You’re traveling, on the road again for the company. You’ve listened to the travel security briefs and — unless you are on a trek to the Arctic with all your supplies in hand — you will be engaging in commerce for goods and services. Theses interactions require cash, credit or barter to complete. It is at this time during travel that individuals are most vulnerable, being far from their personal and professional support system.
Many have had an instance where they go to make a purchase and the individual processing the transaction takes a gulp and says, “There seems to be a problem with your card.” We all try to avoid such an event, but often, circumstances outside our control trigger a fraud alert. Losing one’s credit card can also create a minor crisis. And while bank transfers within our own ecosystem are easily understood, the process gets complex quickly when a foreign entity is brought into play. The seriousness and stress of these issues makes learning about the best travel security practices essential.
Traveling With Credit Cards
Your employer may have a travel security program that provides workers access to an employer-provided credit card. These are issued through financial institutions and normally allow the company to directly access the credit card accrued expenses and pay those charges based on a confirmation of validity as both appropriate and true in accordance with the employee handbook on travel expenses.
Ordinarily, these credit cards are viewed as company cards, but their misuse can and will have a deleterious effect on one’s personal credit rating. Whether you are using your personal or business credit card, you must exercise due caution when at ATMs or during vendor transactions. At the former, watch for card skimmers, which are devices that skim the electronic data and allow criminals to duplicate the card and run up charges.
Managing Wire Transfers
But individual travel expense vulnerability isn’t the only worrisome area for companies. While you’re in travel mode, the enterprise is communicating with you differently than if you were sitting in the office and available for a face-to-face chat. This extends to approving wire transfer requests. There may be transactions requiring your approval or financial items you will generate when abroad. It is paramount that travel security discussions within your company include each and every person involved in the fiscal aspects of the company so they can be trained on the processes that result in payment or transfer of funds.
Take technology startup Ubiquiti, which found itself on the losing end of a sophisticated social engineering attack that resulted in $46 million being siphoned out of its treasury, $8 million of which was eventually recovered. The methodology used was a variant on CEO fraud, or business email compromise.
In 2014, the FBI investigated $226 million in losses from U.S. companies that fell victim to the email scam. Compromise of a company’s email system allows the criminals to spoof directions as if the demands are coming from those officials with authority to make the fiscal decisions. The FBI report stated that “email accounts of the chief executive officers or chief financial officers of a targeted business were hacked or spoofed, and wire payments were requested to be sent to fraudulent locations.”
Travel Security Tips
Any employee can follow a few general travel security tips to help stay safe when abroad and avoid falling victim to common schemes. Before departing, you should complete several key tasks, including:
- Register your itinerary with your company. Include a copy of your passport data page with your records.
- Register with your country’s embassy or consulate in the given locale. For U.S. citizens, it is the U.S. Department of State, which offers the Smart Traveler Enrollment Program (STEP) to make this process easier.
- Contact your credit and debit card-issuing institution and inform their fraud department that you will be traveling to a given locale. Provide the dates and specific locations. This allows the fraud department to monitor for unusual activity and activity outside the window of your travel.
- Make copies of all your travel documents and credit cards to leave with a trusted individual. Should you need to replace any or all of these resources, the copies will be instrumental in accomplishing the task.
- Review the precise circumstances in which wire transfers and the like can take place with your enterprise’s finance personnel. Check what authentication protocols are in place to avoid spoofing.
- Review and train on the remote use of company email systems to avoid compromise. This may include adopting the use of a virtual private network (VPN) or restricting yourself to secure email.
CEO at Prevendra
Christopher Burgess is the CEO of Prevendra, a security, privacy and intelligence company. He is also an author, speaker and advocate for effective security...