Money, it's a crime
Share it fairly but don't take a slice of my pie
—Pink Floyd
Having your credit card info stolen over public wi-fi can happen more easily than you think, and your bank may not be of much help if it happens to you.
Do you use public wi-fi? Does your computer send your payment information for anything while you’re using it? Look at what happened to me in Malaysia so you can avoid it happening to you.
My sad tale
I took my laptop to a Starbucks in Bukit Bintang, Kuala Lumpur, Malaysia a few days ago, where I purchased something online using my ATM/debit card. Everything worked smoothly. Ho-hum.
But a few days later I got an email from Bank of America: they had detected some “unusual activity” on my ATM card and had already canceled it. With no input from me – they must have been pretty sure about it to go ahead and cancel it.
The charges they listed were indeed mysterious – $150 worth of purchases at a toy store a block away from the Starbucks.
Bank of America said they’d launch an internal investigation, which sounded all well and good but it meant I wouldn’t have access to any cash for the length of the investigation. The cash I had on me had to get me through.
Gulp.
They sent a new ATM card to my mom’s house in the United States and she mailed it to the central KL post office a few days later where I picked it up. Bank of America suggested I get a police report while waiting for the results of their investigation, so for the second time in a week I found myself sitting in the tourist police office near the Petronas Towers.
A friend I’d made at my guesthouse came – my moral support this time.
The result of the investigation
Bank of America, frustratingly, found “no evidence of wrongdoing” and said I was liable for the $150 as if I’d spent it myself. Thanks for nothing, BoA.
There are several questions I was never able to answer about this tale, including:
- How did someone get this info, even from public wi-fi? I thought secure connections were safe.
- What made the bank think these charges were suspicious in the first place? I’d been using the card legitimately in the area myself.
- Given that the charges were suspicious enough for Bank of America to immediately cancel my card and launch an internal investigation, what made them rule against me and take the money after all?
Lessons to learn
Your bank may help you like they helped me – which is to say, sort of but not really. Without them you may not even know about the problem and there may be more and higher purchases made with your card – but you might have to pay up anyway. It’s different with different banks, and it matters whether your card is a debit or a credit card.
I felt lucky that it was only $150; although that is a big part of my savings since I’m working online to continue this trip, it could have been worse. Much more than $150 would probably mean I’d have canceled the trip.
Shudder.
So be careful with public wi-fi; try to use broadband cables, and secure connections when possible. And have an alternative source of funds in case something happens.
And don’t let the stress of losing money burrow too deep in you, it’ll make your blood sugar high!
Have you ever had something like this happen to you? Where was it? How did you handle it?
Thanks for reading. Suggested:
- Share:
- Read next: Day 29: The crazy weightless room of Kuala Lumpur
- News: Newsletter (posted for free on Patreon every week)
- Support: Patreon (watch extended, ad-free videos and get other perks)
Support independent travel content
You can support my work via Patreon. Get early links to new videos, shout-outs in my videos, and other perks for as little as $1/month.
Your support helps me make more videos and bring you travels from interesting and lesser-known places. Join us! See details, perks, and support tiers at patreon.com/t1dwanderer. Thanks!
G’day Jeremy,
Thank you very much for your articles. I’m off to Malaysia myself in a few months, and Google led me to your site. (Quality writing style too, cheers!)
I’m always wary of any Wifi that I don’t know, public or otherwise. It’s disturbingly easy to grab data from wireless internet connections, especially if you have physical access to the Wifi router being used.
Just as a hypothetical, if I wanted to steal people’s data, and I ran a shop where I offered Wifi – I would buy a router, making sure that it was one which could have it’s firmware easily replaced. Then I’d plug it in, download a user-controllable firmware for it (something like dd-wrt, which lets you run a nearly complete version of Linux on your wireless router).
Then I would be able to log in to the router, bring up a command line, and with a few commands – which I could look up on the web, if I didn’t know them myself – get the router to start transparently grabbing copies of every bit of wireless data it processes, and storing them in a file so I could peruse them later, at my leisure.
Then I’d turn on the wireless, stick it in my shop, put up a sign in the window saying, “Free Wireless!”, and start collecting all sorts of interesting private information on people.
Using SSL-encrypted sites (as just about every bank does these days) does add security to the whole thing, but if you’re unlucky enough to fall victim to a technically savvy data thief, then even that will only slow things down a bit.
The bottom line is not to trust a wireless connection where the router is owned or run by someone you don’t trust. I know that’s not much use when you’re travelling everywhere, since you’ll hardly ever know whether the owner is trustworthy or not! Perhaps it’s best to just put it all down to the inherent risks of long term, long distance travel… :>
Just thought I’d chime in. Thanks again for your experiences – I’ve learnt from them! (Still can’t believe the naivety of that Japanese lady from the “Malaysia, day 1” article! I lived in Akita for about a year myself, many years ago… best year of my life, I reckon.)
Hey Warwick thanks for the comment. Glad you have found the articles here useful! I wish I’d get on the ball and write some more, there were lots of other things I am planning to add when I can find the time.
I definitely became more sensitive to the problems of using public wifi after this episode. When I got to China one good thing was that most hotels, even cheap ones, had broadband connections in the room that I trusted a little more. But I made sure only to use https pages anyway.
Have a good time in Malaysia! Come back and let me know what you find.