In the 21st century, you are as much at risk of having your identity stolen -- or more accurately your financial and digital identity -- as you are of getting "mugged," which almost sounds quaint these days (though I do not intend in any way to underplay the misery and danger of actually getting mugged).
Identity theft is a growing problem worldwide -- especially for travelers, who are very vulnerable, forced as they are to use unsecured Internet connections, carry extensive personal documentation with them at all times, and share their credit cards with merchants about whom they know nothing and whom they'll never see again.
Modern technology hasn't made it any easier for honest folks to avoid identity theft, either; witness the practice of Web sites like Facebook and LinkedIn, which often keep you logged in to the site, even after you close your browser or turn off your computer. Someone getting unfettered access to your closest friends on Facebook could definitely shake out some very "helpful" information before you knew it.
As time and technology advance, this problem is only going to affect more travelers. Here are 11 tips to avoid identity theft while traveling, right now.
1. "Unpack" Critical Documents Before Travel
If you carry some essential documents with you when you are not traveling -- the average wallet or purse might include a Social Security card, bank statements, medical documents, checkbook and the like -- remove them before you leave home. Essentially, when it comes to documentation, you want to "unpack" before traveling.
This can also be done further once you're on the road. If you're going to a location that is known for pickpocketing, or is going to be packed with people, or at which you will be distracted (big concerts, crowded squares, nightclubs, etc.), you can pare down the contents of your wallet even further before venturing out from your hotel room. You can put these in your hotel safe, behind the hotel's front desk or in a money belt concealed on your person.
2. Guard Your Documents
If you leave any sensitive documents lying around in your hotel room while you are out, you are a lot more likely to experience identity theft than if you have them in a money belt, document protector, even an RFID blocking wallet.
3. Be Very Careful About Shared and Insecure Internet Connections
It is hard to find connections other than public ones at hotels, cafes, and airports. To see the warning "this connection is unsecured and others may see your information" is almost a staple of the travel experience. The risk applies to anything you type into your keyboard while connected, such as e-mail passwords and Web site logins.
The best approach is to be very careful when using these connections; logging into your bank account, work e-mail or other sensitive account should be avoided if at all possible. If you have no alternative, choose what you type over these open connections very carefully.
If you're traveling with your own laptop and using free Wi-Fi, it is important to make sure your connections are secure. Some Web sites let you log in over open networks; always try to use HTTPS://www.website.com instead of HTTP://www.website.com (the S stands for "secure" and indicates that the data is encrypted for more protection). You can also get a plug-in for your browser like HTTPS Everywhere, which will try this automatically. Another solution might be the USB-based product SurfEasy, which will help encrypt your data when you're using a public connection from your own computer.
If you want more security when using someone else's machine, such as at an Internet cafe, hotel lobby computer or other public terminal, you can try a service like Authentic8. Authentic8 runs the browser in a sandbox in the cloud, where all connections and data are kept secure. The service gives you a display on the local computer, and prevents things like key loggers from accessing your passwords.
Finally, here are some tips from the Federal Trade Commission on Using Public Wi-Fi Networks.
4. Delete All Cookies and Browsing History on Public Terminals
If you find you must use a public computer, the last thing you should do is delete all cookies and browsing history before you log off. Many computers can cache quite a bit of significant information, and some Web sites are even set up to keep you logged in when you close the browser unless you specifically log off (such as Facebook and LinkedIn). Many public terminals will delete this type of data automatically, but doing it yourself offers much better peace of mind.
5. Use a Dedicated Travel E-mail Address
If someone gets access to your work e-mail account, the amount of damage they could do to your livelihood is inestimable. Certainly there are times when you need to log in to your work account, but you will want to use caution in the extreme at those times.
My suggestion in this case is to use a personal e-mail address when possible while traveling, one at which you store no sensitive information and at which a fake log-in won't be cataclysmic, and communicate from that e-mail address exclusively. On occasion you will see addresses like email@example.com; this travel-exclusive e-mail approach can work very well.
6. Use Only Bank ATM's
A recent trend among identity thieves has been to install card readers in an ATM by which they can access your card number and PIN. This happens most often at non-bank, "generic" ATM's (in hotels, convenience stores, etc.), which have less oversight and are therefore more vulnerable than bank-run and hosted ATM's. Stick with the ones at banks; these can still be compromised, but tend to be targeted by thieves much less often.
7. Check Your Credit Card Statements on Occasion
At times when you are confident in the security of your connection -- perhaps in a friend's home, or when connecting using a smartphone app over a regular cell 3G or 4G connection (which tend to be more secure than public Wi-Fi) -- check your credit card statement for suspicious activity.
Identity thieves like picking travelers as victims, as they rely to some extent on the delay in being found out that is inherent to travel; most travelers don't check bank and credit card information until well after they have returned home, giving thieves a solid head start. As a rule, the sooner you can shut down an identity thief, the better, so consider checking in now and then to make sure things look normal.
8. Keep Your Cell Phone Secure
We think a lot about how vulnerable our computers are, but cell phones are potentially even more so: you have them on you at all times, they're almost always turned on and logged in, they typically have apps on them that give access to personal information, and folks leave them lying around quite a bit. If there is anything you might lose or have stolen, it is a small, compact smartphone. Some things you can do to protect yourself:
- Set a password on the phone so someone who finds or steals it can't use it.
- Before traveling, consider deleting any especially sensitive apps, such as banking apps, social networks, etc. There are easy to reinstall when you get home.
- Specifically log out of all apps before going out and about. As above with some Web sites, many apps keep you logged in by default (Facebook, Twitter, Angry Birds, you name it).
- Remain wary of suspicious e-mails and Web sites. Studies indicate folks are much more likely to click on malware links on their cell phone than on their computer.
- All of the foregoing cautions about public Wi-Fi spots go for your cell phone as well.
9. Protect Your Children Too
A recent development in identity theft crimes is the use of a child's name and identity to open bank accounts and credit cards, apply for government benefits, and more. In most cases, criminals use a child's Social Security number to get started.
When traveling, document requirements vary widely for children -- sometimes you need ID, sometimes you don't, sometimes you can fudge it either way -- but many parents travel with some form of identification just in case. Often, these are very sensitive documents like birth certificates and Social Security cards.
My advice is to get a passport for your child, and travel with that instead of any other forms of identification. Then protect your child's passport in the same way you would your own.
Lost and Stolen Passports
If anyone requests your child's Social Security number for any reason, ask if they can accept another form of ID, or simply refuse to surrender the number. If you suspect your child's identity may have been compromised, in most cases a credit check is the quickest way to find out; your child should have no substantive credit rating whatsoever. For more on the topic, see the FTC's information on Child Identity Theft.
10. Change Passwords and PIN's
You may want to change your passwords after a trip; identity thieves are thought to be very patient criminals, and often wait until you are less likely to pay attention after a few weeks at home. If you really like your password or PIN, one approach might be to change them right before you leave, use a new password while traveling and then change them back to your preferred passwords when you get home.
11. Follow Up After Your Trip
When you get home, check bank activity, credit card activity and even medical insurance claim activity to see if there is anything you do not recognize. These are often the first places you'll see indications of identity theft. Some thieves will purposely use your information in situations where the paper and digital trail will only appear slowly -- establishments that submit charges and claims manually (or at least not in real time) -- so it is a good idea to check again after a couple of weeks to make sure nothing has shown up in the meantime.
Hopefully these tips help you avoid trickery -- safe travels!