We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
OTP's and 2 Factor Authentication problems



A bit of a long post but tying to highlight the difficulties experienced whilst abroad.
We travel to see USA family every year for at least a month. Roaming and international charges being what they are now, I don’t use my UK mobile number but use a USA sim card for USA calls and data, and use WhatsApp calls and messaging for UK friends and family
I also use a Halifax Clarity Card (specially marketed for travellers) whilst in USA, but often US merchant or restaurant card machines can’t process the UK chip and so the transaction gets declined. That often leads to the card being referred to Halifax Fraud Section and the card being blocked. The only way you can get it unblocked is to call the Fraud Dept in UK… but the USA Sim doesn’t allow international calls…..so calling is a very difficult option. Well, put the UK sim card back in (blow the expense) and call them using that…but the phone wont work because the UK phone plan has not renewed because the credit card is blocked! Vicious circle that you are trapped inside!
Likewise, whilst in the States, we often use our usual UK credit card and the internet to order items in the UK for delivery to our home ready for our return or to send gifts to UK family. But….the credit card company insists that I receive an OTP to my UK mobile number ..which is not being used and if it was, couldn’t be used because the plan hasn’t been renewed due to the cc! So we can’t process any purchases. Even looked at my account on line to try and add my US number to my account temporarily to receive OTP’s but…you cant do that without calling the UK.
Some companies have moved with the times, and allow OTP’s to be sent via email or WhatsApp (works on your phone irrespective of the sim, or tablet or laptop and is encrypted so safer than text messages) or other secure ways. The reliance on sending 2 factor authentication OTP’s to a UK mobile number may work ok whilst in the UK but not for international travellers who are not using a uk mobile.
We are apparently living in the global market but some UK banks and credit card companies seem determined to keep us insular. I am in total agreement with stopping credit card abuse and fraud but there are alternative ways that they can communicate with people securely without the reliance on a UK phone number. Why not include those alternatives and make life a bit easier? If anyone works in this tech area be interested to hear their view.
Comments
-
Can't help but when I asked about using my card and 2 part authority with my bank they seemed surprised that I wouldn't be willing to pay the £5 a day plus £2 a minute & £2 per text to use my UK sim. Their alternative was for me to give them the mobile number I would be using overseas but as I only find that out once I get to there and sign up for something I couldn't tell them. I even asked given that I would be ringing their "outside the UK" number whether that team would know how to deal with it and was told no.
As you say it's ridiculous that we can't give an alternative for a set period of time to contact in a different way.I’m a Forum Ambassador and I support the Forum Team on Debt Free Wannabe and Old Style Money Saving boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com. All views are my own and not the official line of MoneySavingExpert.
"Never retract, never explain, never apologise; get things done and let them howl.” Nellie McClung
⭐️🏅😇0 -
Hi Brie, ditto! My usa sim number is visible on activation, and could activate it in advance but on a 30 day plan when you are staying for 30 days, it will then be defunct before you leave.. Besides the number is always a re-used number and once I stop using it, it will be given to someone else. So, if you did know and use it, and don't remember to delete it from any accounts, good chance some random person may well receive your OTP! Very insecure! Whichever way you cut it, the answer is for banks and cc companies to consider the user and the real life perspective, not what is convenient for them.0
-
I suggest the following not having been to the US since 2012. So this was before 2-FA andOTP's were required.@Hollywoodtower you admit you spend money in calling the bank to unblock the card. As that is expensive, why not buy a bolt on package that allows international roaming (assuming your mobile phone provider offers that type of package)? This too will cost money, but how does that compare to the expensive call without a roaming add-on?And if your mobile phone provider doesn't offer a roaming package, and you are in the US one month a year, is there not an argument to move to a provider that offers this facility and to buy the roaming package as required?There might also be mobile phone providers that allow roaming in the US but I am not familiar with them.That is what I would do if I go abroad at any time.0
-
Some thoughts:
- How about adding your Clarity card to Apple Pay/Google Pay (depending on your phone type) and then pay by phone in restaurants etc where you can be present in person?
- If you have enough funds available (and don't need credit) could use bank account/debit card from Starling/Chase who offer excellent exchange rates and use apps for approval purposes
- Put mobile contract on direct debit so not affected by credit card being blocked
1 -
Would dual SIM not help with OTP (if your handset supports it). Incoming text for OTP should be free, and you can use the local SIM for local data/calls.
If dual SIM is not an option you could perhaps use an old handset (or a burner) with your UK SIM making sure data roaming is off.
I’m a Forum Ambassador and I support the Forum Team on the Credit Cards, Savings & investments, and Budgeting & Bank Accounts boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.0 -
Some banks use a mobile phone app for 2FA, e.g. Starling Bank:I have seen a post saying the Starling debit card does not have a magnetic stripe, and it is hit and miss as to whether a retailer/ATM recognises the chip, but I do not think your card gets blocked. As has been suggested Apple Pay, Google Pay and Samsung Pay are accepted by many US retailers.I have got a Barclays Reward Card which does not charge commission for overseas purchases. It has a magnetic stripe. I do not have experience of using in the US though.0
-
Hi thank you for all your suggestions, but I was really drawing attention to the shortcomings of the 'go to' solution for OTP and 2 Factor Authorisation systems, rather than looking for ways to circumvent it. My point is that the current system is not ideal and there are alternative methods that would make life easier if only the banks and cc companies were prepared to consider that their customers would benefit from some innovation. Reliance on a single method of using a mobile number to send OTP's when there are so many secure and safe communication apps that are not dependant on the phone is very outdated.0
-
but often US merchant or restaurant card machines can’t process the UK chip and so the transaction gets declined.
Chips are the same worldwide.
It just lazy US merchants.Life in the slow lane0 -
hollywoodtower said:Hi thank you for all your suggestions, but I was really drawing attention to the shortcomings of the 'go to' solution for OTP and 2 Factor Authorisation systems, rather than looking for ways to circumvent it. My point is that the current system is not ideal and there are alternative methods that would make life easier if only the banks and cc companies were prepared to consider that their customers would benefit from some innovation. Reliance on a single method of using a mobile number to send OTP's when there are so many secure and safe communication apps that are not dependant on the phone is very outdated.
1 -
hollywoodtower said:
Some companies have moved with the times, and allow OTP’s to be sent via email or WhatsApp (works on your phone irrespective of the sim, or tablet or laptop and is encrypted so safer than text messages) or other secure ways.
0
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.7K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.6K Work, Benefits & Business
- 598.4K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards