How to use 2-factor ID for banking while traveling with a foreign SIM card

[Former member 91017]

OK, so in a thread about cell-phones today, one pilgrim drew our attention to the arrival of 2-factor ID protocols. These have recently arrived at my workplace, and with my banking set-up (probably yours as well). The short story is that "2-factor" verification means that the system you are communicating with asks for verification that it's really you from a machine they've already approved by sending you a 6-digit number by text (usually, and for our purposes here, always) that you then type in to your entry credentials. This would be the "login" stage of your banking, for example.

Problem is that if you put in an EU SIM, you won't receive the text message because it will have gone to your home phone number.

The easiest solution *prior to departure* is to allow a family member or a friend to receive texts from your bank. (I use TD, and one sets this up in the "PROFILE" settings). Your approved person will receive the 6-digit code, text it to you on your new EU number and you'll be able to get into your banking.

From there, you can add your EU telephone number as an additional approved number to receive the 2-factor requests later on in your trip.

I am going to handle things this way rather than buying an EU SIM before leaving home -- simply because I know I can get a cheaper deal on the ground in Spain when I land.

It's a little aggravating (as is 2-factor IMHO in general), but it's the way a lot of tech operates now when it comes to log-ins... and nobody wants to be stuck unable to get their banking done! Most of us still have bills to pay while we are away...

 

[Anhalter]

If two factor auth is such a big issue, might not be a dual-sim phone the right thing to get? You could still get your texts from work/bank/whatnot with likely no added cost (i think receiving texts is free even if you are on another continent, but better check before) and use the EU-Sim for local internet and calls.

 

[Former member 91017]

If two factor auth is such a big issue, might not be a dual-sim phone the right thing to get? You could still get your texts from work/bank/whatnot with likely no added cost (i think receiving texts is free even if you are on another continent, but better check before) and use the EU-Sim for local internet and calls.

Depends on your phone model.
Some can, some can't..
some can do an "E-SIM" some can't...
Check your model.
And make sure ordinary comms from home go to your EU SIM so you don't get dinged a "daily use fee" as I have been on "the best plan" (LOL) Rogers was offering at the time.
I will get a second SIM of some form if I can get it sorted efficiently; Spouse cant get a Dual SIM going in his phone.

 

[C clearly]

text it to you on your new EU number

Just a caution here that I found difficulty in getting SMS text service with my EU SIM. But the idea can still work - your home contact sends the code to you somehow, hopefully during waking hours at both ends!

Possibly a better approach... When you are doing the 2-factor verification, there is usually the option to select how you want to receive the second factor (the 6-digit code), and the options include the email address that they have in the system. You would have access to your email and can retrieve the code without having someone else involved.

 

[naplesdon]

I do not know how or if T-Mobile operates in Canada but the new iPhone 13 with a T-Mobile service contract that I recently upgraded to has a data plan at no additional cost for service in Europe (voice is another story at $0.25 per minute.) I purchased my phone so it is unlocked and it has an eSim so the simcard slot is currently empty.
The two step authorization is a painfully necessary security process. I have had recent occasions where it stopped two bogus transactions.
BNP/Paribas in France has been using the two steps longer than the banks in north America. They message my US phone number with the authorization codes and it caught a bogus charge to my account for over 4000 euros last year.

 

[DoughnutANZ]

Two factor authentication using SMS txts are relatively insecure because it is relatively easy for a thief to port the phone number of someone they target to a new phone.

Done correctly, using an authentication program on your smart phone, two factor authentication is very secure and I use it where ever it is offered, including on this Forum.

Google and Microsoft offer authenticator apps and there are probably others out there that are just as good.

What you propose seems very awkward. If that is how you want to do things then, of course, that is your prerogative. It may be simpler to ask your bank if they have the facility to use an authentication app.

Being an app means that it is independent of the SIM card that you currently have installed.

I use my authentication app for all of my banks and financial accounts that are online and they all support the app natively. I would be surprised if your bank doesn't support this method.

 

[Former member 91017]

Two factor authentication using SMS txts are relatively insecure because it is relatively easy for a thief to port the phone number of someone they target to a new phone.

Done correctly, using an authentication program on your smart phone, two factor authentication is very secure and I use it where ever it is offered, including on this Forum.

Google and Microsoft offer authenticator apps and there are probably others out there that are just as good.

What you propose seems very awkward. If that is how you want to do things then, of course, that is your prerogative. It may be simpler to ask your bank if they have the facility to use an authentication app.

Being an app means that it is independent of the SIM card that you currently have installed.

I use my authentication app for all of my banks and financial accounts that are online and they all support the app natively. I would be surprised if your bank doesn't support this method.

It was what my bank (TD) told me to do, and it's only or the *first* authentication, after that they will have the new machine ID when I log in.

 

[David with new Kit!]

I use a password manager named "lastpass" (others are available) which also has a companion authenticator app that allows 2FA from many other companies to be added. I currently have around 15 on mine, including Google and Microsoft.

As above, Google and Microsoft also offer authenticators, but I don't like the thought of them tracking my transactions.

Also as above, email confirmations are normally an option instead of SMS. I only accept SMS if there are no other options.

 

[Molly Cassidy]

For banking transactions, I use a mobile app on my phone which doesn't require additional authentication. Some banks also do authentication through the app for online banking transactions, so don't require mobile signal for SMS.

 

[DoughnutANZ]

Two factor authentication (2FA) is not new, back in the early 2000's long before smart phones, I managed a public access computer facility and along with other key staff I had a separate electronic device that generated authentication codes.

These days, services that require enhanced security such as financial services typically use 2FA.

There typically is a difference between accessing a service such as your bank account on your phone using a browser or via your bank's phone app.

When using a browser it is common to see the 2FA process in action. This is when either the bank's systems send you an SMS txt (or more securely you look up the authentication code on your phone) and you use that along with your password to log in.

When you use the bank's app on your phone this process happens behind the scenes and you don't see it but it is still happening. Obviously this is a simpler process for you the customer though.

When setting up the bank app for the first time the systems do require you to see and participate in the process so that the bank can be reasonably sure that you and your phone are connected (i.e. that it is your phone that the app is installed on) so that their app can connect you with your bank account.

While this first, one time, action can be considered 2FA it really isn't. It is just the bank app making certain that the mobile phone number that you have previously registered with your bank is the phone that has the app installed on it

Generally, if you installed the bank's app on your phone then you can, after the first time, use a different SIM card in your phone without affecting the app.

On the other hand if you want to sign into your bank account using a browser and you have set up 2FA to use SMS txt messages then changing your SIM card will cause you problems unless you have a way of receiving txt's to your original phone number.

 

[Former member 49149]

I have no idea if this will be helpful or relevant: it does not suit me to have the bank send me a code to my phone. Two of us use the account. So, we have a PSK. It is a tiny gadget, and when I want to - or rather MUST - access the 2FA system, the code arrives on the PSK. It allows me to access 365 banking online. I won't bother with it though, when I eventually set sail by plane for foreign shores. I will find a way around the 2FA, including having a stash of real money somewhere in my belongings. Those were the days when life was honest, and the banks had real people, and not the system that is quietly intent on decimating them all! I had a job as a bank clerkess when I left school. I do know something about it.
Yes, and you spell it this way: cynic.

 

[David Tallan]

The thing to watch out for with two factor authentication is that you really need that second factor. I have my Google account set up so that I need a second factor (text to my phone) when I'm logging in for the first time from a new device. Makes sense, eh? And when I was on the Camino Portugues, I had my e-tickets home on my phone and a backup copy on my Google drive in case I lost my phone. Of course, without my phone to receive the 2FA text, I had no way to access that Google drive.

I know Google allows you to print and bring some one-time keys you can use for 2FA. If you rely on it, it might be good to have another means of verification should your phone not be available.

 

[Kathor1]

@Faye Walker raises an important point which should not get lost among the technical aspects and accounts of personal experience: Is your mobile phone number linked to your own online banking? And will this matter to you while you are in Spain if you use a temporary Spanish mobile phone number?

This may be an important factor for example, when you are in Spain, to make online payments back home or to make credit card purchases for train tickets in Spain. And if so, do you want to have the same full range of functions with a temporary Spanish mobile phone number or would you be happy with workarounds, and if not, how do you establish this link between your new mobile phone number and your bank's app on your phone or on the web?

Your situation will very much depend on your own preferences, on your bank, on your chosen access and identification methods, even on the region of your credit card issuer and on the configuration of the Spanish online vendor website.

It is safe to say that two step authentication for online financial transactions is here to stay. You may encounter it more and more. So check your own situation when you opt for a temporary mobile phone number while travelling. You may have forgotten that you initially had to link your mobile phone number to your bank's services and how you did this. When you change mobile phone numbers that essential link may be broken.

(I had to use two step authentication for at least 15 years now for the two bank accounts that I have with banks in two different EU countries. First for online banking only and now for much of my online purchases. First with a code generator gadget with one of the banks while the other bank sent me a printed list of codes where each code could be used only once. Now it is less hassle thanks to a dedicated mobile phone app for one bank and with the other bank I can use a generic identification and authentication app that I can also use for access to my files at the tax office and at the public health services. And this latter app is linked to my mobile phone number, it is not sufficient to just be installed on the phone.)

 

[CameraHiker]

Unfortunately, if you're from the US, 2 factor is still common for banking apps if the transaction triggers a fraud verification. Before I travel I'll call and give them the dates I'll be traveling to minimize out of region fraud alerts. Depending on your cell phone plan it could be up to $10 a day to turn on your phone just to check for the 2FA. Reddit Digital Nomad also has good information. Digital Nomad

 

[camino.ninja]

I think all the best solutions already got mentioned. The easy is having an international plan. If not possible or too expensive, getting an eSim (that is if your phone supports it), and have two phone numbers on your phone.

 

[Kathor1]

Unfortunately, if you're from the US, 2 factor is still common for banking apps if the transaction triggers a fraud verification.

Still? In the EU, 2 step authentication has become mandatory for online purchases when both the vendor and the issuer of the credit card used for the purchase are both located in the EU.

As I said, this is here to stay. Some Spanish vendors, like Renfe or the Roncesvalles albergue, have configured their websites in such a way that this requirements must be met by every customer, no matter where their credit card has been issued. And if these customers still have a credit card where this feature is not enabled they cannot buy. And if they have mobile phones that do not allow them to go through the mandatory authentication process, and there is no other option, gadget or whatever available, then they also cannot buy. So I agree with @Faye Walker, mobile phones are tools. Even for pilgrims.

 

[auburnfive]

If the only banking transaction I plan to do is withdrawing from an ATM, the 2 step authentication would not be needed - right?

 

[DoughnutANZ]

If the only banking transaction I plan to do is withdrawing from an ATM, the 2 step authentication would not be needed - right?

Correct

 

[Molly Cassidy]

If the only banking transaction I plan to do is withdrawing from an ATM, the 2 step authentication would not be needed - right?

No, it shouldn't be. Make sure you inform your bank that you're travelling, though. I've had my card stopped before for unusual transactions.

 

[CameraHiker]

Still? In the EU, 2 step authentication has become mandatory for online purchases when both the vendor and the issuer of the credit card used for the purchase are both located in the EU.

As I said, this is here to stay. Some Spanish vendors, like Renfe or the Roncesvalles albergue, have configured their websites in such a way that this requirements must be met by every customer, no matter where their credit card has been issued. And if these customers still have a card where the feature is not enabled they cannot buy. And if they have mobile phones that doesn't allow them authentication they also cannot buy. So I agree with @Faye Walker, mobile phones are tools. Even for pilgrims.

OH! Very interesting, I did not know that. Thank you!

 

[Kathor1]

If the only banking transaction I plan to do is withdrawing from an ATM, the 2 step authentication would not be needed - right?

Correct. It is about access to one's online banking, about making an online transfer from one's own bank account to another bank account, about paying bills online, and also, depending on the circumstances, about online purchases and online bookings with immediate payment. It is not about ATM withdrawals.

 

[senora1]

I don’t know if it’s practical to have someone at home send you the codes, usually you only have 10 minutes before they expire

 

[Former member 91017]

I don’t know if it’s practical to have someone at home send you the codes, usually you only have 10 minutes before they expire

Step 1: make contact with home.
Step 2: log-in to banking (bank texts the code to the home #)
Step 3: Home texts the code to you

This is the easiest way *recommended by the bank that is my home institution*. It does not require that I:

• buy a SIM card for the EU from here (premium cost, possibly counterfeit product)
• Attempt to navigate new eSIM technology with the fairly high-stakes of 6 weeks worth of variable bill payments and money transfers to other dependent family while I am away.
• Faff around with any number of work arounds
  
  If the timing won’t work for some people, then they are going to get stuck with all the more complicated solutions. I wish I could be more helpful to them on that front.
  
  TD is not a minor institution and this is their “lowest stress” recommendation.
  
  

 

[CA_Pilgrim]

I was think about this issue just yesterday when I needed a 2-facot ID from my bank to pay for my Roncesvalles reservation. If I had done this on the road, I would not have gotten the text on an EU phone SIM.

Someone mentioned requesting the 2-factor ID by email, this is a bit more cumbersome, but a workable way around the problem. Someone else mentioned having an encrypted password manager to access you important accounts while on the road and changing the contact text number. I thought of this, but I need to check into if/how USA banks and other accounts handles EU phone/text numbers. I'm sure there's a way, I just need to look into it.

After some thought, I decided to bring a second phone and put the EU SIM card in the second phone and keep my regular phone with me as a back up. A little extra weight, but not much. Fortunately, I have a second phone that has the exact same features as my current phone but with less memory. Long story as to how I got it and not worth going into. So, my plan is to use my regular phone for the first few days (paying Verizon's EU roaming charges ~$10/day) until I can get an EU SIM card and sort out the contact information for my most used accounts.

Granted, not everyone has a nice back up phone, but it's something to consider for those who have one.

 

[Kathor1]

I don’t know if it’s practical to have someone at home send you the codes, usually you only have 10 minutes before they expire

Code. Not codes. Provided I understand correctly.

@Faye Walker will not require a code from someone at home each time she needs to access online banking. It is just for the very first time in Spain with the new simcard/mobile phone number. After this first time, the online bank system will communicate with the mobile phone in Spain and no longer with the one left at home.

 

[trecile]

I have no idea if this will be helpful or relevant: it does not suit me to have the bank send me a code to my phone. Two of us use the account. So, we have a PSK. It is a tiny gadget, and when I want to - or rather MUST - access the 2FA system, t

Could you share more information about this device, and where you bought it? And what does PSK stand for?

 

[Former member 91017]

I think all the best solutions already got mentioned. The easy is having an international plan. If not possible or too expensive, getting an eSim (that is if your phone supports it), and have two phone numbers on your phone.

When it warms up where I am (in Feb!!) I will go to the Apple Genius Bar and have them walk me through *in person* how to manage the eSIM. I want to *see* how the text to my domestic number comes through, and how seamless the eSIM is before I go that route. I do like that it will keep my domestic SIM safely inside my phone, and I like the principle of it.

 

[Viva Terlingua]

I guess I'm not very frugal, but paying $100/month to be able to use your phone and phone number while out of the country just like you are at home seems well worth it to avoid all these complications and/or workarounds.

 

[Former member 91017]

I guess I'm not very frugal, but paying $100/month to be able to use your phone and phone number while out of the country just like you are at home seems well worth it to avoid all these complications and/or workarounds.

Perhaps so, but that kind of pricing is *not* available for Canadians. It’s more like $100 every 3 days to use the various roaming options from our ISPs.

Value/convenience… those things matter, but the money I save by getting an EU SIM amounts to a year of groceries for a disabled dependent whom I care for.

The calculations of costs and benefits will be different for residents of different countries.

Until Canada has 10 times our current population to get to “economy of scale” we will continue to pay the most expensive fees in the world. I think I’d *rather* not get into that kind of crowding for the sake of cheaper infrastructure in telecoms.

 

[Kathor1]

Could you share more information about this device, and where you bought it? And what does PSK stand for?

I'm not @kirkie and I did not know what PSK stands for but I knew what she meant. It's the 'gadget' that you can order from your bank, and if @kirkie's bank is like mine, you get it for free. It is only of use when you have an account with the bank in question. It generates unique codes for your online banking transactions. My two banks still offer such devices for their online banking customers but I now use dedicated apps instead. PSK stands for Physical Security Key. I used to take mine with me to Spain but now I can leave it at home and only take my iPhone.

My banks call it "TAN generator" and "Card reader". What is it called in the USA?

Here is a photo of the device for the customers of the Bank of Ireland:

 

[C clearly]

paying $100/month to be able to use your phone and phone number while out of the country just like you are at home seems well worth it to avoid all these complications and/or workarounds.

that kind of pricing is *not* available for Canadians

It is very true that our cell phone service is expensive. The precise surcharge for Rogers "roam like home" service is are C$14/day to be topped out at 15 days per month. So, roaming like home will cost up to about C$210 per month, which is currently about US$165. It is an expensive alternative to getting a local SIM card, but may be an acceptable convenience at $14/day for an emergency or for a few days.

 

[DoughnutANZ]

Could you share more information about this device, and where you bought it? And what does PSK stand for?

There are a wide variety of devices that offer 2FA including USB and Bluetooth "keys" where you don't have to fluff around with codes.

This is one article on various choices https://www.zdnet.com/google-amp/article/best-security-key/

And Google has a very secure Bluetooth device, see: oops Google won't show me that product in ANZ, try Amazon https://www.amazon.com/dp/B01LYV6TQM/?tag=casaivar02-20

Look for FIDO2

 

[gailsweb]

In 2015 I had used a Spanish sim and encountered verified by visa - something I had no option to choose or opt in or out of (or even know when it was going to happen) as it’s decided by visa not my bank ! It sent a text to my home mobile phone which was not roaming and because I didn’t respond it put my card on hold immediately! Several stressful hours later, after delaying my much needed sleep with numerous Skype calls and messages back to Australia I resolved the problem, reactivated my account and passed out with exhaustion. On subsequent caminos I have been very wary of verified by visa but have also accepted the expensive global roaming charges for minimal daily use and also bought a Spanish sim for a smaller second phone to use on the camino - much cheaper than using the roamING phone in spain. I am so glad there are dual sims now it will save me 112gms and I look forward to using one on my next camino post restrictions hopefully in the near future

 

[Former member 91017]

I have a 2-factor fob. I have to use it at work about 5 times a day. Hate it. Would be fine in my office on campus, but when I'm working at home that thing is *always* somewhere else (the *last* place that I was working). Run up the stairs. Run down the stairs. Repeat. I've even put a bluetooth tracker on it. To each their own (and some packs have a clip or hook inside to which one could attach such a thing...) but I reeeeallly don't want to worry about *another* small object.

 

[Former member 49149]

Could you share more information about this device, and where you bought it? And what does PSK stand for?

Sorry, @trecile, I have only now seen your question. @Kather1na has given the answer.

 

[Rick of Rick and Peg]

Two factor security generally relys on these two items, what you know and what you have (a third is who you are, e.g. a building guard that recognizes all employees). When you log into a website you use what you know, username and password. The site then checks to see what you have. This may be by checking your device for a known combination of data such as make, model, unique id, etc. Another way though is to send a code to your device and if the code is returned the site figures that you are the one holding it.

Another way to check for something you have is to give out a device called a key. And one way that this could work (trying to remember a 30 year old description) is each device has a unique code and an accurate clock. The site asks you to use the key to get a number and enter that into the site. What it does is use the unique code of username's key and a block of time (e.g., the start of a five minute block of time) and looks up or computes a number from that information. You enter a PIN into your key to show it you are the owner and then the key figures out the same number that the site does. Enter that number into the site within the block of time and if it matches then you gain access to the site. No call, text or email is needed but you better not lose the key. If you do and it is found then it does the finder no good as he knows nothing about you like username, password or phone number or the device's unique code.

 

[Ian Campbell]

It is very true that our cell phone service is expensive. The precise surcharge for Rogers "roam like home" service is are C$14/day to be topped out at 15 days per month. So, roaming like home will cost up to about C$210 per month, which is currently about US$165. It is an expensive alternative to getting a local SIM card, but may be an acceptable convenience at $14/day for an emergency or for a few days.

I considered this option and it's a good solution for the short-term traveller, as you say. If you're doing the full-scale Camino you're going to want another way, no pun intended. Bell Mobility has the same daily price but it's a 20 days/month cap. If you go to Spain for two months, that's $560 CAD. Wow, that's a lot of money just to get a few texts!
For many people this will become a significant planning issue. I think the most common problem occurs when trying to make a purchase online, especially plane and train tickets and, mentioned above, hotel bookings. When you click "purchase" the system goes to a third-party security app. If you can't receive the code via the prearranged method, you can't make the purchase. You're just out of luck!
Everyone will have to find the answer that works for them: 1) plan ahead to avoid this need. Be aware you might have to find an agent instead of getting that Santiago-Madrid ticket online. 2) talk to banks and CC companies beforehand to find out options 3) tech solutions like e-SIM. Not all phones can do this but many can, nowadays.
Forewarned is forearmed, in which regard this thread is an excellent start.

 

[alipilgrim]

One nice thing about having an EU number is that it's more economical for your accommodations, services, and fellow pilgrims to call YOU.

 

[BombayBill]

I think I can address the OP’s issue as it is conundrum unique to your particular bank and country. Everyone has to labour under their own banking rules no matter if a better system exists. I am Canadian and use the same banking system. I also have the habit of purchasing a Spanish sim.

So like @Faye Walker I add a second trusted number to receive the banking code. A trusted family then sends it to me. At one point I thought I could use a Skype number to receive the code but that feature was not available. Based on previous experience trying to resolve banking issues while overseas I’ve learned to accept that I may have to insert my home sim in order to comply with the bank’s procedures. Sure it costs but c’est la vie.

The other issue with using 2 sims is that occasionally iMessage, FaceTime, WhatsApp etc will complain if your old sim isn’t occasionally used. If you’re careful and go to to Airplane mode, insert your old sim, and while leaving your phone in Airplane mode, only turn on your Wifi, you can give the Cloud gods a glimpse of your sim and keep it valid.

And to think the ancient pilgrims found donkeys difficult.........

 

[Old Kiwi]

What a pa-larva over phones. |I don't carry a phone or any of the paraphernalia that goes with it. Don't need it. I carry an international money card loaded with the currencies that I will be using which enables me to get money from ATMs everywhere. Simple, job done.

 

[Richard Smith]

One of the really nice things about technology on our camino was being able to talk to our adult children or my Mum face to face (It think we used Skype back then) at sometime when it suited them, often in the middle of a field or a small village.

 

[Kanga]

Interesting thread. Makes me feel like I need to do a "Marie Kondo" on my tech. I have too many different security systems.

 

[Former member 91017]

What a pa-larva over phones. |I don't carry a phone or any of the paraphernalia that goes with it. Don't need it. I carry an international money card loaded with the currencies that I will be using which enables me to get money from ATMs everywhere. Simple, job done.

That’s nice. I don’t have the luxury of being so disconnected.
Many of us don’t.
And we still like to travel, rather than remaining in care-giving situations that are nearly relentless. For me a few weeks on the camino every few years is all I get. My colleagues travel for fun several times a year. My work used to take me places many times a year as part of normal duties. Now I have an “accommodation” for my care-giver responsibilities that says I don’t have to go to conferences.
The *palaver* characterization is really offensive. Whoopee for those who can tell the rest of the world to get stuffed; I don’t belong to (nor in many ways do I wish to) that crowd.

 

[cbacino]

OK, so in a thread about cell-phones today, one pilgrim drew our attention to the arrival of 2-factor ID protocols. These have recently arrived at my workplace, and with my banking set-up (probably yours as well). The short story is that "2-factor" verification means that the system you are communicating with asks for verification that it's really you from a machine they've already approved by sending you a 6-digit number by text (usually, and for our purposes here, always) that you then type in to your entry credentials. This would be the "login" stage of your banking, for example.

Problem is that if you put in an EU SIM, you won't receive the text message because it will have gone to your home phone number.

The easiest solution *prior to departure* is to allow a family member or a friend to receive texts from your bank. (I use TD, and one sets this up in the "PROFILE" settings). Your approved person will receive the 6-digit code, text it to you on your new EU number and you'll be able to get into your banking.

From there, you can add your EU telephone number as an additional approved number to receive the 2-factor requests later on in your trip.

I am going to handle things this way rather than buying an EU SIM before leaving home -- simply because I know I can get a cheaper deal on the ground in Spain when I land.

It's a little aggravating (as is 2-factor IMHO in general), but it's the way a lot of tech operates now when it comes to log-ins... and nobody wants to be stuck unable to get their banking done! Most of us still have bills to pay while we are away...

Every financial site I have asked has replied they will NOT send a text to a foreign number, so that strategy will likely not work. On your phone, install the app for each financial institution and set up for the thumbprint option for logging in. No further authentication. I use that method now while living in Italy this year.

 

[Kathor1]

What a pa-larva over phones. |I don't carry a phone or any of the paraphernalia that goes with it. Don't need it. I carry an international money card loaded with the currencies that I will be using which enables me to get money from ATMs everywhere. Simple, job done.

@Old Kiwi, the thread is not about getting money from an ATM. Having no phone and carrying an international money card won’t do the job that this thread is about.

It’s about doing other stuff the way one wants to do other stuff, or needs to do other stuff, without “faffing around with any number of work arounds”. Love this expression.

Like you, I don’t have @Faye Walker‘s problem but for different reasons. I still try to understand it and try to help when I can.

 

[Kathor1]

I am starting to wonder ... do you not use these devices for 2 step authentication in online banking in the US, Canada and elsewhere?

They have been in use for years in Europe and are very common. No exchange of text messages is required, neither for your online banking operations nor for initial set-up. Below is a selection for various banks. Mine used to be on the must take list for my backpack (I now use a different authentication method).

 

[trecile]

I am starting to wonder ... do you not use these devices for 2 step authentication in online banking in the US, Canada and elsewhere?

They have been in use for years in Europe and are very common. No exchange of text messages is required, neither for your online banking operations nor for initial set-up. Below is a selection for various banks. Mine used to be on the must take list for my backpack (I now use a different authentication method).

Nope, never heard of such a thing here in the US.

 

[SabsP]

@Old Kiwi, the thread is not about getting money from an ATM. Having no phone and carrying an international money card won’t do the job that this thread is about.

It’s about doing other stuff the way one wants to do other stuff, or needs to do other stuff, without “faffing around with any number of work arounds”. Love this expression.

Like you, I don’t have @Faye Walker‘s problem but for different reasons. I still try to understand it and try to help when I can.

Ha. The only reason I still have to go to my actual bank is when I need that specific device...

 

[Kathor1]

Nope, never heard of such a thing here in the US.

Wow. No wonder that we sometimes talk at cross-purposes when we bank in different countries and assume that the system we are familiar with is the system that everyone is familiar with.

I learnt only now through this thread and through a bit of googling that there are banks who send transaction codes per sms/text. I think someone said earlier that this is not a particularly secure method. I never made use of this option. I am not even sure that my banks ever offered it. I've been online banking for longer than I can remember and I had a device for 2 factor authentication for more than 15 years I think. Ten years at least because I found an old instruction leaflet from 2010 on the net.

 

[Molly Cassidy]

Wow. No wonder that we sometimes talk at cross-purposes when we bank in different countries and assume that the system we are familiar with is the system that everyone is familiar with.

I learnt only now through this thread and through a bit of googling that there are banks who send transaction codes per sms/text. I think someone said earlier that this is not a particularly secure method. I never made use of this option. I am not even sure that my banks ever offered it. I've been online banking for longer than I can remember and I had this device for 2 factor authentication for more than 15 years I think. Ten years at least because I found an old instruction leaflet from 2010 on the net.

I have bank accounts in four different countries all with different authentication methods. Only my British account sends SMS. My Irish account used to have one of those code devices, but now I can generate the codes through the app.

 

[Kathor1]

Oh, this is a trip down memory lane (hopefully with your permission, Faye?).

I now remember the Digipass. That was how it started. The card reader / TAN generator / PSK / 'gadget' came later. It must have been around 2008. I see an entry from June 10, 2008: NatWest, my bank here in good ole England has seen fit to beef up security for some aspects of internet banking by moving to Strong Authentication or Multi-factor Authentication ... So NatWest (and I guess other RBS banks?) are sending that ATM-style authentication home to users by sending each a small calculator-like card reader for use with their bankcard.
And there is of course a photo of the device included in this blog entry.

14 years ago, eh? It went by in a flash.

 

[David Tallan]

I am starting to wonder ... do you not use these devices for 2 step authentication in online banking in the US, Canada and elsewhere?

They have been in use for years in Europe and are very common. No exchange of text messages is required, neither for your online banking operations nor for initial set-up. Below is a selection for various banks. Mine used to be on the must take list for my backpack (I now use a different authentication method).


View attachment 117293

I have never seen those for banking in Canada, although I must admit I am a newcomer to online banking. My online banking app uses biometrics (fingerprint scan) for security.

 

[peregrina2000]

This thread is interesting and once again shows how far behind the US banking industry is in terms of the customer service it provides. Now we can add 2-step authentication to “electronic wire transfer” to services that Europeans seem to take for granted and we in the US can’t get, or can only get at substantial cost.

But what is not interesting is the drift towards judgment of those who, for whatever reason, bring phones. Can’t we agree that the judgment about carrying phones, GPS, and backpack transfer should be left out of our discussions?

I hope that those of you who make a supercilious point of going tech-free never have an emergency on the camino, or that if you do, you are close to some of the people whose decision to carry phones you have scorned.

 

[Former member 91017]

I am starting to wonder ... do you not use these devices for 2 step authentication in online banking in the US, Canada and elsewhere?

They have been in use for years in Europe and are very common. No exchange of text messages is required, neither for your online banking operations nor for initial set-up. Below is a selection for various banks. Mine used to be on the must take list for my backpack (I now use a different authentication method).


View attachment 117293

No. We might use such things at work — as I do. Though mine is simply a fob that receives the number in the screen; I then type the number in on whatever device to connect to my university platforms.

When I need to do a 2FA for the bank, it sends me a message: “We need to know it’s really you! Please login using the 6-digit number we have sent by text message.”

 

[Former member 91017]

Every financial site I have asked has replied they will NOT send a text to a foreign number, so that strategy will likely not work. On your phone, install the app for each financial institution and set up for the thumbprint option for logging in. No further authentication. I use that method now while living in Italy this year.

Yes… maybe.… which is why I really like the idea of having the eSIM and dual numbers. But my bank *did* say that they would text to the foreign number because the device information is what they care about, not the telephone number per se.
Having the eSIM would keep my home number in service though… so I’d be safe.

 

[Former member 91017]

I have never seen those for banking in Canada, although I must admit I am a newcomer to online banking. My online banking app uses biometrics (fingerprint scan) for security.

I have the finger-print scan as well, and it’s what I usually use — BUT, I did a recent “ecosystem OS upgrade” across laptop, tablet and phone. When I logged in to set up this week’s bill-payments and transfers to my kiddo, TD needed me to use a 2FA because OS upgrades alter the system ID. When there is a SIM-card change or a log-in from a distant location, that will also trigger a 2FA request, over-riding the usual finger-print. Alas.

I’m glad I found out in time to get my butt into the Apple store, get a hands-on tutorial with the eSIM, etc etc.

My childhood friend, an IT design/support professional who specialises in Learning Management Systems and Design, who is headed on her first camino has been very grateful for the eSIM tips that I’ve relayed from here. And she’s grateful to have the time to figure it out *before* she hits the ground in a country where she won’t speak the language.

In other words, even for a person who started out as a programmer but is now a UX person, she doesn’t expect to be able to just jump and run. The input from this thread has been *indispensable*.

 

[Kathor1]

I’m glad I found out in time to get my butt into the Apple store, get a hands-on tutorial with the eSIM, etc etc.

I don't recall that you mentioned your iPhone model. My iPhone 8 cannot make use of eSim features. A newer model with up to date iOS that does not even need any physical SIM cards at all sounds very attractive, especially when a domestic carrier and a different foreign carrier are allowed (may depend on the primary provider if I understand correctly). Definitely the way to go, imo. Anyone from Canada who has been to Spain and has done this already?

 

[Former member 91017]

I don't recall that you mentioned your iPhone model. My iPhone 8 cannot make use of eSim features. A newer model with up to date iOS that does not even need any physical SIM cards at all sounds very attractive, especially when a domestic carrier and a different foreign carrier are allowed (may depend on the primary provider if I understand correctly). Definitely the way to go, imo. Anyone from Canada who has been to Spain and has done this already?

I feel like I might end up being the "test of concept case"!
I have an iPhone 12, so yes... it can take the eSIMS (up to 5, apparently!)...
I need to take it up to a Genius bar because I can't pop open the tray to see if I even have a regular "old" nanoSIM in there. I suppose I've dropped it often enough that the bay could be jammed.

 

[C clearly]

I feel like I might end up being the "test of concept case"!

Good idea! - our forum tester.

 

[Rick of Rick and Peg]

I have an iPhone 12, so yes... it can take the eSIMS (up to 5, apparently!)...

I have seen that some phones can have up to 10 eSIMs. However, as far as I have seen, phones (at least now) can have only 2 eSIMs active (or 1 physical SIM and 1 eSIM). The phones will allow the selection of which are the active ones. This is nice but it could be really confusing.

Be sure to bring this up with the Genius Bar.

 

[Stephan the Painter]

Speaking for the US situation. I’m changing banks.

Some banks here offer both text and email two factor verification. But some only offer text verification for whatever foolish reason. I’m actually in the process of changing banks because my current bank does not offer email verification. I don’t want to be out of the country and unable to do what I need to do .

It seems a better idea, since sometimes I travel frequently, to solve this problem once and for all instead of worrying about all these workarounds with multiple SIM cards, or friends or relatives at home. It’s just sounds like a lot of work each time. And also with the email verification, if I’m sitting at a desktop somewhere, I don’t even need my phone.

 

[camino.ninja]

Speaking for the US situation. I’m changing banks.

Some banks here offer both text and email two factor verification. But some only offer text verification for whatever foolish reason. I’m actually in the process of changing banks because my current bank does not offer email verification. I don’t want to be out of the country and unable to do what I need to do .

It seems a better idea, since sometimes I travel frequently, to solve this problem once and for all instead of worrying about all these workarounds with multiple SIM cards, or friends or relatives at home. It’s just sounds like a lot of work each time. And also with the email verification, if I’m sitting at a desktop somewhere, I don’t even need my phone.

But then you are dependent on Wi-Fi. Text messages does not require a data connection.

 

[Stephan the Painter]

But then you are dependent on Wi-Fi. Text messages does not require a data connection.

umm, the reason I would be getting a verification was because I was trying to use my bank online, so this would only be necessary if I was using the Internet already…..?

Maybe there’s other purposes where you would get a text two factor verification, But it’s not relevant to me.

 

[camino.ninja]

umm, the reason I would be getting a verification was because I was trying to use my bank online, so this would only be necessary if I was using the Internet already…..?

Maybe there’s other purposes where you would get a text two factor verification, But it’s not relevant to me.

Good point

 

[Former member 91017]

UPDATE: For Canadians using TD
Others in Canada should check with their own institutions

There is an APP available called TD AUTHENTICATE. It works, in essence, the same way that the FOB digital keys/PSKs do.

Go to your App store, either Android or Apple and get TD AUTHENTICATE. It is separate from your TD banking app. It does not require that you be online to work (though I have trouble imagining such a scenario)

It only took me 2 separate calls with TD, and over 2 hours for *someone* to realise that TD offers this option, designed especially for when we are travelling and require 2FA verifications that it's really us, and not a thief with our phones.

 

[Stephan the Painter]

UPDATE: For Canadians using TD
Others in Canada should check with their own institutions

There is an APP available called TD AUTHENTICATE. It works, in essence, the same way that the FOB digital keys/PSKs do.

Go to your App store, either Android or Apple and get TD AUTHENTICATE. It is separate from your TD banking app. It does not require that you be online to work (though I have trouble imagining such a scenario)

It only took me 2 separate calls with TD, and over 2 hours for *someone* to realise that TD offers this option, designed especially for when we are travelling and require 2FA verifications that it's really us, and not a thief with our phones.

That’s a wonderful idea. I’m going look into the authentication apps. I have never heard of those before this thread, so thank you everyone. I don’t bank at TD, but there is one in my hometown. Probably the Canadian and US versions of the bank are similar in there logistics.

It doesn’t surprise me that the customer service rep on the phone couldn’t tell you about this right away . Those are either low-paying jobs, or sometimes outsourced overseas, so you might not get the most well-trained people.

 

[Former member 99290]

But what is not interesting is the drift towards judgment of those who, for whatever reason, bring phones. Can’t we agree that the judgment about carrying phones, GPS, and backpack transfer should be left out of our discussions?

Thank you @peregrina2000 It's a real shame when worthwhile and interesting threads 'drift towards judgment'. I've often found myself reading interesting threads then within a comment or two things have suddenly gone south and, sometimes, keep on going in that direction and getting personal along the way. Luckily, if things get out of hand, a moderator intervenes and wisely closes the thread. And I know many appreciate their efforts. But it's a shame it has to come to that.

I guess it's human nature - and I'll admit to feeling judgement from time to time - but we all have the capacity to reflect on our words before hitting the 'post reply' button. Or, and I've done this - thought better of a too hasty post and deleted it.

Mods - if this general comment is considered inappropriate or too off topic, please do your thing.

 

[Stephan the Painter]

Google voice. Another possible way to solve this problem.

This is basically an Internet phone system. You can use it on a computer, but now you can get apps for your phone. You can receive and make voice calls and send and receive texts.

You either use your own phone number, or Google assigned one. Then any calls or texts made to that number are forwarded to you. I’m going research this a little more but I think this might solve this problem. As well as enabling you to easily call back home as long as you have a Wi-Fi or data connection. Once I’m sure I’ll come back and post.

Google voice is aimed at the US market, but there seem to be alternatives in Canada and some European countries under slightly different names. Nevertheless, you have to have a Google account.

 

[Former member 91017]

I have the TD AUTHENTICATE app installed. Now I have only to take it for a test drive, but if it doesn't work I will have the back-up option of having the system send a text to my spouse with the 6-digit code, and for him to then text that back to me on my Spanish SIM. I prefer that option over running 2 SIMs simultaneously because I don't want to get dinged the $10 fee for having my Canadian number roaming to receive the text.

Will I or won't I get an eSIM? depends what Vodafone has on offer when I get there. But as soon as I'm up and running on a Spanish system, my Canadian SIM will go into stored safe-keeping.

Done and dusted.

 

[JCarpenter]

Two factor authentication (2FA) is not new, back in the early 2000's long before smart phones, I managed a public access computer facility and along with other key staff I had a separate electronic device that generated authentication codes.

These days, services that require enhanced security such as financial services typically use 2FA.

There typically is a difference between accessing a service such as your bank account on your phone using a browser or via your bank's phone app.

When using a browser it is common to see the 2FA process in action. This is when either the bank's systems send you an SMS txt (or more securely you look up the authentication code on your phone) and you use that along with your password to log in.

When you use the bank's app on your phone this process happens behind the scenes and you don't see it but it is still happening. Obviously this is a simpler process for you the customer though.

When setting up the bank app for the first time the systems do require you to see and participate in the process so that the bank can be reasonably sure that you and your phone are connected (i.e. that it is your phone that the app is installed on) so that their app can connect you with your bank account.

While this first, one time, action can be considered 2FA it really isn't. It is just the bank app making certain that the mobile phone number that you have previously registered with your bank is the phone that has the app installed on it

Generally, if you installed the bank's app on your phone then you can, after the first time, use a different SIM card in your phone without affecting the app.

On the other hand if you want to sign into your bank account using a browser and you have set up 2FA to use SMS txt messages then changing your SIM card will cause you problems unless you have a way of receiving txt's to your original phone number.

Do you think that using a tablet with a phone app which forwards your texts and calls will suffice in this instance?

 

[DoughnutANZ]

Do you think that using a tablet with a phone app which forwards your texts and calls will suffice in this instance?

Hi, please see this thread for a comprehensive and more generalized reply: https://www.caminodesantiago.me/community/threads/verified-by-visa-and-sms-verification.72830/

There are definitely problems with this approach but it might be made to work.

 

[DoughnutANZ]

Google voice. Another possible way to solve this problem.

This is basically an Internet phone system. You can use it on a computer, but now you can get apps for your phone. You can receive and make voice calls and send and receive texts.

You either use your own phone number, or Google assigned one. Then any calls or texts made to that number are forwarded to you. I’m going research this a little more but I think this might solve this problem. As well as enabling you to easily call back home as long as you have a Wi-Fi or data connection. Once I’m sure I’ll come back and post.

Google voice is aimed at the US market, but there seem to be alternatives in Canada and some European countries under slightly different names. Nevertheless, you have to have a Google account.

Hi there is a more generalized thread here https://www.caminodesantiago.me/community/threads/verified-by-visa-and-sms-verification.72830/ where this comment could be debated dispassionately.

 

[Rick of Rick and Peg]

Google voice. Another possible way to solve this problem.

Thank you Stephan. I've been dreading posting about this since yesterday. I tend to get too involved with details and having to force my way to edit things to a simple version. Coming up with your explanation would have been a real chore for me.

To use Voice you need a Google account and a US phone number for it to transfer calls to. You then pick another phone number that is used for calling Voice. You used to be able to use wildcards to search for available numbers but now Google presents you with lists and you pick one you like from those.

I have Google Voice but I haven't been using it to its potential. It occurred to me yesterday that it could be used to get text messages if it and your phone that normally gets them have their setting adjusted correctly. I did a few simple tests and it looks like it will work just fine. You can also use it with the right settings to make cheap calls home, costing one or two cents per minute (get into airplane mode, turn on wifi, connect to it and dial; don't do that and you risk ending up going over a cellular network and paying lots).

Too many other things to say. Get a start with this Tom's Guide article:

How does Google Voice work, and should you use it?

How does Google Voice work? We've got you covered

www.tomsguide.com

 

[Stephan the Painter]

Thank you Stephan. I've been dreading posting about this since yesterday. I tend to get too involved with details and having to force my way to edit things to a simple version. Coming up with your explanation would have been a real chore for me.

I found this bit of information on a site for long-term ex-pats. It seems to solve this problem if you’re able to set up a phone number with Google voice or whatever Google service does this in your home country. But there was some talk that some financial institutions don’t like virtual numbers, which is what Google voice is. So I’m not 100% sure.

There also seems to be third-party two factor authenticator apps that you can use instead of receiving SMS’s. Apparently these are even more secure than SMSes. You set them up with the website. I just learned about these , but I’m not sure exactly how it works, yet

Rick, I actually started off with a much larger post, and then just edited it down to the basics because it was unwieldy and difficult to understand. I think setting up Google voice is complicated and hard to explain succinctly.

 

[Rick of Rick and Peg]

That said, I haven’t tried it personally to have texts sent to an overseas number. So I’m a little reluctant to posit it as a certain solution.

In Settings you can say that you want messages to go to the email address of the Google account that is the owner of the Voice phone number.

You can also add numbers to Voice to ring more than one phone when someone calls the Voice number. I have it set to ring my mobile and home phones and also, if not answered on either, have the call recorded (and transcribed) on the Voice website. I tweaked this yesterday to only record the call and tested it; it worked.

So, at home before you leave, direct your mobile to automatically forward your texts and calls to your Voice number. Also change your Voice greeting so people know that nothing funny is happening with the redirect, set texts go to email, set numbers to call to go only to web. Change the security on Voice's Google account to NOT use 2 factor or else you won't be able to login to Voice (there may be some other secure way but this is new to Google so I'm a bit in the dark).

Overseas buy a SIM to get local calls and cheap data and use it to replace your US SIM.


So this is how making a bank transfer should work. Using cellular data use your bank app. That triggers a text to your mobile that gets forwarded to Voice and gets sent to your email. Get the code from there and finish your bank transaction.

Up to you but at some point in the day you could login into Voice and listen to or read the calls your regular mobile number was getting during the day. Get into airplane mode, turn on wifi, connect to the albergue and use Voice to call home (I haven't gotten to reading how this is done yet, probably through the Voice app on your phone).

I give no guarantees that all this will work but it looks like it might. It won't for me because my provider is Google Fi and it doesn't reall forward calls and texts. When it says forward it really means simultaneous ring.

I hope this helps someone.

 

[Stephan the Painter]

I give no guarantees that all this will work but it looks like it might. It won't for me because my provider is Google Fi and it doesn't reall forward calls and texts. When it says forward it really means simultaneous ring.

I hope this helps someone.

I was able to put my Google Voice number at my bank, and they did in fact send me a text. This wasn’t a two factor verification text, but it was an acknowledgment that I had changed the phone number.

The text came to the Google Voice app that I had installed on my phone, and the email address that I told it to send a text too. Sounds promising.

I think I can make a test by using someone else’s computer and trying to sign into my account, which hopefully would trigger the two factor authentication.

I called my bank up and they said they think that should work, but they wouldn’t guarantee it. I’ll have to risk finding out overseas, or try to find a bank that does email authentication also.

My bank said the third-party authenticator app would not work. And they said I couldn’t change my phone number to whatever SIM I buy in Spain, because they require a United States number.

People in other countries can set up something like Google voice with “Google workspace.”

 

[Rick of Rick and Peg]

I called my bank up and they said they think that should work, but they wouldn’t guarantee it.

Should work since they are texting to a US number. I have set my Voice account to send a copy of a text to email. I sent a text to my Voice number from my mobile. The copy showed up quicky in the email. On my mobile I opened the Voice app to check for messages and it was there also. And this probably won't help you on your trip but I also got the text on the mobile that Voice calls get directed to (using the Messages app instead of the Voice app).

Testing closer to what you would have in Spain, which is a connection to a cellular data data network through your phone and Spanish SIM, I did this: On an old cellphone without a SIM or eSIM but a wifi connection I opened the Voice app that I have installed there also. Using the app I was able to see the text there. I think then you will be okay.

Another test I did with the old phone was to use the Voice app to dial my landline phone over wifi. That worked too. In Spain though make sure your Spanish cellular data is off or else you may be dialling home expensively with it instead of Voice using the cheap Google wifi rates. As I've mentioned before, get into airplane mode and then turn on wifi.

We're learning as we go.

Good luck (said in defiance of Murphy's Law).

 

[t2andreo]

I do not know how or if T-Mobile operates in Canada but the new iPhone 13 with a T-Mobile service contract that I recently upgraded to has a data plan at no additional cost for service in Europe (voice is another story at $0.25 per minute.) I purchased my phone so it is unlocked and it has an eSim so the simcard slot is currently empty.
The two step authorization is a painfully necessary security process. I have had recent occasions where it stopped two bogus transactions.
BNP/Paribas in France has been using the two steps longer than the banks in north America. They message my US phone number with the authorization codes and it caught a bogus charge to my account for over 4000 euros last year.

Don:

I have been using T-Mobile with the 55-Plus Simple Plan since I got my first iPhone in 2015. T-Mobile have always provided unlimited data and text service in about 140 countries. This includes all of Europe.

In my experience, it also included Singapore, Malaysia and Thailand. It's great when I turn my iPhone on when the plane lands at Paris or Madrid. I immediately get a local cellular signal and several bars of LTE data coverage. In fact, on average, cellular coverage is better across Spain than in the US.

All voice calls are, as you said 25 cents USD per minute. Since t-Mobile supports VOIP (Voice over intent protocol) to make make phone calls over internet (Wi-Fi), I put my phone into airplane mode, then turn W-Fi on when it is available for free.

For example, I can call the US for free using this lash-up when I am in Santiago if I am in a place with free Wi-Fi. Doing this, I do not get charged for the voice calls. So when my wife texts telling me to call her, I get to a free Wi-Fi signal and call her back. She understands.

However, a local call for confirming a reservation or calling for help would be only 25 cents per minute - cheap if you needed it.

T-Mobile does not start to ask questions until you are using your phone overseas for more than about 30 days. They will send you a message telling you the idea behind their largesse is for vacation or business trip use, not an extended residence. If one were staying in Europe for several months it would be a problem but 5-6 weeks is fine.

Hope this helps,

Tom

 

[Stephan the Painter]

Don:

I have been using T-Mobile with the 55-Plus Simple Plan since I got my first iPhone in 2015. T-Mobile have always provided unlimited data and text service in about 140 countries. This includes all of Europe.



Tom

Of course, if someone tries to call you from a Spanish number, it’s an international call for them. But that’s probably not really necessary, if you use something like WhatsApp as well.

 

[JoroAtanasof]

OK, so in a thread about cell-phones today, one pilgrim drew our attention to the arrival of 2-factor ID protocols. These have recently arrived at my workplace, and with my banking set-up (probably yours as well). The short story is that "2-factor" verification means that the system you are communicating with asks for verification that it's really you from a machine they've already approved by sending you a 6-digit number by text (usually, and for our purposes here, always) that you then type in to your entry credentials. This would be the "login" stage of your banking, for example.

Problem is that if you put in an EU SIM, you won't receive the text message because it will have gone to your home phone number.

The easiest solution *prior to departure* is to allow a family member or a friend to receive texts from your bank. (I use TD, and one sets this up in the "PROFILE" settings). Your approved person will receive the 6-digit code, text it to you on your new EU number and you'll be able to get into your banking.

From there, you can add your EU telephone number as an additional approved number to receive the 2-factor requests later on in your trip.

I am going to handle things this way rather than buying an EU SIM before leaving home -- simply because I know I can get a cheaper deal on the ground in Spain when I land.

It's a little aggravating (as is 2-factor IMHO in general), but it's the way a lot of tech operates now when it comes to log-ins... and nobody wants to be stuck unable to get their banking done! Most of us still have bills to pay while we are away...

Well if by any chance you have Iphone 11 or newer you can activate Esim (if your provider offers this option ) . Then you can buy physical Spanish sim card and use it while in Spain . I don't see a reason why you can't recieve your text if you have roaming on your main card . Here is a list of smartphones that provide Esim option : https://www.airalo.com/blog/esim-phones

 

[Former member 91017]

Well if by any chance you have Iphone 11 or newer you can activate Esim (if your provider offers this option ) . Then you can buy physical Spanish sim card and use it while in Spain . I don't see a reason why you can't recieve your text if you have roaming on your main card . Here is a list of smartphones that provide Esim option : https://www.airalo.com/blog/esim-phones

Yes, I can probably get an eSIM, and run my local # to receive the code by text — but it will cost me $10-15 CAD *each time* that I have to do my banking (3 times over the course of the trip), depending on what kind of “deal” I can wrangle out of my ISP. I am, therefore, hopeful that the virtual PSK will work and I can avoid the sky-high roaming charges.
I think that Canadians and Australians are uniquely poorly served/over-charged for any/all cell services provided by our domestic carriers.
As I said upthread, TD bank (relevant only to Canadian account holders) does have a virtual PSK and I advise any Canadian traveller to find out of their bank offers the same thing because we do not have the physical PSK’s that so many (all?) in Europe and the UK seem to have.

 

[RosemaryMcG]

Thought this info might be useful so I have copy and pasted it. I would expect all major banks have the same thing.

When you're not able to receive texts or calls to your mobile device, use the TD Authenticate app to securely log in.


TD Authenticate app is a Two-Step Verification method for your EasyWeb or WebBroker accounts, it works without the need for texts or phone calls. Simply download the app and follow the onboarding process to connect your account to the TD Authenticator app.


You can use the TD Authenticate app to generate a security code even when you're not connected to Wi-Fi or a mobile network. So, wherever you are, simply launch the TD Authenticate app on a registered device and tap to generate a security code.


This confirms it's really you accessing your EasyWeb or WebBroker accounts.


The TD Authenticate app is for use with EasyWeb and WebBroker. For other TD apps or digital platforms, please use the Two-Step Verification services they provide.


By tapping "Get", you consent to the installation of the TD Authenticate app* and any future updates that can perform the functions described. The TD Authenticate app is for use by customers with TD Canada Trust banking accounts and an active EasyWeb account, and/or WebBroker account. You may withdraw your consent at any time by deleting your registration.

 

[Ian Campbell]

Here's another workaround: Paypal
I just bought a Renfe ticket with Paypal, after struggling and failing with my overseas credit card.

 

[trecile]

Here's another workaround: Paypal
I just bought a Renfe ticket with Paypal, after struggling and failing with my overseas credit card.

PayPal has come to my rescue more than once.

 

[Ian Campbell]

More on the workaround front:
Google backup codes: you can just print them out and keep them in your wallet. I don't know which other services provide this. I couldn't find them on the Microsoft site. You could create a Gmail account and forward your other account for the duration of your trip, if this was applicable to you.
Once you have the codes you can use them from any device to reply to the Google security challenge.

Google Authenticator. This is an app for your phone, from the app store. Versions were mentioned above in this thread. It generates a 2FA code so you don't have to receive one via SMS. You can set this as your primary 2FA method for Google both at home and while travelling. You can use this app on other sites too, if the site allows. There is a setup/handshake process.

For both the above workarounds the first step is to know how to log in to your "my google account" at accounts.google.com. If you do this before your trip you won't need SMS (text) for these accounts.

 

[Former member 99290]

PayPal has come to my rescue more than once.

We use PayPal for as many online transactions as possible (including regular bill payments). Among other benefits it avoids the credit card authentication code issue and if anything does happen to your credit card then you only have to change the number once for all those payments done via PayPal.

 

[Ian Campbell]

We use PayPal for as many online transactions as possible (including regular bill payments). Among other benefits it avoids the credit card authentication code issue and if anything does happen to your credit card then you only have to change the number once for all those payments done via PayPal.

Makes sense. Also the exchange fee was cheaper with PayPal than Visa. $2.50 cheaper on a $180 transaction.

 

[HappyValerie]

URGENT ADVICE please re Travel Money Card.

I'm leaving Australia in 2 weeks time to walk Camino Frances. I'm visiting some peregrinos (I met in 2017) in Germany first. I plan to use a Travel Dedit card in Euros for atm cash withdrawals for albergues & little food buys, & swipe/tap transactions where I can.
Which cards have pilgrims found helpful?
Pros/Cons? Suggestions welcome.
I am trying not to stress about the dual authentication issues that may apply when I need to use my home credit card.
I will have 3 separate local SIMS to use consecutively in my phone.
Gracias!

 

[Kathor1]

I plan to use a Travel Dedit card in Euros for atm cash withdrawals for albergues & little food buys, & swipe/tap transactions where I can.
I am trying not to stress about the dual authentication issues that may apply when I need to use my home credit card.

Hi @HappyValerie. Just a quick word of reassurance. There are no dual authentication issues for ATM cash withdrawals and swipe/tap transactions.

There is only potential for an issue when you do pure online transactions. Mainly access to your bank account for consultation and operations; and buying or paying for something online when you are not at the seller's premises and don't use their payment terminal.

Buen Camino!

 

[HappyValerie]

Hi @HappyValerie. Just a quick word of reassurance. There are no dual authentication issues for ATM cash withdrawals and swipe/tap transactions.

There is only potential for an issue when you do pure online transactions. Mainly access to your bank account for consultation and operations; and buying or paying for something online when you are not at the seller's premises and don't use their payment terminal.

Buen Camino!

Taa muchly, Kathar1na.
I can't wait to breathe in that rejuvenating Camino air.

 

[Rita Flower]

I was think about this issue just yesterday when I needed a 2-facot ID from my bank to pay for my Roncesvalles reservation. If I had done this on the road, I would not have gotten the text on an EU phone SIM.

Someone mentioned requesting the 2-factor ID by email, this is a bit more cumbersome, but a workable way around the problem. Someone else mentioned having an encrypted password manager to access you important accounts while on the road and changing the contact text number. I thought of this, but I need to check into if/how USA banks and other accounts handles EU phone/text numbers. I'm sure there's a way, I just need to look into it.

After some thought, I decided to bring a second phone and put the EU SIM card in the second phone and keep my regular phone with me as a back up. A little extra weight, but not much. Fortunately, I have a second phone that has the exact same features as my current phone but with less memory. Long story as to how I got it and not worth going into. So, my plan is to use my regular phone for the first few days (paying Verizon's EU roaming charges ~$10/day) until I can get an EU SIM card and sort out the contact information for my most used accounts.

Granted, not everyone has a nice back up phone, but it's something to consider for those who have one.

Until recently I was able to travel with two phones. Easy peasy. Now learning about eSims etc. - life is about learning - will see how I go.

 

[camino.ninja]

Until recently I was able to travel with two phones. Easy peasy. Now learning about eSims etc. - life is about learning - will see how I go.

Prepaied eSIM can be difficult to find. But if you convert your home SIM to an eSIM before you go, you will have free space for a regular SIM on a prepaid deal when you travel.

 

[DoughnutANZ]

Until recently I was able to travel with two phones. Easy peasy. Now learning about eSims etc. - life is about learning - will see how I go.

Big, long established banks do seem to be slow on adopting new technology. Two factor via SMS is old technology and rather weak security.

Getting two factor codes via an app on your phone is both more convenient and more secure.

Ask your bank when they are likely to upgrade.

The new standard agreed between Visa, MasterCard and others may well outlaw two factor via SMS,