How to Handle Two-Factor Authentication When Travelling

Imagine this: you’re lounging in an exotic location overseas, sipping on your preferred chilled beverage of choice, and you decide to get caught up on a little personal banking. 

When you go to login to your account so you can pay off one of your many Miles & Points-generating premium credit cards, your heart sinks when you receive an automated message that says something like “Login not recognized – we’re sending a code to your phone”.

In situations such as this, you’ve just run across two-factor authentication (2FA), which can be a difficult hurdle to overcome. Let’s go through the methods best suited to deal with two-factor authentication when travelling.

What Is Two-Factor Authentication?

Two-factor authentication is a security feature which has taken digital technology platforms by storm in recent years.

Essentially, it’s a system which is designed to ensure that the only person who can access your personal information is, in fact, you. It accomplishes this by placing an extra barrier to accessing this information by way of a second factor to authenticate your identity.

The first factor is typically something that you input, which could be a password, fingerprint, or even facial recognition. With data breaches occurring regularly, using a single factor to access accounts is becoming less and less possible, especially with sensitive data.

The second factor almost always comes in the form of a code which you need to enter into the platform you’re trying to access before being able to complete your login or conduct transactions.

The code is usually delivered to a secondary device or service provider that only you have access to, typically via one of five methods: a phone call, a text message, an email, a push notification through your financial institution’s mobile app, or an authenticator app.

This system of authentication will usually trigger when you try to access your account from an unrecognized location, such as a new device, IP address, or web browser. When travelling, we find ourselves in new places quite often, so encountering 2FA isn’t at all unusual.

Basically, 2FA introduces a trade-off of a minor inconvenience for increased security. How minor that inconvenience is depends on your tech-savviness, your willingness to jump through hoops that aren’t always the most user-friendly, or as is often the case for us intrepid globetrotters, how reliably you can receive an access code on your second device or service provider.

How to Use Two-Factor Authentication Abroad

2FA is a reality across many modern digital technology platforms, and Canadian banking institutions are no exception. Let’s talk about a few ways that you can deal with it in the most effective way possible, both at home and abroad.

Push Notifications

The first method is to use your trusted smartphone device. Many financial institutions conduct 2FA by sending a push notification to the bank’s mobile app, and these apps register the identity of your individual device.

This means that even if you login to one of your bank accounts from a foreign IP address, or while using a SIM card not attached to your main phone number, you’ll be fine as long as you’re using your trusted device. This is also why it’s important not to reset your phone or clear saved data whenever possible before leaving home, especially with the login for your bank’s mobile app.

Canadian Phone Number

The second method to overcoming 2FA while travelling is to always have your Canadian SIM card on hand so you can be ready to receive calls or SMS texts to your Canadian phone number.

When travelling, you’re likely to want to avoid Canada’s ridiculously high roaming fees in favour of far more economic local phone providers or e-SIMs. However, these numbers will not be attached to any of your banking information, and cannot be used for 2FA purposes.

After all, I’m sure we’d all feel a bit less safe if verification codes could be sent to random numbers tracing from Timbuktu!

Therefore, it’s wise to be able to slot in your Canadian SIM if you encounter an emergency. Pay your daily roaming charge to conduct your transactions, and then take it out and continue saving for the rest of your trip.

This method can be quite costly if you’re not careful, but if you’re in a bind, it’s likely worth the price of admission. Many Canadian phone providers deliver inbound SMS text messages for free around the world, so just watch that you don’t take or make calls, send outbound messages, or tap into your roaming data.

Of course, this is made much easier if you have a phone with dual-SIM capability, allowing you to seamlessly switch between reasonable roaming rates and your convenient Canadian cellular carrier.

Virtual Phone Number

The third method for overcoming 2FA, and one which is imperfect, is to pay for a virtual phone number, such as a premium subscription on the Voice over Internet Protocol (VoIP) service Fongo.

This isn’t a guaranteed way to receive calls or texts for two-factor authentication purposes, but there have been plenty of reports from people using this app to receive both calls and text messages when sent a 2FA message from their bank while abroad.

At $9.99 (CAD) a month, this is an affordable alternative which can work on occasion; however, as Fongo itself notes, not every single carrier will accept their service, and you may not receive all messages from short-code and regular numbers. The price is much likely less than a full roaming package, though, so it could be worthwhile to try it out on your next trip to see if it works for you.

Contact the Bank

Finally, and as a method of last resort, be ready to call your bank from abroad should you absolutely have to. Many financial institutions have voice ID verification, so even if you’re calling from a foreign number or online service such as Google Voice, you’ll still be able to verify your identity and make some transactions.

Even if your bank does not have voice verification, you still may be able to arrange proof of identification that sidesteps 2FA by providing information specific to you and your account.

While this option isn’t convenient, it can be effective should all other avenues of authenticating yourself to access your account fail.

Two-Factor Authentication Methods for Canadian Financial Institutions

The Prince of Travel team has had plenty of experience with the 2FA procedures of most major financial institutions in the country. From our experiences, we’ve compiled the following methods that each bank uses.

If you keep this list in mind while using the strategies we’ve outlined above, you’ll be able to remedy your authentication woes far faster and with less of a headache.

Remember, your experience with 2FA might vary, but this list should give you a good idea of what to look out for.

• American Express Canada: Amex does not require 2FA and provides the fastest and best phone service in Canada for accounts that come under review for any reason.
• BMO: BMO does not require 2FA at present, but may automatically flag accounts. In this case, immediately call the BMO security centre at 1-877-225-5266.
• Canadian Tire Financial Services: Canadian Tire will send an email to your registered email address whenever they have doubts regarding your identity. Their call centre is also excellent, and rivals American Express when it comes to customer service. 
• CIBC: CIBC provides 2FA via SMS, phone call, or push notifications in the CIBC app. It can also send 2FA codes via email, but not to free personal email providers such as Gmail.
• EQ: EQ Bank provides both SMS and email messages.
• HSBC: The primary method of 2FA for HSBC is via the mobile app; however, its functionality can leave something to be desired. Don’t be surprised if you’re required to contact their call centre, which can be frustrating when in another country as you may be required to verify via SMS text message while on the phone.
• Manulife: Manulife offers both email and SMS 2FA methods.
• MBNA: MBNA is 100% phone-based, either via call or SMS.
• National Bank: Email or SMS are the preferred methods of communication for the mainly Quebec-based National Bank.
• PC Financial: For both their credit cards and prepaid Money Account, PC Financial uses SMS or email notifications.
• RBC: All RBC 2FA is conducted via its mobile banking app. However, it’s not strictly necessary, and you can access your account from an unrecognized location through dated security measures like answering a security question.
• Rogers Bank: Strangely, even though Rogers Bank’s parent company is a telecom giant, it only does 2FA via email.
• Scotiabank: Scotiabank only uses app-based 2FA.
• Simplii: As the telephone/online-only subsidiary of CIBC, Simplii is entirely app-based for verification.
• Tangerine: The online-only arm of Scotiabank provides 2FA via email, though occasionally you will be contacted by their fraud department.
• TD: TD requires its 2FA to go through either call, SMS, or their proprietary separate authenticator mobile app.
• Wise: The Wise Prepaid Visa, which is excellent for foreign currency conversions, uses in-app push notifications.

Setting Up Two-Factor Authentication Before You Travel

2FA secures your accounts by sending a verification code to another trusted platform. Before you travel, it’s critical to ensure that you’ll be able to receive these messages successfully.

If you try to set up 2FA from an unknown location, you’ll be prompted for 2FA to set it up. Rather than getting caught in this endless loop, you’ll need to take this first step at home.

Make sure that your online banking profile is up to date before you travel, listing any phone numbers or email addresses where you’d like to receive verification messages.

Also, if the bank uses in-app authentication, be sure to opt into this feature and download any required mobile apps.

It’s interesting to note that many banks seem to corral customers toward their mobile app instead of just using SMS, which has both advantages and disadvantages.

On the one hand, it’s easier to use a mobile app when travelling, and you typically don’t run into any issues accessing your online banking as long as you’re on a trusted device with a Wi-Fi connection. On the other hand, if you lose access to your device, it can be a pain to try and access your online banking with an institution whose primary 2FA method is entirely app- or smartphone-based.

Therefore, I’d highly recommend having a few fallback options, whether activating multiple 2FA methods for the same financial institution, or using multiple financial institutions. If you run into trouble, it will likely be time consuming to regain access to your accounts, but at least you’ll still have access to your finances from around the world.

Conclusion

Two-factor authentication is the ubiquitous best practice in modern digital security, and it’s helpful to remember how to get past this extra step to access your accounts whenever you travel or are away from home.

With Canadian telecom rates – and especially roaming rates – being some of the highest in the world, it’s important to do whatever you can to keep costs low when abroad. Fortunately, many institutions now offer Wi-Fi-friendly alternatives to receive verification codes, but it’s disappointing that so many companies still rely exclusively on SMS-based two-factor authentication.

Regardless, you should be able to manoeuvre your way around most 2FA hurdles that come up, using some strategies to dodge the pain of $15-a-day international roaming fees unless they absolutely cannot be avoided.

Until next time, transact undisturbed.