Imagine this: you’re lounging in an exotic location overseas, sipping on your preferred chilled beverage of choice, and you decide to get caught up on a little personal banking.
When you go to login to your account so you can pay off one of your many Miles & Points-generating premium credit cards, your heart sinks when you receive an automated message that says something like “Login not recognized – we’re sending a code to your phone”.
In situations such as this, you’ve just run across two-factor authentication (2FA), which can be a difficult hurdle to overcome. Let’s go through the methods best suited to deal with two-factor authentication when travelling.
What Is Two-Factor Authentication?
Two-factor authentication is a security feature which has taken digital technology platforms by storm in recent years.
Essentially, it’s a system which is designed to ensure that the only person who can access your personal information is, in fact, you. It accomplishes this by placing an extra barrier to accessing this information by way of a second factor to authenticate your identity.
The first factor is typically something that you input, which could be a password, fingerprint, or even facial recognition. With data breaches occurring regularly, using a single factor to access accounts is becoming less and less possible, especially with sensitive data.
The second factor almost always comes in the form of a code which you need to enter into the platform you’re trying to access before being able to complete your login or conduct transactions.
The code is usually delivered to a secondary device or service provider that only you have access to, typically via one of five methods: a phone call, a text message, an email, a push notification through your financial institution’s mobile app, or an authenticator app.
This system of authentication will usually trigger when you try to access your account from an unrecognized location, such as a new device, IP address, or web browser. When travelling, we find ourselves in new places quite often, so encountering 2FA isn’t at all unusual.
Basically, 2FA introduces a trade-off of a minor inconvenience for increased security. How minor that inconvenience is depends on your tech-savviness, your willingness to jump through hoops that aren’t always the most user-friendly, or as is often the case for us intrepid globetrotters, how reliably you can receive an access code on your second device or service provider.
How to Use Two-Factor Authentication Abroad
2FA is a reality across many modern digital technology platforms, and Canadian banking institutions are no exception. Let’s talk about a few ways that you can deal with it in the most effective way possible, both at home and abroad.
Push Notifications
The first method is to use your trusted smartphone device. Many financial institutions conduct 2FA by sending a push notification to the bank’s mobile app, and these apps register the identity of your individual device.
This means that even if you login to one of your bank accounts from a foreign IP address, or while using a SIM card not attached to your main phone number, you’ll be fine as long as you’re using your trusted device. This is also why it’s important not to reset your phone or clear saved data whenever possible before leaving home, especially with the login for your bank’s mobile app.
Canadian Phone Number
The second method to overcoming 2FA while travelling is to always have your Canadian SIM card on hand so you can be ready to receive calls or SMS texts to your Canadian phone number.
When travelling, you’re likely to want to avoid Canada’s ridiculously high roaming fees in favour of far more economic local phone providers or e-SIMs. However, these numbers will not be attached to any of your banking information, and cannot be used for 2FA purposes.
After all, I’m sure we’d all feel a bit less safe if verification codes could be sent to random numbers tracing from Timbuktu!
Therefore, it’s wise to be able to slot in your Canadian SIM if you encounter an emergency. Pay your daily roaming charge to conduct your transactions, and then take it out and continue saving for the rest of your trip.
This method can be quite costly if you’re not careful, but if you’re in a bind, it’s likely worth the price of admission. Many Canadian phone providers deliver inbound SMS text messages for free around the world, so just watch that you don’t take or make calls, send outbound messages, or tap into your roaming data.
Of course, this is made much easier if you have a phone with dual-SIM capability, allowing you to seamlessly switch between reasonable roaming rates and your convenient Canadian cellular carrier.
Virtual Phone Number
The third method for overcoming 2FA, and one which is imperfect, is to pay for a virtual phone number, such as a premium subscription on the Voice over Internet Protocol (VoIP) service Fongo.
This isn’t a guaranteed way to receive calls or texts for two-factor authentication purposes, but there have been plenty of reports from people using this app to receive both calls and text messages when sent a 2FA message from their bank while abroad.
At $9.99 (CAD) a month, this is an affordable alternative which can work on occasion; however, as Fongo itself notes, not every single carrier will accept their service, and you may not receive all messages from short-code and regular numbers. The price is much likely less than a full roaming package, though, so it could be worthwhile to try it out on your next trip to see if it works for you.
Contact the Bank
Finally, and as a method of last resort, be ready to call your bank from abroad should you absolutely have to. Many financial institutions have voice ID verification, so even if you’re calling from a foreign number or online service such as Google Voice, you’ll still be able to verify your identity and make some transactions.
Even if your bank does not have voice verification, you still may be able to arrange proof of identification that sidesteps 2FA by providing information specific to you and your account.
While this option isn’t convenient, it can be effective should all other avenues of authenticating yourself to access your account fail.
Two-Factor Authentication Methods for Canadian Financial Institutions
The Prince of Travel team has had plenty of experience with the 2FA procedures of most major financial institutions in the country. From our experiences, we’ve compiled the following methods that each bank uses.
If you keep this list in mind while using the strategies we’ve outlined above, you’ll be able to remedy your authentication woes far faster and with less of a headache.
Remember, your experience with 2FA might vary, but this list should give you a good idea of what to look out for.
- American Express Canada: Amex does not require 2FA and provides the fastest and best phone service in Canada for accounts that come under review for any reason.
- BMO: BMO does not require 2FA at present, but may automatically flag accounts. In this case, immediately call the BMO security centre at 1-877-225-5266.
- Canadian Tire Financial Services: Canadian Tire will send an email to your registered email address whenever they have doubts regarding your identity. Their call centre is also excellent, and rivals American Express when it comes to customer service.
- CIBC: CIBC provides 2FA via SMS, phone call, or push notifications in the CIBC app. It can also send 2FA codes via email, but not to free personal email providers such as Gmail.
- EQ: EQ Bank provides both SMS and email messages.
- HSBC: The primary method of 2FA for HSBC is via the mobile app; however, its functionality can leave something to be desired. Don’t be surprised if you’re required to contact their call centre, which can be frustrating when in another country as you may be required to verify via SMS text message while on the phone.
- Manulife: Manulife offers both email and SMS 2FA methods.
- MBNA: MBNA is 100% phone-based, either via call or SMS.
- National Bank: Email or SMS are the preferred methods of communication for the mainly Quebec-based National Bank.
- PC Financial: For both their credit cards and prepaid Money Account, PC Financial uses SMS or email notifications.
- RBC: All RBC 2FA is conducted via its mobile banking app. However, it’s not strictly necessary, and you can access your account from an unrecognized location through dated security measures like answering a security question.
- Rogers Bank: Strangely, even though Rogers Bank’s parent company is a telecom giant, it only does 2FA via email.
- Scotiabank: Scotiabank only uses app-based 2FA.
- Simplii: As the telephone/online-only subsidiary of CIBC, Simplii is entirely app-based for verification.
- Tangerine: The online-only arm of Scotiabank provides 2FA via email, though occasionally you will be contacted by their fraud department.
- TD: TD requires its 2FA to go through either call, SMS, or their proprietary separate authenticator mobile app.
- Wise: The Wise Prepaid Visa, which is excellent for foreign currency conversions, uses in-app push notifications.
Setting Up Two-Factor Authentication Before You Travel
2FA secures your accounts by sending a verification code to another trusted platform. Before you travel, it’s critical to ensure that you’ll be able to receive these messages successfully.
If you try to set up 2FA from an unknown location, you’ll be prompted for 2FA to set it up. Rather than getting caught in this endless loop, you’ll need to take this first step at home.
Make sure that your online banking profile is up to date before you travel, listing any phone numbers or email addresses where you’d like to receive verification messages.
Also, if the bank uses in-app authentication, be sure to opt into this feature and download any required mobile apps.
It’s interesting to note that many banks seem to corral customers toward their mobile app instead of just using SMS, which has both advantages and disadvantages.
On the one hand, it’s easier to use a mobile app when travelling, and you typically don’t run into any issues accessing your online banking as long as you’re on a trusted device with a Wi-Fi connection. On the other hand, if you lose access to your device, it can be a pain to try and access your online banking with an institution whose primary 2FA method is entirely app- or smartphone-based.
Therefore, I’d highly recommend having a few fallback options, whether activating multiple 2FA methods for the same financial institution, or using multiple financial institutions. If you run into trouble, it will likely be time consuming to regain access to your accounts, but at least you’ll still have access to your finances from around the world.
Conclusion
Two-factor authentication is the ubiquitous best practice in modern digital security, and it’s helpful to remember how to get past this extra step to access your accounts whenever you travel or are away from home.
With Canadian telecom rates – and especially roaming rates – being some of the highest in the world, it’s important to do whatever you can to keep costs low when abroad. Fortunately, many institutions now offer Wi-Fi-friendly alternatives to receive verification codes, but it’s disappointing that so many companies still rely exclusively on SMS-based two-factor authentication.
Regardless, you should be able to manoeuvre your way around most 2FA hurdles that come up, using some strategies to dodge the pain of $15-a-day international roaming fees unless they absolutely cannot be avoided.
Until next time, transact undisturbed.
Thank you for this post – super helpful and has saved me a lot of money.
I’m with Lucky Mobile in Canada. Lucky’s SIM card doesn’t work overseas (no roaming).
What then?
I’ve been using Fongo for this since 2017. Only fee I pay is $9.99 every 6 months to be able to send CAD SMS. Making and receiving calls and receiving SMS to/from Canada is free.
SMS short codes are dodgy on all VOIP providers. I use Authy (same as Google Authenticator) for Paypal. Most others I use the option for them to call me on my Fongo VOIP number and speak the code which always works.
What if you put your sim card into an old (backup?) phone connected to a charger here at home, and make a call forward to a cheap number you’ll be using overseas?
This way, you could use a Google Fi or anything else really overseas, and still get your texts/phone calls forwarded at a favourable rate.
Yes, I get it, that means that you don’t have your line once you land back and until you get home – but all other options arw far from perfect too.
I recently had to update all of my accounts and discovered one of the institutions will not accept a VOIP number for 2FA. I can’t remember which one, but it definitely throws a wrench in my strategy.
Also, friendly reminder to try to uninstall/remove any old devices from your accounts, as it can be very frustrating trying to get codes sent to devices that you no longer have.
It’s a pain to get notification by text oversea with Roam at Home plan like those by Rogers. As soon as you received a text, you are instantly hit with the Roam at Home fee for the day and it resets based on Eastern Standard Time.
You forgot Brim. Not on the list and they use Two-Factor Authentication with Email confirmation. Please add them to the list.
Brim is probably the most tech-friendly, easiest to track expenses, pay online foreign purchases, Google pay, and just in general pay while overseas. I have been blocked on my HSBC Mastercard and Scotiabank AMX cards at many retailers where Brim or TD Visa worked out as a last resort. As for withdrawals… using the global ATM alliance I have had better luck with ATMs working and even exchange rates with Canadian Scotiabank debit cards rather than with Tangerine debit cards. Tangerine uses a worse exchange rate than Scotiabank despite both not being charged the ATM fees. Tangerine also has longer hold times on the phone when stuff goes wrong which can become very costly or time-consuming while making an overseas call. Google voice drops after about 30 minutes.. so if you’re on hold for a while it can be a pain.
I have used pretty much every financial institution and found the easiest way around this two-factor authentication problem for banking apps, amazon, steam, points apps… etc is to briefly turn your roaming on but with the data off while still on a secure WiFi connection before entering the app or trying to log in. You’ll receive the code and then you can turn off roaming again immediately.
I am currently Rogers and this works with them… but Rogers has been going downhill lately especially since Rogers Mastercard really has so few overseas benefits for Rogers customers now… and with the ever-increasing roam like home fees and the worsening of their WE Mastercard even with their new credit card on the market waiving a couple of roam like home days a year it doesn’t seem worth it to keep going with them. I am thinking of going over to FIZZ for my mobile services and giving it a try for texts or emergencies overseas alongside a local country-specific sim card. The only thing is you can’t pre-pay your FIZZ account and they don’t accept AMX… FIZZ only accepts VISA & Mastercard like Videotron, so those points to keep in mind. Not sure the best card to use for Fizz and Videotron maybe a card that gives benefits on recurring bills if it counts? The reason I mention FIZZ is that you can set up a cheap phone line with them for less than 15 CAD a month to receive texts anywhere and adapt it to your needs as you go. I haven’t personally tested it out yet but will soon.