You’re traveling, on the road again for the company. You’ve listened to the travel security briefs and — unless you are on a trek to the Arctic with all your supplies in hand — you will be engaging in commerce for goods and services. Theses interactions require cash, credit or barter to complete. It is at this time during travel that individuals are most vulnerable, being far from their personal and professional support system.

Many have had an instance where they go to make a purchase and the individual processing the transaction takes a gulp and says, “There seems to be a problem with your card.” We all try to avoid such an event, but often, circumstances outside our control trigger a fraud alert. Losing one’s credit card can also create a minor crisis. And while bank transfers within our own ecosystem are easily understood, the process gets complex quickly when a foreign entity is brought into play. The seriousness and stress of these issues makes learning about the best travel security practices essential.

Traveling With Credit Cards

Your employer may have a travel security program that provides workers access to an employer-provided credit card. These are issued through financial institutions and normally allow the company to directly access the credit card accrued expenses and pay those charges based on a confirmation of validity as both appropriate and true in accordance with the employee handbook on travel expenses.

Ordinarily, these credit cards are viewed as company cards, but their misuse can and will have a deleterious effect on one’s personal credit rating. Whether you are using your personal or business credit card, you must exercise due caution when at ATMs or during vendor transactions. At the former, watch for card skimmers, which are devices that skim the electronic data and allow criminals to duplicate the card and run up charges.

Managing Wire Transfers

But individual travel expense vulnerability isn’t the only worrisome area for companies. While you’re in travel mode, the enterprise is communicating with you differently than if you were sitting in the office and available for a face-to-face chat. This extends to approving wire transfer requests. There may be transactions requiring your approval or financial items you will generate when abroad. It is paramount that travel security discussions within your company include each and every person involved in the fiscal aspects of the company so they can be trained on the processes that result in payment or transfer of funds.

Take technology startup Ubiquiti, which found itself on the losing end of a sophisticated social engineering attack that resulted in $46 million being siphoned out of its treasury, $8 million of which was eventually recovered. The methodology used was a variant on CEO fraud, or business email compromise.

In 2014, the FBI investigated $226 million in losses from U.S. companies that fell victim to the email scam. Compromise of a company’s email system allows the criminals to spoof directions as if the demands are coming from those officials with authority to make the fiscal decisions. The FBI report stated that “email accounts of the chief executive officers or chief financial officers of a targeted business were hacked or spoofed, and wire payments were requested to be sent to fraudulent locations.”

Travel Security Tips

Any employee can follow a few general travel security tips to help stay safe when abroad and avoid falling victim to common schemes. Before departing, you should complete several key tasks, including:

  1. Register your itinerary with your company. Include a copy of your passport data page with your records.
  2. Register with your country’s embassy or consulate in the given locale. For U.S. citizens, it is the U.S. Department of State, which offers the Smart Traveler Enrollment Program (STEP) to make this process easier.
  3. Contact your credit and debit card-issuing institution and inform their fraud department that you will be traveling to a given locale. Provide the dates and specific locations. This allows the fraud department to monitor for unusual activity and activity outside the window of your travel.
  4. Make copies of all your travel documents and credit cards to leave with a trusted individual. Should you need to replace any or all of these resources, the copies will be instrumental in accomplishing the task.
  5. Review the precise circumstances in which wire transfers and the like can take place with your enterprise’s finance personnel. Check what authentication protocols are in place to avoid spoofing.
  6. Review and train on the remote use of company email systems to avoid compromise. This may include adopting the use of a virtual private network (VPN) or restricting yourself to secure email.

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read

How Security Teams Combat Disinformation and Misinformation

4 min read - “A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

4 min read - While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…

4 min read