I recently wrote about challenges with using my Citi Costco Anywhere Visa card while in Japan. Shortly thereafter, we visited Singapore, Indonesia, and Thailand, and given my previous experience in Japan, I was ready to use my data-only eSIM to login to my Citi account to approve purchases if they had tripped the credit card fraud detection.
Moments after landing in Singapore and retrieving luggage, I was ready to use the Grab app to request a ride to our hotel. I was feeling confident about using Grab, as I had set up my account while in the United States, and it had even placed a $1 charge on my Citi Costco Anywhere Visa card to verify my credit card during the account setup process. After selecting my destination and choosing the kind of car I wanted to ride, I expected the payment process to occur smoothly (foreshadowing). However, I was taken to a Visa verification screen and was given the option to verify my identity via phone or SMS text, neither of which I had access to with my data-only eSIM card. Even though I was unable to verify my identity, I was still allowed to request the ride and pay the driver with cash.
Interestingly, after being forced to pay with cash for our first Grab ride in Singapore, I was able to pay with my Visa card on a subsequent ride without the additional verification step. After landing in Indonesia, I was also successful with paying for a ride on Grab with my Visa card, but in Thailand my first Grab ride was intercepted again by Visa, so we took a taxi instead (we had not yet exchanged currency so were unable to pay in cash). Because the identity verification was not initiated by my Citi Costco Anywhere Visa card but rather by Visa itself, I was unable to approve the usage of the card by logging in to my Citi account. As prepared as I thought I was, it turns out that I did not anticipate this particular hurdle.
After returning home and doing some research, it appears that the additional verification was likely due to the Verified by Visa program which was later rebranded as Visa Secure or EMV 3-D Secure. EMV stands for Europay, Mastercard, and Visa — the three companies that originally created the global standard for secure chip-based payment cards. They claim that their fraud detection is user friendly.
In my personal experience, the Visa fraud detection algorithm has the greatest chance of triggering a verification event when users are purchasing things online or when traveling internationally. For international travelers, I think they really need to provide an email verification option in addition to phone and SMS text. The lack of this option makes this feature very user un-friendly in my opinion. I fully understand a credit card company’s need to minimize fraud, but the experience for law-abiding customers has room for improvement.
Meanwhile, although I have not fully validated this approach, a possible way to avoid these problems when traveling abroad while using a data-only eSIM plan is to use a Google Voice number as your main contact number for your credit cards. Google Voice will route voice and SMS text to your Google Voice app using data, so in theory you should be able to authenticate through this method.