How to make my credit card "less" secure for travel?

Question

I've been recently booking some travel abroad and had a really difficult time making payments. Pretty much every charge that originated from a different country got rejected the first time around. Sometimes you need 2 factor authorization (2FA), sometimes you get a fraud alert and they threaten to lock the card and sometimes it just gets declined silently with no notification or a means to un-decline it.

One booking failed completely: even working directly with the merchant, we could not find a way between their processor and our banks to process a payment without triggering a fraud detector somewhere along the way.

While I'm at home I can still deal with it, but 2FA or fraud alerts are very difficult to deal with when you are on the road with limited or no connectivity. Currently I carry at least three different cards and occasionally I have to go through the full stack to find a card that actually goes through.

You used to be able to set "travel alerts" but almost all banks have done away with that and now have "smart algorithms" that detect potential fraud. Apparently these algorithms are dumb as a sack of potatoes and have become overzealous to the point that the cards have become very unreliable for travel. Ironically the two most zealous cards are specifically designed as travel cards.

From the bank I only got a dismissive answer "VISA is handling this, we can't do anything here".

Does anyone has tips or tricks how to handle or deal with this ?

Which country are you from? Which company/bank issued the card? — ugoren, Feb 03 '24 at 15:22
I'm a US resident. Cards issued from typical household names: Bank of America, Chase, Citi, Capital One. Transactions rejected from Germany, India, South Africa. — Hilmar, Feb 03 '24 at 16:56
I call my card hotlines before leaving and tell them which countries I’m going to. Never had a problem. — Jon Custer, Feb 03 '24 at 19:15
Comments have been moved to chat; please do not continue the discussion here. Before posting a comment below this one, please review the purposes of comments. Comments that do not request clarification or suggest improvements usually belong as an answer, on [meta], or in [chat]. Comments continuing discussion may be removed. — Willeke, Feb 07 '24 at 05:29

Doc · Answer 1 · 2024-02-04T21:27:06.047

34

There is no single/simple answer to this question, as every bank (and card vendor) uses different measures for anti-fraud. However I can provide some general hints and tips...

The first thing you can do to help reduce the chances of issues like this is to use the same card to book your flights to the foreign country as you use for other charges in that country. When you book flights, the card issuer is provided with details of the flights you've booked, including destination and dates of the flights. Most card providers will use these details as inputs to their anti-fraud systems - so when they see a charge for a hotel and a restaurant from the same city (or at least, country) that they know you have booked air travel to it's seen as lower risk than if they didn't have the record of the flights.

Next, especially if you can't use the same card for your flights, notify your credit card company that you are travelling. As you've stated, many companies have made this more difficult than it used to be, but most will still have a way to do so if you can get in contact with the right people. Check the website and app for the card and see if you can find anything there - for example, one of my credit cards has this available as an option in their app only, whilst another has it on both their website and app, but in both cases you need to go digging through the menus to find it.

If you can't find it in their mobile app or website, try calling and asking to speak to the fraud department if the normal operators claim it's not available as an option.

When you arrive in a new country/region, open your banks mobile app and login. Ideally do this whilst connected to Wifi rather than a roaming mobile connection, and if your banks app requests it, allow location access. At least one bank uses your location from their app as an indication that you are in a country/region.

Where possible, use either the Chip on the card or Contactless payments (PayWave, etc) rather than swiping the magnetic stripe or simply using the card number. In practice you often won't have the option of which mechanism to use, but the security involved is higher when using the Chip or Contactless so there is a lower chance of the transaction being marked as fraud. The act of having a Chip or Contactless payment in the country will also give your bank a clear indication that you are in that country - reducing the chances of future transactions being declined.

Change banks - especially to a larger bank! You commented that one of your banks had stated that "VISA is handling this", and this can actually be true. Many smaller banks/credit unions simply outsource their card management/fraud detection to Visa, in which case they have less control over such events. Larger banks generally have far more control as whilst they still may rely on the card companies systems to some extent, much of the fraud detection/response is handled by the bank itself.

There's no guarantee that following any or all of these will work every time, but at best they will reduce the chances of having a problem. Having a working mobile service for the number your credit card company has to contact you when you travel (relatively easy now days with wifi calling/eSIMs/etc) will also make handing the issues easier if/when they do occur - not just for the current transaction but also for any future transactions in the same country.

Personally I travel extensively, all around the world, and the only time I've ever had an issue with a transaction being (incorrectly) detected as fraud was at a gas station in the US (in a different state to where I live). However every single flight I book is done using the same credit card that I then use in-country (ie, the first point above!) - so my bank knows exactly which country (or at least, region) I'm in at all times.

edited Feb 04 '24 at 21:27

answered Feb 04 '24 at 18:34

Doc

122,084
10
299
430

15

Thanks that's helpful, but my experience appears to be different. My main cards are Bank of America and Chase, the two largest banks in the world. Both have (to the best of my knowledge) completely eliminate all means of "travel notices". The answer "Visa is handling this" came from Bank of America. – Hilmar Feb 04 '24 at 21:09
16

Are you sure my bank or card issuer gets notified about my flight details when I book a flight? Is that true worldwide, or is it only US-specific? I suppose in Europe it'd be a data privacy problem. When I'm paying for groceries in a supermarket, I assume no one gets notified about my shopping cart's contents, only about the total price. – Johnnyjanko Feb 05 '24 at 12:58
3

You'd like to think that nobody gets notified @Johnnyjanko, but many credit cards now offer break downs of your purchases to help you identify what you're spending money on. If I go to WalMart and get a loaf of bread and a gallon of paint, that transaction is divided into two categories... – FreeMan Feb 05 '24 at 14:18
17

@FreeMan That for sure doesn't happen in Europe. – Johnnyjanko Feb 05 '24 at 14:35
1

@Hilmar " My main cards are Bank of America and Chase, the two largest banks in the world. " there you go: their size is inversely proportional to how much they care about giving their customers a decent service. – EarlGrey Feb 06 '24 at 07:23
@Johnnyjanko It probably happens but they're not telling you about it. You can try asking for all the info based on the "Freedom of Information Act" on your bank account and see if it really is as anonymous as it shows on the UX, or they're just too lazy to bother giving it to you. – Nelson Feb 06 '24 at 07:27
1

@Johnnyjanko it does happen in Europe — look for information on data levels or data rates used in credit card transactions. My bank’s web site has a section on travel, where I can tell them about forthcoming travel to other countries; it gets filled in automatically when I book travel (flights, trains etc.) using their payment card. – Stephen Kitt Feb 06 '24 at 11:53
@StephenKitt Interesting. What country and bank is it? – Johnnyjanko Feb 06 '24 at 12:08
@Johnnyjanko one of the larger banks in France (I’d rather not say which since I use my real name on SE). I get similar behaviour with a third-party credit card provider (minus the web site — but details of my itineraries show up on my statements), with my company credit card, and when I lived in the UK, with my credit card provider there (Morgan Stanley, who even provided yearly breakdowns of my expenditures with a finer granularity than individual transactions). – Stephen Kitt Feb 06 '24 at 12:47
1

Alll of this sounds good except "especially to a larger bank". A larger bank makes this worse. I have a small bank and whenever there's a problem with card not being accepted, I call and speak to someone at the branch I normally visit, and it's working 5 minutes later. That would never happen with a large bank. – R.. GitHub STOP HELPING ICE Feb 06 '24 at 15:57
2

I do wonder about that "open your mobile banking app, ideally through Wifi" in a foreign country. I make it a point to only use mobile banking on networks I trust. Thoughts? – Stephan Kolassa Feb 06 '24 at 17:47
1

I asked a question about the "open your mobile banking app" recommendation at Infosec.SE: Opening a mobile banking app in an unknown Wifi in line with my comment. – Stephan Kolassa Feb 07 '24 at 10:34
@doc your first tip ("same card...") is very clever, I never thought of that. FTW. – Fattie Feb 07 '24 at 14:49
Conversely, your "notify Visa" tip is now legacy'd, that doesn't exist any more. – Fattie Feb 07 '24 at 14:51
1

@Fattie Absolutely still exists for my Visa card, via with their website and app (and likely also by calling them). – Doc Feb 07 '24 at 15:01
@Doc fair enough (I had no idea); TBC that is your bank website and/or voice call? TY for the info – Fattie Feb 07 '24 at 15:20

score 11 · Answer 2 · answered Feb 05 '24 at 18:21

11

I've been traveling non-stop for the past couple of years. Although we carry a stack of cards just in case, our strategy has simplified to using only one Mastercard and one Visa from a travel-oriented bank. I hesitate to mention the bank's name to avoid sounding like an advertisement, but there are several small digital-only banks promoting better currency exchange rates as a key feature. These banks, being digital-only with a customer base that often travels, offer better tooling for travelers compared to many big banks (as these smaller banks prioritize cost-cutting and thus minimize human interactions, making far more problems solveable whilst you're abroad and dealing with whatever problem you encounter¹). Our main (non-travel) bank, for instance, will have a real physical person contact us whenever they suspect our card might be stolen.

The two main banks of this type widely used by travelers in Europe are Revolut and Wise. (If you have a friend using Revolut, do use their referral code for signup bonuses. They get pretty large sometimes.) While I would recommend using these banks for travel, it's crucial not to store substantial wealth with them due to a small, albeit higher than with most traditional banks, risk of bankruptcy. (We only keep money for the next 1 or 2 months with them).

Despite the advantages, there will be instances during travel when you will feel like crying out in frustration "just take our money!". Less common than it used to be from what I heard from older travelers, but still pretty common. The issue typically arises when businesses, especially in large non-western countries, only accept local cards.

¹ Most importantly, and from personal experience, when your phone including sim card gets stolen, many traditional banks are completely and utterly useless and will just tell you to visit physically. As these digital-only banks don't have physical branches that's just not a problem with them . (You still need to go through the 'loss of phone number' process, but at least that process can be done remotely).

answered Feb 05 '24 at 18:21

David Mulder

1,459
8
23

4

"As these digital-only banks don't have physical branches that's just not a problem with them " haha, oh, you're so wrong. Digital only bank had a bug that made me enter the wrong password three times (it was the correct password, ...). Their solution: we've sent you a letter with a new login code. No solution for the fact that I was traveling. – DonQuiKong Feb 05 '24 at 22:14
As long as the letter doesn't require you identifying with your ID (something which I don't think is a (common) thing in most countries), that still means that you can just ask a friend or family member to open the letter for you (assuming you have friends or family members with your keys... which probably is a good idea (or in our case we stopped renting a place and we moved on paper to family)). But yeah, bank (and telecom) security processes are very random. – David Mulder Feb 05 '24 at 22:52
bankrupt is not a risk, if they are banks and they are in Europe your accounts are covered up to 100k ... or do you mean that Revolut and Wise are not banks? But you are right, smaller banks will do better, the big banks are just good at draining resources, not at providing services ... – EarlGrey Feb 06 '24 at 07:25
1

@EarlGrey Revolut at least is registered as a bank in Lithuania and covered by their deposit guarantee, but it would still be a major inconvenience. – Jacob Raihle Feb 06 '24 at 08:43
2

Bankruptcy guarantees depend on which Revolut or Wise entity you are with. Revolut is a registered bank with the usual 100.000 guaranatee in the EU but the UK Revolut entity is not (they are trying to get the license though so maybe in the future). Wise is also not a bank in the UK. – Kvothe Feb 06 '24 at 13:30
@EarlGrey You're right that that's how it's supposed to work, but given all the stuff Revolut pulls ('saving accounts' that are actually 'investment accounts', their old vaults which were provided by revolut payment services even if your main account was enrolled in revolut bank, moving people around legal entities, etc.) I just feel like these banks deserve minimal trust. Sure, the deposit guarantee should cover it, and it should be fast, but 'should' and 'will' can be very different (fairly sure someone on money.SE wrote about waiting for years to get money back under such a scheme). – David Mulder Feb 07 '24 at 09:26
@DavidMulder I know, it is a complex topic ... I am only confused by your sentence "The two main banks of this type" because they are the two main banks on their own type, exactly because the reasons you mentioned they are very different from other digital only banks. About this: "fairly sure someone on money.SE wrote about waiting for years to get money back under such a scheme" ... waiting for years was a safe investment, if it happened in a deflationary period ;) ! – EarlGrey Feb 07 '24 at 11:10
Wise (perviously "transferwise") is not a bank. And yes, their debit-like card is not bad. – Fattie Feb 07 '24 at 14:52
1

In Amsterdam (Netherlands), the local supermarkets (Albert Hein) only took Maestro cards when I arrived back in 2016. For all I know, it's still the case. So... not only non-Western countries may have such surprises; better have cash on hand. – Matthieu M. Feb 07 '24 at 18:09
@MatthieuM. "especially" and "exclusively" are two different things . It's especially large countries (e.g. India and China), because for them it's worth it to evade the crazy mastercard and visa fees, and they have a large enough domestic audience that the number of foreigners is relatively speaking small. In contrast a couple of european nations simply developed their own (cheaper) systems before Mastercard and VISA got dominant. By this point most of those have either been abandoned or otherwise assimilated, but 'most' is indeed not 'all' and 'entirely'. – David Mulder Feb 08 '24 at 09:25

score 5 · Answer 3 · answered Feb 04 '24 at 19:08

Does anyone has tips or tricks how to handle or deal with this ?

My primary card is from BoFA, similar to your situation. While their card is a bit finicky about international transactions, there is always an option to instantly unblock it via their app. This used to be a hassle a decade ago but nowadays I just get an eSIM for my destination (or use T-Mobile's roaming) and I'm guaranteed to have internet in all but the most remote villages. Often I will have both T-Mobile and a temporary eSIM in my phone, giving me access to more than one phone network.

This is highly annoying but unfortunately there's nothing else we can do.

score 5 · Answer 4 · answered Feb 06 '24 at 03:52

One thing nobody has said yet: Don't forget these measures are for the bank's protection not yours. The bank (or credit card company) are (mostly) liable for fraudulent transactions. And one of the biggest fraud categories is 'first party fraud', which is where the customer makes a purchase and then calls the credit card company to report it fraudulent.

This means the level of checking depends to a great extent on how much they trust you. Which means the best way to reduce the checks is to keep the same credit card for a long time and use it regularly.

unknownprotocol · Answer 5 · 2024-04-03T22:08:24.840

While I'm at home I can still deal with it, but 2FA or fraud alerts are very difficult to deal with when you are on the road with limited or no connectivity.

In my travels, I've deal with the SMS 2FA issue by using a Google Voice/VOIP number and a VPN to my home LAN. The contact number the bank has for me is my Google Voice, so one can get a 2FA text/sms security code/PIN to a Google Voice number as long as one has a data connection. Getting fraud alert calls from the bank also works, as long as the data connection is fast enough.

FWIW I use a couple "travel" credit card when outside the US:

a BoA "travel rewards" card (which does let me set travel alerts last time I checked)
A CapitalOne quicksilver card (which has no requirement to set travel alerts, but they always email you for each transaction).
I also have a Schwab Investor Checking - while not a credit card, I can set a travel alert, and use this card whenever I need to withdraw cash from ATMs abroad, it's a great card for that.

PS: There are other forms of 2FA/MFA that don't involve a SMS/text message to a cell phone number. SMS 2FA is vulnerable to SIM swapping too, so it's considered a less secure 2FA method. Hardware authentication devices like Yubikeys, or authenticator apps are also ways to travel and still have the security of 2FA. Sadly, banks are usually always behind in security tech. If your bank supports it tho, definitely make use of other forms of 2FA that are not SMS!

score 2 · Answer 6 · answered Feb 07 '24 at 19:10

My solution was simple: switch to a bank/card that isn’t a pain to use.

If your bank/card makes you jump through hoops to use your money, change it.

The second tip is to simply have multiple cards, so you’re never left in the cold. This is also a must because you might lose your main card while traveling.

I have a main bank with my savings and then I wire my money to two different other cards for free.

I don’t want to give specific card recommendations because they depend on where you live, but my European digital-bank card is never ever rejected, while my established-bank card had awful rates and constantly blocked. Even after calling and unblocking it, immediate uses on some website were blocked.

score 1 · Answer 7 · answered Feb 05 '24 at 08:06

Different banks use different ways of detecting and avoiding fraud. I have not used a bank that has a feature to enable/disable abroad payments on their mobile app, so I had to physically go to the bank to enable/disable this feature. Some banks further gave me options to enable this in certain countries only or all countries. Once I had done this, my transactions abroad were never declined. Just make sure to go back to your bank after your trip to disable the feature again so you will be better protected.

score 1 · Answer 8 · answered Feb 07 '24 at 02:32

There are a couple different ways to handle this, although what will work depends on your card issuer and how they handle this. They control the entire process of whether it gets accepted, even if that means they try to outsource it to Visa or someone else, so the buck ultimately stops with them.

First, while they're relatively uncommon in the U.S., I strongly recommend a card which supports chip and PIN. They can be used as a chip and signature card in the U.S., where many restaurants and other establishments don't take PIN, but used with a PIN in other countries where PIN is more common. When you do that, insert the card and use the PIN instead of paying contactless, since the issuer and the card network see that you've authenticated with the PIN, which makes fraud a bunch less likely. (You also stand out a lot less since you don't have to sign for everything.)

Second, some issuers don't accept travel notifications, as you've noticed. Some of those issuers are good about detecting when you're traveling (in my experience, American Express is excellent about this), and some are not. You can always call anyway, speak to a human (just convince the automated system it's for another reason), and tell them you're traveling, even if they don't require it. Sometimes they can actually do it behind the scenes anyway, or tell you about hidden options on the website or in the app to enable a travel mode, or at least give you tips to reduce this being a problem.

Third, one of my cards is with a U.S. credit union (First Tech, which also issues chip and PIN cards). Credit unions tend to have much better customer service. That's a thing they compete on, since they're smaller and know you can just leave at any time, so they are less likely to push you off onto Mastercard or Visa. They will almost always require a travel notification because they're smaller, non-profit, and can't tolerate as much fraud, but they'll actually care about making it work for you, and you'll be able to speak to someone in advance and ask how to make it less likely for your card to be declined. You can also call the credit union or walk into the branch before you even sign up and talk to someone and ask about this specific problem, and they will almost certainly tell you whether they have many customers who travel internationally and how they'd deal with this.

Fourth, if you do want to use contactless, use it on your phone. Contactless on your phone (Apple Pay or Google Wallet) uses a different card number and requires you to have authenticated with your PIN, pattern, or biometric. This means that your issuer can see that information and, again, it means it's less likely that it will be fraudulent since someone can't just make off with your wallet.

Unfortunately for you, my experience is that Canadian issuers tend to be a little better about this, since Canadians travel internationally more often, whereas folks in the U.S. do that much less frequently. I expect that this is also true for Europe, where international travel is very common.

score 0 · Answer 9 · answered Feb 04 '24 at 07:57

0

I once made a trip to the US, Canada and Mexico, and didn't have problems in US and Canada, but in Mexico my cards declined.

I had to disable some "abroad payments disabled" setting in my card issuer's app, then it worked.

If your card company doesn't have something like that, it is possible that a call to service hotlines (probably best in advance) will help.

answered Feb 04 '24 at 07:57

JakeDot

1,822
6
24

7

calling the service hotline is a great idea, unless, of course, that's an international call you're trying to make on a low-cost "I'm only here for a week, how many phone minutes could I possibly need on this primarily data-only temporary SIM". Been there, done that, burned through all the minutes available while on hold trying to solve this exact situation. :( – FreeMan Feb 05 '24 at 14:19

How to make my credit card "less" secure for travel?

9 Answers9