e. with a password or pin), but the user won’t be allowed to move money around without the mTAN. As you can imagine, acquiring a working mTAN would be fairly difficult for a cybercriminal. On the other hand, if you lose your mTANs, you could run into trouble while withdrawing money on your own, so be careful.
In general and when on vacation, standard messaging service (SMS) or text message based confirmations are a secure move for you to make for all of your online services. Gmail, Facebook, your bank and any number of other things you sign into and value online have a two-factor feature that will send you a text message verification whenever you sign in. Sure, it’s a little annoying sometimes, but it will let you know if someone is trying to hijack your bank account. If you receive an SMS confirmation code, then you know someone has your password and is trying to login, at which point you should probably change your password. Of course, you then have to figure out how that person got your password, but that is sort of a separate issue.
Beyond all this, some credit cards offer additional verification steps after you enter your name, credit card number, expiration date, and security code or cvv. Mine has “Verified by Visa.” Whenever I want to buy something online with my credit card, I have to enter my verified by visa password. Yes, this can also be annoying, but it’s the kind of annoying that says no one is stealing my money, which is the good kind.
In addition to all this, you can also choose to pay for an insured credit card. A lot of people claim these insured cards are scams or a waste of money, but people talk big when things are going well. You’ll be more than okay with having paid for an insured credit card fee in the unfortunate event that yours is stolen.
Even with these secure measures in place, you can never rule out the unfortunate possibility of having your card stolen and/or overcharged. So what should you do in the event of this happening?
Don’t rely solely on one credit card. If your hotel accidentally double charges you for your stay or your card is stolen and charged excessively, you’ll want to make sure you have a secondary card on hand. Make sure this credit card is from a different bank and payment system so you can use it as backup and spread your funds out. You will want to keep these cards stored separately from one another as well, just in case your wallet stolen. As a secondary measure, keep some cash on hand to use if needed. However, since it’s not safe to be walking around with a large sum of cash, be sure you limit this to a smaller amount.
Even if you follow all this advice, you still have to be smart when you are using credit or debit cards, so be careful who you give them to and always be on the lookout for ATM skimmers and other malicious card readers.