Act Global: Educating Customers on Security Threats Abroad

Smaller Institutions Take Big Steps with Customer Awareness Campaigns
Act Global: Educating Customers on Security Threats Abroad
Last month, Bond Community Federal Credit Union, a casual single-branch CU in Atlanta's Little Five Points neighborhood, sent out an unusual email alert: If you're going to be globetrotting any time soon, call us.

No, Bond isn't getting into the travel insurance business - at least not directly. Instead, institution officers want to tip off customers to the latest overseas scams -- and, more importantly, make sure their debit cards will work in the countries they're planning to visit.

See Also: Ransomware: The Look at Future Trends

Facing unprecedented numbers of international fraud and ID theft reports, Bond is one of a growing number of community banks and credit unions engaging their customers in new and often unique ways to make sure bank accounts aren't emptied and customers' virtual identities aren't bouncing around the back-alley digital chop shops of Prague or Minsk.

"I have a passion about [educating customers about overseas fraud and ID theft] because it just makes me so mad that criminals can just keep doing what they're doing and seemingly never even get caught," says Bond CEO Ruth Artis. "We're doing everything we can think of to try to protect our customers."

Road Worriers
Backing up travelers used to be the bailiwick of American Express and megabanks like Bank of America, but as risks grow and more travelers go overseas, smaller US banks and credit unions are engaging globetrotters in part because of the growing use of vulnerable bank-issued debit cards and the costs and complications of fraud investigations that even local banks are now facing.

Despite the geopolitical turmoil after 9/11, Americans continue to travel out-of-country in growing numbers. Nearly 40 million Americans traveled overseas or in the Americas in 2006, with all regions except the Middle East and Africa seeing growth in traffic.

One liability for US travelers is that rules, regulations and over-the-counter procedures in foreign countries are often vastly different from those in the US, says Betsy Broder, assistant director in the Federal Trade Commission's Division of Privacy and Identity Protection.

One example: The 2003 credit protection act allowed merchants to only print the last four digits of a card account on the receipt. In many foreign countries, the entire account number is often still printed out.

Moreover, the entertainment industry -- which ranges from gas stations to cabarets - is rife with risks such as stolen PIN numbers, skimmed debit cards or copied credit card numbers, all exacerbated by the amount of usage a card gets during travel.

"People are more susceptible in places that are geared toward entertainment, and when you're traveling there's a much higher probability that you're going to be in those places," says Peter Tarlow, president of Tourism & More, a travel security company.

More worrying still are signs that the kinds of foreign syndicates -- whether from Nigeria or corners of the former Soviet Union -- that are responsible for the vast majority of phishing and other internet attacks are joining forces with street criminals in places like Rome, Istanbul, Mexico City, Barcelona and Budapest.

"What has occurred over the past four or five years is a spike in identity theft as it relates to people who travel overseas ... because pickpockets have realized that they can make an awful lot more money off a mark [theft victim] than they made by just picking the pocket," says Robert Siciliano, CEO of IDtheftsecurity.com, a Boston-based website. "They've realized the value is not just in the cash, but in the information they can get from the wallet itself."

Education Begins at Home
Critics say banks, in many ways, were slow in responding to the overseas financial threat to American tourists and business travelers.

That's changing, however. Now, even small- and medium-sized institutions such as Valley Bank and Trust in Nebraska are producing well-researched, well-written ID protection newsletters on their websites. Last year, Bond in Atlanta hired a third-party vendor, Identity Theft 911 out of Scottsdale, Ariz., to help customers who have experienced ID theft recoup their losses and restore their credit. Bond also requires customers to inform the CU of their travel plans so officers can unlock their debit cards for use in those countries.

Others, like HarborOne Credit Union in Brockton, Mass., told its customers that they won't be able to use their debit cards at all in Mexico, Cuba, Scotland, the UK and Turkey, as well as 26 other countries, because debit card transactions in those countries are simply not secure enough -- and the risk, to both the consumer and the bank, has become too high.

"We get notifications and information from several sources about countries from which there's a great deal of crime, counterfeit cards being generated and attempts using data that's been accumulated from breaches where they'll try to make a plastic card and keep doing attempts at small dollar transactions until they get a hit," says Dick Bastiansen, senior VP of operations at HarborOne. "So we have been counseling our customers that, if they are going to travel, they're probably much better off using a credit card, because it's not an out-of-your-wallet loss [if it's breached] and it also protects us when we see a strong trend from an area either in losses that we've incurred ourselves or industry loss trends."

Even their own experiences are pushing bankers toward proactively addressing travel risks. During a recent trip to Dublin, Ms. Artis, the Bond CEO, said several members of an entourage to the World Council of Credit Unions annual meeting gawked at the architecture, and turned around to find their luggage -- and some of their personal papers -- stolen.

See Sidebar: Tips for Traveling Abroad

About the Author

Patrik Jonsson

Patrik Jonsson is an award-winning, Atlanta-based writer with over 15 years experience writing about business, technology and security.




Around the Network