The problem of identity theft in Asia is on the rise -- and it doesn’t only target travelers. Residents in many Asian countries listed identity theft as one of their top fears, even higher than terrorism.
There’s never a good time to become a victim, but travelers have much more difficulty sorting out compromised credit cards or stolen identities while away from home. Minimizing your exposure is the key to prevention.
Although completely eliminating the risk of identity theft would require traveling in very unconventional and inconvenient ways (e.g., carrying all cash), a little vigilance goes a long way toward increasing protection.
Top Ways Identity Theft in Asia Occurs
- A malicious staff member somewhere you pay records your credit card information.
- ATMs are modified with a card-reading device (skimmer) to record the number.
- Open public Wi-Fi signals are set up to capture unencrypted data.
- A compromised local website steals your credit card information as you book buses, flights, etc.
- “Social engineering” schemes when a seemingly friendly local slowly gathers personal information via harmless inquiries.
Before and After Going on a Trip
You’ll need to notify the banks of any cards that you’ll be carrying, otherwise, they’ll see mysterious charges pop up in Asia and deactivate your card for potential fraud! Ideally, there will be a way to provide the exact dates you’ll be in each country; if not, notify banks upon your return and cancel any existing travel notifications.
The best setup is to have a “home only” credit card and a separate “travel only” card linked to a different account without overdraft protection turned on. If that card is compromised, at least your automatic monthly payments won’t fail or have to be set up again. You can transfer money into the travel account only as you need it. Thieves will only have access to the small sum you transfer to the dedicated account.
Tip: Ensure that overdraft protection doesn’t allow your travel card to pull money out of other accounts. Visa and Mastercard are the most accepted card types in Asia.
After returning home, keep an eye on your accounts for a few weeks afterward to ensure that no new charges follow in your wake.
ATMs That Steal Information
Without a doubt, the biggest threat for identity theft while traveling in Asia, particularly in Southeast Asia, is falling for a rigged-ATM scam. ATMs are typically the best way to get local currency.
A surprising number of ATMs -- especially ones in popular traveler areas -- have card “skimmers” installed over the actual ATM card slot. As you enter or swipe your card, your account information is also read by the thieves’ device and stored, often in a memory card that is retrieved later. Some of these devices even have a tiny camera directed at the keypad to record your PIN as you type it.
As banks make alterations to ATMs (flashing and odd-shaped card slots) to counter card-reading devices, the thieves also modify devices to become more elaborate. Some are custom made and are nearly discernible from the real machine hardware itself.
There are just a few ways you can reduce the risk of encountering rigged ATMs:
- Stick to using well-lit ATMs that are located in secure places such as bank branches and airports.
- Try wiggling the ATM slot to ensure that it feels like a “real” part of the machine.
- Cover the keypad with your other hand as you enter your PIN in case a small camera is recording your button presses.
Securing Your Passport
Your passport is your most important possession while on the road and should be treated as such. Although a passport can be replaced with cost and effort while traveling, you certainly don’t want to deal with emergency bureaucracy while on a trip. Even passports that have been reported stolen could lead to potential identity theft years later.
Keep your passport safe:
- Keep your passport on your person (ideally in a concealed money belt or pocket) rather than in a purse or backpack.
- If you decide to leave your passport at the hotel, put it into the room safe or a lockbox at reception. At the very least, hide it well in the room.
- Keep a couple photocopies of your passport somewhere separate. Having a copy will help expedite getting a replacement.
- Know the contact information of the nearest embassy in case you need an emergency replacement.
Tip: Sometimes third parties will ask to hold onto your passport (e.g., hotel receptions, motorbike rental shops, etc) -- always check to see if they’ll accept a good photocopy instead.
Paying by Credit Card in Asia
Cash is certainly king in Asia, but when paying for large purchases (e.g., scuba diving, hotel stays, etc), paying with a credit card makes more sense than going to an ATM and getting hit with transaction fees over and over. The ATMs in Thailand charge more than US $6 per transaction on top of whatever your bank charges.
The safest policy is to only pay with plastic when you really need to do so. Using cash not only avoids the potential of a disgruntled staff member swiping your number, it may save you money as well. Many establishments charge an additional fee on credit card purchases to cover commissions.
Beware of Public Wi-Fi Signals
Not all public Wi-Fi hotspots are safe. In fact, many hotspots are set up in busy areas with inviting SSIDs such as “Airport Free Public Wi-Fi” or “Starbucks” for the sole purpose of capturing data to parse through later. These man-in-the-middle attacks are on the rise in Asia as more and more travelers are too eager to jump on unsecured Wi-Fi.
Tip: Turn off Wi-Fi on your phone when not in use. Not only will you save battery, you’ll avoid unwittingly connecting to open hotspots.
Using unsecured, unencrypted signals is risky; avoid them unless you’re in a serious pinch. Even WEP and WPA can be cracked by using free software. Everyone knows to avoid doing online banking on open networks and public computers, but even a quick, innocuous check of email could cost you: many websites allow users to reset passwords via a link sent to email accounts. Essentially, if someone malicious gains access to your email, they may be able to reset passwords on more important sites.
Public computers, including those in internet cafes, hotels, and airports are just as insecure -- maybe worse. Shared computers can have keyloggers installed that record every keystroke, including your username and passwords.
Thankfully, most compromised accounts are used only to send SPAM or malware from your account to your family and friends, but the potential for worse exists.
Use Reputable Booking Sites
In places such as India and China, you may be forced to use local sites or portals for booking buses, flights, or other travel needs. There isn’t much you can do if the booking site you’re using has been compromised behind the scenes.
The best way to avoid identity theft from third-party booking sites is to stick to reputable, recognizable names in the industry. Sometimes smaller, local sites are set up to capture information and a small commission, then simply redirect you to the official site anyway.
In some countries such as Nepal and Indonesia, these travel-agent booking portals exist mainly because many of the tiny, local airlines don’t actually have web presences! In these scenarios, you’re better off doing as the locals do: go directly to the airline counter in the airport to book a flight. In Thailand, you can actually pay for flights with cash inside of 7-Eleven minimarts; they’ll print you a receipt that you take to the airport counter.
Some Other Ways to Avoid Identity Theft in Asia
- Use a prepaid credit card for your trip then destroy it once you return home. Funds can be added to the card as needed.
- Keep an unlock pattern or PIN on your smartphone.
- Consider turning on encryption for external storage (SD) on your smartphone in case it is lost. A tech-savvy thief won’t be able to read your app data files on the card.
- Use a proxy or anonymizer service when making online transaction. The most legit ones cost a small subscription fee. Learn more about travel tech for your trip.
- Some travelers opt to get RFID-blocking sleeves for passports that have an identity chip installed.
- Destroy any credit card receipts made from the old, slide carbon-copy machines (yes, they still exist in some places without easy network access!)
- If you’re forced to use a public computer, change your passwords the next time you have a secured connection.