Travel card security and fraud — how to protect yourself abroad

Card fraud and skimming happen everywhere but certain destinations are higher risk — particularly standalone ATMs in tourist areas of Southeast Asia, Latin America, and parts of Eastern Europe. A combination of the right card features and basic behaviour reduces your risk to near zero.

ATM skimming: how it works

ATM skimming involves fitting a fake card reader over the real ATM card slot, paired with a hidden camera or fake keypad to capture your PIN. The skimmer reads your card's magnetic stripe and the camera records your PIN. The data is used to clone your card and make fraudulent withdrawals. Modern chip-and-PIN cards are harder to clone than magnetic stripe — but skimmers still capture data that can be used for online fraud. The risk is highest at standalone ATMs not attached to a bank branch wall.

How to spot a compromised ATM

Before inserting your card: look at the card slot — if it looks different from adjacent ATMs or has a slightly different colour, texture, or protrudes outward, don't use it. Wiggle the card reader — real readers don't move; skimmers are clipped on and may feel loose. Cover the keypad with your hand when entering your PIN — even if there's no camera, this is the best habit. Use ATMs inside bank branches, inside supermarkets, or inside hotel lobbies — not standalone machines on pavements or in corners.

Digital card features that protect you

Modern travel cards (Starling, Monzo, Wise, Revolut) have features that significantly reduce fraud risk: instant transaction notifications (you know immediately if a card is used without your knowledge), in-app card freezing (freeze the card in seconds if something looks wrong, unfreeze just as quickly), virtual card numbers for online purchases (some cards generate single-use or limited-use virtual card numbers), and location-based security (some cards decline transactions from geographically impossible locations). These features don't exist on most traditional bank cards.

What to do if your card is compromised

If you receive a notification for a transaction you didn't make: freeze the card immediately in the app. Then contact your card issuer via in-app chat or phone. Report the fraudulent transaction — you are protected under UK law (Payment Services Regulations 2017) for unauthorised transactions as long as you haven't been grossly negligent with your PIN. Your liability is capped at £35 for transactions before you reported the loss, and zero if the card was used without your PIN (e.g. contactless). The sooner you report it, the better your position.

Contactless fraud: how real is the risk?

Contactless fraud via 'NFC skimming' (using a reader near your pocket to steal card data) is theoretically possible but extremely rare in practice. The amount of data captured via contactless is limited — it's not enough to clone a card for ATM use, only for certain types of online fraud. Keeping cards in an RFID-blocking wallet is a legitimate precaution but not a critical necessity. A bigger risk is physical card theft.

Behaviour that reduces risk to near zero

Practical habits that work: only use ATMs inside banks or supermarkets. Cover the keypad every time you enter your PIN. Enable instant transaction notifications on every card you carry. Never let your card out of sight when paying at restaurants — always go to the terminal yourself if the waiter takes it away. Carry two cards in separate locations so a single theft doesn't leave you without funds. Use Apple Pay or Google Pay where possible — these use tokenised transactions and are safer than physical card taps.

Key takeaways