I've recently been giving some thought to this. While traveling for pleasure, I frequently leave my laptop behind and rely on a combination of internet cafes, airport lounges and hotel business centers for my online access. Most of the time I'm just checking email and doing general browsing. However, on longer trips, it becomes necessary to login to my online banking site and credit card sites to pay bills, check balances, etc.

Doing so on publicly accessible computers has always made me pretty nervous. Most of these computers aren't setup with any sort of access control to prevent random users from installing software on the box. It seems like it would be pretty easy for someone to come along and install a keystroke logger that has some logic to look for username/password combinations and email them back "home". And I'm guessing that the average airport lounge / hotel business center / internet cafe doesn't employ staff who are clueful or motivated enough to pay attention to this sort of thing.

Paranoia or reality? Anything I can do about it or should I go back to banking by phone while abroad?

While I'm at it, maybe I should stop checking email as well. While it's not as critical as my financial accounts, I'd really prefer that someone not gain access to my email. And I guess I should stop booking hotels / flights online while abroad as well. Armed with my ual.com and spg.com password, a malicious user could book himself a nice vacation without me ever knowing!

When I'm on holiday, I take a pocket PC with me for this very reason. It does just about everything a laptop does for me and is far smaller and lighter. I just don't trust public computers.

I would tend to say reality. In this day and age, it verges on suicidal to trust anything that isn't under your control.

.....

It's happened to some frinds of mine. Whilst in Spain, they had their paypal account details acessed. they were lucky enough to find out before too much damage had been done.

A good option might be to just carry a CD with Knoppix on it. Simply put the CD in the drive and reboot the PC (yes, I know it may not work 100% of the time). Now you're running an independent OS with no worry about keyloggers, trojans, etc.

If you carry a briefcase and/or CD wallet it wouldn't be very difficult to add 1 CD.

.....

Thanks! Ingenious solution. Another variant, for computers that still have a drives, is to keep passwords on a disk, then cut and paste them into user/password lines, as loggers wouldn't read the information being cut and pasted. Of course, if a program captured a screen shot, that wouldn't work. All of this is beyond me, so I just use email at Internet cafes abroad, and then I change my password the moment I return home.

Seconded on that. Very clever. You can be as complicated as you like with it too since too many attempts to work out what the actual combinations of the letters and numbers will lock your account for you .

I'll often use Terminal services to logon to my server at home, and then use an onscreen keyboard to enter stuff.

You could google it to find the details, but a year or so ago they nailed some kinko's employees for doing just that, the were keystroke logging people at their public terminals, and were collecting logins for remote access like gotomypc, and bank and credit account users and passwords. I forget who traced it back to that one shop in a tourist area, but it was something four or five of the people had in common.

Lots of providers of remote access have one time use passwords now, and lots of people use a VPN to get to a network they trust first. I would be very careful on a public terminal, and any place you do use, be it your remote access, corporate mail, credit or bank accounts, absolutly anyplace you put in a username and password, you should change it at the next chance you get from a non public terminal.

deleted

The On-Screen Keyboard is a very good way way to address this. It will defeat any keylogger, software or hardware, because what occurs are mouse clicks, rather than key presses. Combine that with mixing up the username and password.

BTW, in Win XP, the On-Screen Keyboard is installed by default: Start > Programs > Accessories > Accessibility> On-Screen Keyboard

Good tip.

I haven't tried this yet but I'm thinking about getting one. Of course you'll need to have access to a USB port.
http://stealthsurfer.biz/index.html