MarkBlake

I end up traveling about 75% of the time for work, both in the US and internationally.

I keep reading about hackers using remote scanners to skim data off of the bank cards, and I have to admit that my cards are getting compromised a few too many times for my liking.

So looked into a getting a RFID wallet and found a good quality one from Silent Pocket

Been using it for about 6 weeks now and haven't had an issue with my cards since. Could be completely unrelated, I realize, but probably better safe than sorry.

So all this said, what do the rest of you do for protection when traveling? Can passport info be jacked? What about smart phones? I don't even want to use my phone outside of the country.

Lmk, please!

tentseller

Wrap passport and credit cards in tin-foil.

No kidding! I have nice wallet and passport wallet that I fit a piece of foil in the money pocket. Sentimental value.

der_saeufer

Unless your cards have contactless capability (uncommon on American credit cards), there's simply no way to skim them without touching them. On the other hand, it's very easy to install a skimmer on a gas pump or for a waiter to swipe cards somewhere besides the till. The only RFID cards most Americans have are transit fare cards (SmarTrip, Clipper, TAP, Ventra, etc.), i.e. things you want to read from within your wallet. The proliferation of RFID-blocking wallets is pretty silly.

Passports have shielding built in and are not readable with the cover closed. They also have crappy antennas and are difficult to read from more than a couple inches even if they're open.

I've never even heard of, much less seen, an RFID-enabled regular American driver's license. The Enhanced licenses that are optional for US Citizens in some northern border states do have RFID, but you'd know if you had one. I can't speak for every state that issues them, but Michigan EDLs come with an RFID-blocking sleeve.

GE/NEXUS/SENTRI cards and passport cards are very easy to read at long range--by design. That's why they come with the sleeve. IIRC there's not actually anything useful you can get from them, though--just a serial number that CBP runs through their internal system to pull up your data.

I'm not sure what your concern with the phone is... it works the same way whether you're in Boston, Brussels, Brasilia, Bangui or Bangalore.

wendyg

The bigger concern for your phone is downloaded malware or people sniffing data in transit over open wifi. If you're serious about protecting your data, you should have encryption turned on for data storage, and you should use a VPN (most smartphones should support this). Also, you should be aware that some types of malware are capable of turning on the camera and microphone without your knowledge. If you're this concerned, you might want to remove the battery when traveling and insert it only when you actually need to use the phone.

wg

txflyer77

Also, don't use the USB ports found in planes and hotels. Malware has been found on IFE systems. Use the power outlets with a USB adapter.

1) Use a VPN, always.

2) Full disk encryption on your laptop and phone.

3) Two-factor authentication on *every* service you use, especially email.

4) Never use public computers if you can avoid it. If you need to print something, email it to a burner account and log in to that one on the public terminal (and hopefully you aren't printing anything more sensitive than a train ticket).

5) RFID wallets are pointless, frankly.

Worrying about credit card theft is worrying about the wrong problem. If your credit card is stolen, you report it and get a replacement. Not a big deal. Carry a backup card from a different bank in case it happens during your trip and you can't get a replacement in time.

I try not to worry about problems where my liability is limited by federal law (assuming you're an American).

If you truly have sensitive data on your phone or laptop, don't carry it over a border. Many large companies have this has policy. My company forbids bringing *any* company equipment to Russia, Turkey, China and a few other countries. I know a number of Fortune 100 firms with similar policies: if you need the equipment in-country, you carry *nothing* over the border and you're furnished with a replacement by a local office.

If you're not carrying company equipment, just encrypt everything and you'll be fine.

wendyg

As txflyer77 says, re borders: you have effectively no rights to refuse at the border if customs officers demand to inspect the data on your devices (or if they decide to impound them).

wg

GrussGott

This is a great post, the only thing I'd add to it is a travel router like a Hoo-too instead of using hotel wifi and, if your company is paying, a mi-fi or use your phone as the hotspot.

And, yeah, most companies, and especially tech companies like Google, Apple, etc give you new phones/laptops when you travel to China, etc. My wife got phished multiple times 30 minutes into China despite using new "clean devices", corporate VPN, and never leaving her devices anywhere - she said it was best phishing she'd ever seen from major US companies like Verizon, Amex, etc

txflyer77

If you're using a VPN there's no reason to cart around an extra device.

Google's defenses are impressive. Google employees in China are cut off from any sensitive systems. If you're an employee visiting a China office, your access is cut off the moment you badge in. My employer isn't in the mainland but even our Hong Kong office isn't on the corporate network and employees there don't have access to any of our sensitive systems.

OTOH, these are defenses against threats by state-level actors, not the kind of threats the average person needs to worry about.

eng3

I am not too concerned with RFID as nearly all my credit cards, etc don't have it. Besides, they can easily get the same info by taking a photo or memorizing the info when you take it out. Just like the new chip in the credit/debit cards. They arent more secure, they are just a way for the banks to push liability to the merchants. It still has the magnetic strip so its no safer. You have $0 liability so I'm never very concerned, I just make sure I have a backup and the bank's phone number incase of issues.

As for computer data on your computer and phone, there's two things. One is losing something that is irreplaceable. That is simple, make sure you have a backup or store your precious photos on the cloud.
As for potential hackers getting access to your personal or work data, first decide if you really need the data with you. If you don't, delete it from your devices and don't take it with you. If you do need the data, then make sure you storage media is encrypted. These days with SSD's it is not difficult and has no performance impact. If you need to transfer sensitive data back home, make sure its over a secure connection, preferably a VPN. Also, beware that depending on the line of business you are in, some data on your laptop may be export controlled and taking the data out of the country may require extra paperwork. If you are traveling with work gear, your company should already have all this stuff setup for you.

That's about it, its not really that complicated. Obviously one there are different levels one can take this. Depending on the sensitivity of the data you may want to do more or less.