This is a guest post by Doug Nordman, a retired Navy submariner who writes about military personal finance. During his last family vacation, he learned a few hard lessons about moving money around while you’re overseas.
My spouse and I spent the last three months visiting our daughter in Rota, Spain. She’s on duty aboard a U.S. Navy destroyer there, and my spouse was stationed in Rota over 30 years ago. We all had a great time and we’re returning in September for another long visit.
During the last year, I’ve noticed more phishing against military financial institutions. USAA, Navy Federal Credit Union, and PenFed have all had their share of website attacks, and customers have been tricked into giving up account data to criminals. Before we left the country for our trip, I let my credit card companies know my itinerary. I expected an extra layer of caution from the financial websites when I accessed them from a Spanish Internet address.
However we don’t have any PenFed credit cards – just a mortgage and some CDs. I didn’t see any reason to notify them of our itinerary, and that might have contributed to later problems.
I inadvertently created a second problem at PenFed by not having a smartphone. At home in Hawaii I use an old pay-as-you-go clamshell that’s not compatible with Europe’s cell phone network. Instead of upgrading to a modern phone for this trip, I bought a cheap Spanish clamshell.
Moving money around while you’re overseas
While we were in Spain, one of our PenFed CDs matured. NFCU was paying a slightly higher interest rate on their CDs, so I decided to do a routine fund transfer. My NFCU account has been linked to PenFed’s website for years and I’ve transferred thousands of dollars between the two. But because my latest request came from a Spanish Internet address, I was quickly swamped with security verification problems. Even worse, PenFed’s customer service representatives couldn’t fix the situation.
My first mistake was trying to do the transfer while I was overseas. There was no reason to move the money right then. It could have stayed in PenFed’s savings account until I was back in Hawaii at my usual Internet address and phone number. I expected that everything would go right because it was a routine financial transfer which I’d done many times before. Once things started to go wrong, I found out that I couldn’t simply stop the process without causing more problems.
My second “mistake” was logging in to PenFed from a Spanish Internet address. PenFed’s website immediately flagged the transaction despite its routine request. Because of the Spanish address, PenFed’s security process now required me to get a confirmation code (text or voice) from their computer system on my phone. I’d never even seen that screen on PenFed’s site before, and now I was worried that PenFed would lock my account. I didn’t want to cancel the transaction until I dealt with the confirmation.
Calling from an overseas phone number
Unfortunately my phone number on my PenFed profile was my Hawaii clamshell that couldn’t access texts on a Spanish cell phone network. PenFed’s computer system wouldn’t leave voicemail on that phone, either.
I tried to update my PenFed profile with my Spanish phone number but … the website wanted to confirm the change by sending a text or a voice call to my Hawaii cell phone.
A security phrase? A security code?
I called PenFed customer service (on my Spanish cell phone) and explained the problem. Since that phone number wasn’t in my profile, they asked me to verify my identity with my “security code”. This is yet another PenFed verification tool that I had never heard of, let alone set up or used. Not only have I never needed it, but I’ve never, ever even received an e-mail or a website message advising me to set one up. Apparently this is used with PenFed checking accounts, ATM cards, and credit cards — but that was never required with my PenFed CDs and a mortgage.
The customer service rep suggested that I might have set up a security code years ago and forgotten it, so perhaps I should try a security code that I’ve used with other financial institutions. I knew I hadn’t done that but I looked at my PenFed website login and saw the label “personal security phrase” (by the login’s personal security image). When I tried that, PenFed’s website locked me out.
Now I was no longer a customer but a security threat. The PenFed rep (and their manager) interrogated me for 10 minutes to “verify” my identity. They eventually decided that I was me. Unfortunately I was a customer, not a Russian Mafiya phisher, so now they had to resolve this problem instead of just reporting it to their security staff. By this point nobody was happy.
The manager said that PenFed’s computer system needed to text me a code to get me back into the website. They finally (in a great leap of faith) agreed to send a text to my Spanish cell phone —but they couldn’t get their system to dial the overseas phone number. Ironically the PenFed customer service reps were now fighting their own site security.
Use a wire transfer
Since I could no longer login to my PenFed account, I asked “Do you have this problem with wire transfers?” Um, gee, no sir! All PenFed needs for a wire transfer is an identity confirmation with a customer service rep, and they’ll do that over the phone. I requested the wire transfer and happily paid the $20 fee.
24 hours later the wire transfer appeared in my NFCU checking account. NFCU’s website let me set up the CD without asking for any additional security verification.
PenFed eventually unlocked my account. I checked that I could login, but then I didn’t touch it again until I was back in Hawaii.
From now on I’ll take care of all my PenFed business before we leave home. And the next time we go to Europe, I might even bring a cheap smartphone.
Photo courtesy of © Leopollo | Dreamstime Stock Photos