WSJ Ask an Expert: 9 Ways American Expats Can Protect Their Finances from Cybercriminals
The Wall Street Journal invited Creveling & Creveling to be part of a panel of experts for personal finance on its WSJ Expat site. The following article originally appeared on the WSJ site and has been shared with permission.
Expatriates may be particularly vulnerable to cybercrime. Frequent international travel means they use credit cards, ATM machines and internet networks in far-flung places. To help keep finances and personal information safe, here are some important steps Americans overseas can take to keep cybercriminals at bay:
- Check your U.S. credit history each year for red flags such as accounts or loans you don't recognize, even (or especially) when you're living overseas. You wouldn't want to return to the U.S. after a long absence to learn that while you were abroad your identity had been stolen and your credit record ruined. You're entitled to a free copy of your credit report from each of the three major U.S. credit bureaus (Equifax, Experian or TransUnion) annually. You'll need a U.S. address to receive the mailed reports. While overseas you may not be able to request the reports online, but you can either call the request number: +1 877-322-8228 or request the reports by mail.
- Consider putting a security freeze on your U.S. credit report while you are overseas, especially if you aren't planning to apply for a U.S. mortgage, loan or new credit card in the near future. By keeping a financial institution from accessing your U.S. credit history, no new credit requests can be completed; therefore, a security freeze can be effective in preventing a fraudster from getting credit cards or loans in your name. To place a freeze, contact each of the U.S. credit bureaus individually (Experian, Equifax, and TransUnion). Depending on your U.S. mailing address, a fee may apply—up to $10—per freeze. Remember that you'll need to lift the freeze if you plan to apply for U.S. credit in the future.
- Request additional security for your financial accounts: Beyond passwords which can be stolen or hacked, there are effective layers of security that can be added to most financial accounts. Some financial institutions offer what's called "two-factor authentication" automatically, but often it is available on request, and can involve one of the following:
- Mobile phone authentication—After entering your username and password details online, your financial institution sends a text message to your personal mobile phone with a randomly generated code. You then have a limited amount of time to enter the code online in order to complete the login.
- Digital security token—A small plastic token that produces a randomly generated code that synchronizes with the financial institution and remains valid for a limited period of time. As part of logging in to your account online, you'll be prompted to enter the randomly generated code. To complete the secure login, the correct code must be entered before it expires.
- Physical security code card—A unique security card printed with coded alphanumeric responses. After entering your username and password details online, your financial institution sends a randomly generated numeric challenge. To complete the login you'll have to look up the correctly matching response on the security card and enter it within a limited period of time.
- Check your credit card and financial accounts regularly for red flags. Report anything suspicious to your financial institution immediately so that they can take action in a timely manner.
- Maintain a copy of the latest financial statement from your custodian and keep it in a secure place. If hackers disable your financial institution's systems or you can't access your account, the latest statement is one way to prove what you own. Many of us no longer receive paper statements, so you may need to download current statements and save them in a secure location.
- When traveling, be careful when logging in to your financial accounts online. Use your own personal device or computer. Do not log in to your financial accounts using unsecure (free or no-password) wireless networks.
- Keep account contact details (physical address, phone and email) up-to-date. Close excess accounts if you move to a new country. Make sure your financial institution can get in touch with you in case it detects potential unauthorized activity and needs to check your identity. If you're contacted by someone claiming to be from your bank, make sure to call them back before verifying your identity. Confirm that the phone number that you are calling is one that is used by your financial institution.
- Keep your computers and personal devices safe from hacking. Make sure your operating software is up-to-date; enable firewalls; and install and keep up-to-date security patches as well as anti-virus and anti-spy software. If you use a PC, make sure you download and turn on programs such as Windows Securities Essentials or Windows Defender. Do not send financial or personal information or tax IDs in unsecured emails.
- Avoid ATM fraud when traveling. ATM scams involve skimming your card details while observing your personal identification number (PIN) as you enter it. When withdrawing cash always shield the keypad with your free hand and do not interact with strangers or let one get too close. Fraudsters can skim your card and rapidly make and use a duplicate card to withdraw funds from your account. A fraudulent withdrawal may take place in a separate location—sometimes in another country—and you may not become aware of a problem until the next time you check your balance. Therefore, if something seems amiss while you're at an ATM machine, don't wait. Immediately report anything odd to your financial institution.