• Remove ads on the forum by becoming a donating member. More here.

Search 74,075 Camino Questions

Tips for Pilgrims: Payment Verification Issues While on Pilgrimage

DoughnutANZ

Ka whati te tai ka kai te tōreapango
Time of past OR future Camino
2019, 2023, 2024, 2025, 2026, 2027 & 2028.
In a recent thread @Kathar1na highlighted that some websites that are typically used by Pilgrims only accept online payments via the Verified by Visa program. She suggested (and this was not meant to be a complete list) that RENFE (Spanish Railways) and the Roncesvalles albergue are two of these sites. She also suggested that the Verified by Visa system is currently widely used across Europe. It seems that it may be less widely used across North America and so North American pilgrims may not be used to it.

In the most common situation the Verified by Visa scheme monitors usage of your credit card online and triggers a secondary verification process if it thinks that there is unusual usage of your credit card. This can be, for example, using the card in a foreign (to you and your financial institute [FI]) country or an unusually large amount or some other undisclosed activities.

In addition, it appears that some online web sites (e.g. RENF and Roncesvalles) can mandate that the secondary verification process is always used.

The secondary verification process can be conducted in a number of different ways. The way that it is conducted for your credit card is stipulated by the FI that issued your credit card, typically (but not always) your bank.

There are a number of ways that the secondary verification process can be manifested. My only experience of it to-date has been with one of my debit cards from one of my banks and in this case the process happens online, embedded within the buying activity. An inline frame (second screen) opens up within the purchase screen that is from my bank and this screen asks me to supply an answer to a previously logged question. If I answer correctly then the transaction proceeds and I get to buy the good or service that I set out to buy but if I don’t answer correctly then my debit card is declined.

My understanding (incomplete) is that there are at least three other ways that can be used to verify that you are using your credit/debit card (and not some thief) and they are A) asking for a biometric (finger/thumb print or face scan); B) sending you a SMS txt message to the phone number that you have registered with your financial institution; C) usage of a "security token" (a discussion for another time).

Option B, SMS message is the one that could potentially cause pilgrims problems. It was suggested (unverified) on another thread that North American FI's have a tendency to use the SMS message verification process and so this seems particularly applicable to North American pilgrims but also applies to anyone.

Some pilgrims deliberately choose not to bring their phone with them when they are on pilgrimage. This is a perfectly valid choice. However if they subsequently use a borrowed or public access computer to make an online reservation or purchase while on pilgrimage then they may find that in some cases they are unable to use their credit/debit card.

Other pilgrims bring their phone with them but choose to replace their home SIM card with a Spanish (or other European) SIM card while they are on pilgrimage to provide internet access at cheaper (than roaming) rates. These pilgrims may well encounter problems.

Those pilgrims that choose to bring their home phone and use their normal SIM card will not have these issues but they may well find that this process means that they will incur reasonably expensive roaming charges and they will need to remember to turn on roaming in their phone.

Okay, what can other pilgrims do?

  1. If you own a reasonably modern smart phone that has a dual SIM capability then you can use both your home SIM for SMS verification and a cheap to use Spanish SIM at the same time. I will, if I get time, do another post on dual SIM phones.
  2. Buy a cheap burner phone when you get to Spain and (ideally) install your home SIM card on this phone and the Spanish SIM card on your smart phone or vici verco (if you prefer). Again enabling both SMS verifications to your usual phone number and your in-Spain activity to go ahead.
  3. Ask your FI to switch the secondary verification process (for you) to one of the non-SMS options. It is apparent from a quick search that at least some FI's in North America offer this option. This is certainly available outside of North America.
  4. Log a second phone number belonging to a trusted person inside your home country with your FI and ask that trusted person to vigilantly watch for texts from your FI and to forward them to your Spanish phone number. This option is obviously awkward for most people and is fraught with opportunities for something to go amiss especially as the secondary verification process is time-bound and there are time differences between your home country and Spain. However, it may work for some especially when pre-arranged.
  5. Leave a cheap phone at home with your home SIM card in it and automatically forward SMS messages to your Spanish number. On the surface this looks like a reasonable choice but there are complications such as keeping your home phone constantly charged (hopefully no one borrows your charger while you are away) and in setting up the forwarding to a Spanish phone number that you won't know until you are in Spain! In my opinion, this option is the worst way to implement option 2.
  6. Log your Spanish phone number with your FI once you get to Spain so that the verification messages are sent to your Spanish phone number. If you are leaning towards this option then before leaving home check that your FI will be happy to send those verification messages to an out of country number. There has been some suggestion that not all companies will allow this.
  7. Create a virtual phone number that allows you to access SMS messages using a browser before you leave home and set that up as the phone number to receive the verification messages. In this case, also, check that your FI will allow this and if given a choice, use a “long” 10 digit number for your virtual phone number not a short (code) number.
  8. Resign yourself to not being able to use your credit/debit card online on the sites that use this service.
  9. Any other option that any other person can suggest.
A possible "gotcha" for anyone contemplating changing the phone number that receives SMS verification messages. One British bank has said on its website that they take up to a week to change the phone number within their organisation.

A general description of the process behind the Verified by Visa scheme and some criticism of it can be found at https://en.wikipedia.org/wiki/3-D_Secure
 
Last edited:
€2,-/day will present your project to thousands of visitors each day. All interested in the Camino de Santiago.
If I remember correctly, and it was some years ago, the very first time I encountered the verified by VISA security check, I was asked to set up the security measure, which at that time was a pin code that I had to enter.

However, that pin code method is no longer used (by my bank) and now they send me a code via text. It seems to happen less often now than it used to, though.

I wonder if it's possible to use a site with verified by VISA protection before you leave and check which security system it will use. I don't think it's the same as the bank log-in system.
 
In a recent thread @Kathar1na highlighted that some websites that are typically used by Pilgrims only accept online payments via the Verified by Visa program. She suggested (and this was not meant to be a complete list) that RENF (Spanish Railways) and the Roncesvalles albergue are two of these sites. She also suggested that the Verified by Visa system is currently widely used across Europe. It seems that it may be less widely used across North America and so North American pilgrims may not be used to it.

In the most common situation the Verified by Visa scheme monitors usage of your credit card online and triggers a secondary verification process if it thinks that there is unusual usage of your credit card. This can be, for example, using the card in a foreign (to you and your financial institute [FI]) country or an unusually large amount or some other undisclosed activities.

In addition, it appears that some online web sites (e.g. RENF and Roncesvalles) can mandate that the secondary verification process is always used.

The secondary verification process can be conducted in a number of different ways. The way that it is conducted for your credit card is stipulated by the FI that issued your credit card, typically (but not always) your bank.

There are a number of ways that the secondary verification process can be manifested. My only experience of it to-date has been with one of my debit cards from one of my banks and in this case the process happens online, embedded within the buying activity. An inline frame (second screen) opens up within the purchase screen that is from my bank and this screen asks me to supply an answer to a previously logged question. If I answer correctly then the transaction proceeds and I get to buy the good or service that I set out to buy but if I don’t answer correctly then my debit card is declined.

My understanding (incomplete) is that there are at least three other ways that can be used to verify that you are using your credit/debit card (and not some thief) and they are A) asking for a biometric (finger/thumb print or face scan); B) sending you a SMS txt message to the phone number that you have registered with your financial institution; C) usage of a "security token" (a discussion for another time).

Option B, SMS message is the one that could potentially cause pilgrims problems. It was suggested (unverified) on another thread that North American FI's have a tendency to use the SMS message verification process and so this seems particularly applicable to North American pilgrims but also applies to anyone.

Some pilgrims deliberately choose not to bring their phone with them when they are on pilgrimage. This is a perfectly valid choice. However if they subsequently use a borrowed or public access computer to make an online reservation or purchase while on pilgrimage then they may find that in some cases they are unable to use their credit/debit card.

Other pilgrims bring their phone with them but choose to replace their home SIM card with a Spanish (or other European) SIM card while they are on pilgrimage to provide internet access at cheaper (than roaming) rates. These pilgrims may well encounter problems.

Those pilgrims that choose to bring their home phone and use their normal SIM card will not have these issues but they may well find that this process means that they will incur reasonably expensive roaming charges and they will need to remember to turn on roaming in their phone.

Okay, what can other pilgrims do?

  1. If you own a reasonably modern smart phone that has a dual SIM capability then you can use both your home SIM for SMS verification and a cheap to use Spanish SIM at the same time. I will, if I get time, do another post on dual SIM phones.
  2. Buy a cheap burner phone when you get to Spain and (ideally) install your home SIM card on this phone and the Spanish SIM card on your smart phone or vici verco (if you prefer). Again enabling both SMS verifications to your usual phone number and your in-Spain activity to go ahead.
  3. Ask your FI to switch the secondary verification process (for you) to one of the non-SMS options. It is apparent from a quick search that at least some FI's in North America offer this option. This is certainly available outside of North America.
  4. Log a second phone number belonging to a trusted person inside your home country with your FI and ask that trusted person to vigilantly watch for texts from your FI and to forward them to your Spanish phone number. This option is obviously awkward for most people and is fraught with opportunities for something to go amiss especially as the secondary verification process is time-bound and there are time differences between your home country and Spain. However, it may work for some especially when pre-arranged.
  5. Leave a cheap phone at home with your home SIM card in it and automatically forward SMS messages to your Spanish number. On the surface this looks like a reasonable choice but there are complications such as keeping your home phone constantly charged (hopefully no one borrows your charger while you are away) and in setting up the forwarding to a Spanish phone number that you won't know until you are in Spain! In my opinion, this option is the worst way to implement option 2.
  6. Log your Spanish phone number with your FI once you get to Spain so that the verification messages are sent to your Spanish phone number. If you are leaning towards this option then before leaving home check that your FI will be happy to send those verification messages to an out of country number. There has been some suggestion that not all companies will allow this.
  7. Create a virtual phone number that allows you to access SMS messages using a browser before you leave home and set that up as the phone number to receive the verification messages. In this case, also, check that your FI will allow this and if given a choice, use a “long” 10 digit number for your virtual phone number not a short (code) number.
  8. Resign yourself to not being able to use your credit/debit card online on the sites that use this service.
  9. Any other option that any other person can suggest.
A possible "gotcha" for anyone contemplating changing the phone number that receives SMS verification messages. One British bank has said on its website that they take up to a week to change the phone number within their organisation.

A general description of the process behind the Verified by Visa scheme and some criticism of it can be found at https://en.wikipedia.org/wiki/3-D_Secure
Thanks, @Doughnut NZ . You are expanding on the factual information so frequently offered by @Kather1na. You reminded me of the Verified by Visa scheme. I must delete that obsolete entry in my important details file! I am so sorry for those of the forum pilgrims outside EU or Schengen zones who have this added to other bureaucratic steps before setting out on pilgrimage. A small consolation is that a page was turned with development of vaccines, and slowly the world will allow a different set of freedoms, not the 'before Covid' normal, but still, expanded options for movement across our wonderful globe!
 
The 2024 Camino guides will be coming out little by little. Here is a collection of the ones that are out so far.
RENF (Spanish Railways) and the Roncesvalles albergue are two of these sites
Renfe offers several payment options, among them payment directly by credit card and payment by credit card via Paypal. The Paypal option does not require 2 factor verification. So this would be one of the workarounds.
 
Last edited:
I wonder if it's possible to use a site with verified by VISA protection before you leave and check which security system it will use.
There are two potential issues: Whether or not the website requires multi-factor authentication for your credit card payments and whether your credit card is enabled for this.

I checked payments on Roncesvalles albergue, Renfe and the museum of the Santiago Cathedral. All three require multi-factor authentication. All three show the corresponding icons (see below). BTW, Visa has changed from Verified by Visa to Visa Secure. Mastercard uses ID Check. What you cannot do: Check whether your credit card has been activated for it. For this, you have to make the actual payment. I think that credit cards issued by financial services providers with seat in Europe are always activated.

Cathedral.jpg
 
Last edited:
Well, yes you would have to actually try to buy something, but usually when you reach the verification, you have the option to provide the requested verification or cancel the transaction. It would at least show if it was possible to use the system with your card, and what form of verification was required.
 
3rd Edition. More content, training & pack guides avoid common mistakes, bed bugs etc
Well, yes you would have to actually try to buy something, but usually when you reach the verification, you have the option to provide the requested verification or cancel the transaction. It would at least show if it was possible to use the system with your card, and what form of verification was required.
I see what you mean. I've become a bit more cautious. I like to try out things on websites before I write about them, and I go as far as possible. On at least one occasion I went a page too far and made a booking at Roncesvalles that I had not intended to make 😅. I did not ask for reimbursement. It's all in the interest of increasing human knowledge and worth a few €'s. 😇

So by all means, for test purposes, when one can be 100% sure that the next page will be a 2 step verification page one can confidently enter credit card details and press Next or Pay. If the card is not activated for this, you will be sent into Nirvana. If it's activated you will see the page where you enter your code and you can cancel the booking or purchase. If you have an activated card and don't know how to generate codes you need to find out from your bank or card issuer.
 
The focus is on reducing the risk of failure through being well prepared. 2nd ed.
She also suggested that the Verified by Visa system is currently widely used across Europe. It seems that it may be less widely used across North America and so North American pilgrims may
Informative post! Thank you!

Actually, American Express and Visa use it, for sure, when I make any foreign transaction from the states and some domestic charges too. So many pilgrims from N. American who have ordered from Renfe and other businesses abroad, in the past two years, are likely familar the verification process.
 
Last edited:
Just wanted to share another alternative: when I was talking to my bank in Canada about this two-steps verification. The bank offered another choice in lieu of the SMS messages to your phone, a code could be sent to your "encrypted Email address" -- which is not any public Email system like google/yahoo etc. The bank suggested three names to me, one of them is the "https://protonmail.com/", it is also free to join. And that is what I did and it worked perfectly. The only thing to pay attention is that the verification message often wind up in the spam file instead of the incoming file!
I am not promoting the protonmail, and I don't remember what the other Encrypted Email service providers are. Hope this helps!

Buen Camino!
 
Ideal sleeping bag liner whether we want to add a thermal plus to our bag, or if we want to use it alone to sleep in shelters or hostels. Thanks to its mummy shape, it adapts perfectly to our body.

€46,-
A possible "gotcha" for anyone contemplating changing the phone number that receives SMS verification messages. One British bank has said on its website that they take up to a week to change the phone number within their organisation.
I recently ran into this issue when booking at Roncesvalles. They did not offer me any alternatives other than SMS. My first attempt failed because we only had my wife's mobile phone linked to the account. I was able to quickly log into my bank's web site (Wells Fargo) and link my phone. No waiting process. I then rebooked at Roncesvalles and paid with no hitches in the process.

I do plan to take a second cell phone that I have (with no current SIM card) and purchase an EU SIM card for it while I am there. I will have my original phone with a US based (VERIZON) SIM card in case I need it, but I plan to have it shut off most of time and only use the phone with the EU SIM card. The one caveat in this plan is that I will need to change my mobile number at the bank and booking sites and any other web sites that may require SMS verification. I'll handle this on a case by case basis, but that's where the second phone comes in to handle any "emergency" authorizations.
 
9. Other user suggestions

I wonder if a third party authentication app works for this problem and all the other two factor authentication needed for various other websites or banks.

(EDIT: this will not work with my particular bank, although it may work with other banks.)

A third-party authenticator app is a code generator that gives you a code that you can use to log into websites that you previously set this up with. Apparently it’ll work even if you’re not online. And the claim is that it’s more secure than SMSes.

There’s lots of information on the web about this, But never having used one, I don’t quite understand exactly how this works. Below is a link that explains it a little bit:

 
Last edited:
Apparently it’ll work even if you’re not online. And the claim is that it’s more secure than SMSes.
Yes, I use both the Google and Microsoft Authenticator apps all the time and when ever possible, including to sign into this Forum.

It does work off-line although this isn't usually beneficial unless you have the app on a phone with no Internet connection and you are using a different device to connect and log on with.

Yes, an authenticator app or a portable security key (psk) are much more secure than SMS.

The underlying basis of 2FA is to have two different types of identification, something you know (your password) and something you have (on your person). The authenticator app "proves" that you have it by calculating a number that is a factor of a private key, the device id that it is installed on, the public key of the site that you are logging into and the current time. This provides a unique, time bound key.

When this key is presented to the site that you are logging into it applies a different calculation using its own private key, the public key of your app and the time. If everything is correct then the result of this calculation is your device id that it can match with your other login information.

The reason that SMS is less secure is that it is possible to port your phone number to a different phone and if you Google this subject then you will find many, many cases where this has been done with criminal intent.

It is not possible to port your phone id to a different phone.

All security methods have their downside though and the obvious problem with an authenticator app or psk is if you lose your phone/psk or don't have it with you when you want to log in.

It is also a minor hassle when you buy a new phone/psk as you need to re-authenticate each of your log on sites.

An earlier post on a different thread made a comment about not wanting to use Google authenticator because this would allow Google to track you.

The Google app certainly isn't perfect and there are other valid reasons to use a different authenticator app with additional security but I think that it is far better (and more convenient) to use a well known and supported app like the ones from Google and Microsoft rather than not using this security at all. On the other hand if you have the knowledge and desire to use different authenticator apps then of course you are free to do so.
 
€2,-/day will present your project to thousands of visitors each day. All interested in the Camino de Santiago.
Well, yes you would have to actually try to buy something, but usually when you reach the verification, you have the option to provide the requested verification or cancel the transaction. It would at least show if it was possible to use the system with your card, and what form of verification was required.
Hi Molly
I needed to talk to one of my banks about some stuff and so I decided to include some questions about Visa Secure in that conversation. Obviously the information from my bank only applies to me and others in ANZ who use this bank but I hope that the following is illustrative for others.

I deal with two banks, one is a relatively new company and so has no legacy computer systems to worry about and they are the most flexible of my two banks.

New bank
I have a debit card with a Visa logo. I was automatically enrolled in Visa Secure. I did not need to set this up. When the second factor is triggered on this card an "inline frame" (sorry technical term, a sort of window within the online purchase screen) pops up, has my bank name and a code known to me on it (so that I know that it is not a scam site) and asks me for a previously registered password. When I correctly enter that password my purchase is validated.

Old Bank
I have a credit card with a Visa logo. I was automatically enrolled in Visa Secure, although this bank calls it "Online Code". Again I didn't need to do anything to register for Visa Secure (Online Code) they did it for me automatically. This bank has old legacy computer systems linked to newer systems and is much less flexible. The only way to validate a Visa Secure transaction on this card is for the bank to send me a SMS txt message that I then enter into the purchase screen. When I asked them what happens when I am traveling overseas they said to contact them either by phone or a secure bank email app that they have and they will change the phone number to an international one so that I can continue to receive SMS messages.

I hope that this helps you and others.
 
wonder if a third party authentication app works for this problem and all the other two factor authentication needed for various other websites or banks.
This is possible if your bank or card issuer permits it. Visa and Mastercard don't specify how to verify a card, this is left up to the card issuing agency (your bank).

Visa are developing their own authentication API but unfortunately the details of it are only available to developers who have agreed to Visa's terms and conditions that then prevent any discussion of the API. If you are interested then see https://developer.visa.com/capabilities/visa-biometric-authentiator-app

Mastercard are also developing their own authentication app and in their case you can at least read about it at https://developer.mastercard.com/product/identity-check-mobile/

Both organisations are developing towards biometric authentication. My personal opinion is to avoid biometric authentication if I can as both a developer and computer systems user. I guess that I must have watched too many bad movies where the criminal simply cut off someone's finger in order to use it to access the computer system 🙁

All security methods have a downside.
 
Last edited:
€2,-/day will present your project to thousands of visitors each day. All interested in the Camino de Santiago.
The only way to validate a Visa Secure transaction on this card is for the bank to send me a SMS txt message that I then enter into the purchase screen. When I asked them what happens when I am traveling overseas they said to contact them either by phone or a secure bank email app that they have and they will change the phone number to an international one so that I can continue to receive SMS
My US base bank told me that they could only send any kind of validation texts to a US mobile. So I cant change the authentication number to a foreign mobile.

I may have gotten around this by using a Google Voice phone number that I set up with my old mobile number. They did send me a text confirming that they were willing to use that number. But of course I won’t know if this will work when I’m overseas until the day I need it!

Google voice is a virtual phone number that only exists online. You can port over an existing phone number or they’ll give you a new one. You can make calls or receive texts. You can also set it to send texts or transcriptions of voicemail messages to an email, which is what I am doing. There’s also an app for both iOS and android phones where you get the messages as well.

There are other providers. Just start researching virtual phone numbers on the Internet.

Google voice is for US residents only, but there’s a similar possibility to get a virtual phone number in other countries using Google workspace. Link below:

 
Last edited:
o_O Yikes, I think I've made my last trip .... uh, anywhere....
I know how you feel. Sometimes I think that it would be nice to have a lot less of this obvious technology.

One of the solutions is one of the research areas that I am interested in and it is called Ambient technology. This is where the technology is so well designed and integrated into everyday life that people stop noticing that it is there.

The clunkiness of some technology is ultimately down to bad design although to be fair to the people who came up with the idea for a piece of plastic that you could carry and use to pay for things the Internet did not exist at that time and if you had of told them that one day an individual in one country could pull something out of their purse/pocket, use it to look at accommodation options in another country, decide on one and then make a reservation using the same device and then pay for it with the piece of plastic that they had just conceived of then they would have laughed you out of the room.

The good news is that when lots of people have difficulty doing something then ultimately someone sees a business opportunity in finding a better way of doing things.

There are short term, partial solutions on the way from Visa and Mastercard in their new authentication API's and in their high charges which tend to disincentivise websites from using this security option.
 
Part of the problem with security on US credit cards is, and has been for ages, the finger pointing over who is responsible for fraudulent charges. The credit companies say that is the responsibility of the banks and the banks say it is the merchants' problem. None have wanted to cough up the money to fix problems such as converting cards to chips from magnetic stripes because there is hope someone else will do it. The fact that credit companies are working on a solution that can be used by all banks is a good sign. It could have happened sooner though.
 
3rd Edition. More content, training & pack guides avoid common mistakes, bed bugs etc
Mastercard UK have a very nice explanation of their new two factor authentication (2FA) security system and this can be accessed here: https://www.mastercard.co.uk/en-gb/personal/safety-security/strong-customer-authentication.html

They explain that their new process can work with a fingerprint scan or selfie on your phone, provided that your bank has set this up.

They further explain why the new process is required:
due to new regulations that came into effect on 14th September 2019. Introduced by the second Payment Services Directive (PSD2), these new regulations are designed to keep your information safe, reduce fraud and make shopping online even more secure.

PSD2 is an EU directive that is designed to contribute to the development of a single payment market in the EU.

This date in 2019 also explains, for me, why we are suddenly starting to see this security process more often.
 
Thanks, @Doughnut NZ ! I THINK (but I'm not sure) I'd prefer to trust my credit card companies and my credit union, but that may be naive on my part.🥴

My phone plan, tho', allows me to use my US phone number when travelling in other countries - I pay the nominal fee, regardless of who make the call, so I ALWAYS keep the talk time short! But apparently there may still be a fee charged to the other person, albergue, hotel... ? Does anyone know about this?
 
My phone plan, tho', allows me to use my US phone number when travelling in other countries - I pay the nominal fee, regardless of who make the call, so I ALWAYS keep the talk time short! But apparently there may still be a fee charged to the other person, albergue, hotel... ? Does anyone know about this?
If they call you then they are charged for an international mobile phone call which can be expensive. If you call them on a standard number then usually, outside of the USA they are not charged. If you call them on an 0800 or similar number then they will also be charged.
 
The focus is on reducing the risk of failure through being well prepared. 2nd ed.
I recently ran into this issue when booking at Roncesvalles. They did not offer me any alternatives other than SMS.

Thanks, @Doughnut NZ ! I THINK (but I'm not sure) I'd prefer to trust my credit card companies and my credit union, but that may be naive on my part.🥴

Just to be clear, it is not the website (Roncesvalles or RENFE) which defines which 2FA method is chosen, they don't see this part of the transaction at all. It is always your bank or credit union that makes this decision and they are also the ones that validate your secondary security method.

Roncesvalles doesn't decide if you have to use SMS or some other method it is your card issuer.

Roncesvalles decides if a secondary method is needed but not which one.

Once this secondary security process is triggered you are only sharing your information with your own bank or credit union. Not with Roncesvalles or any other website.
 
Last edited:
In a recent thread @Kathar1na highlighted that some websites that are typically used by Pilgrims only accept online payments via the Verified by Visa program. She suggested (and this was not meant to be a complete list) that RENF (Spanish Railways) and the Roncesvalles albergue are two of these sites. She also suggested that the Verified by Visa system is currently widely used across Europe. It seems that it may be less widely used across North America and so North American pilgrims may not be used to it.

In the most common situation the Verified by Visa scheme monitors usage of your credit card online and triggers a secondary verification process if it thinks that there is unusual usage of your credit card. This can be, for example, using the card in a foreign (to you and your financial institute [FI]) country or an unusually large amount or some other undisclosed activities.

In addition, it appears that some online web sites (e.g. RENF and Roncesvalles) can mandate that the secondary verification process is always used.

The secondary verification process can be conducted in a number of different ways. The way that it is conducted for your credit card is stipulated by the FI that issued your credit card, typically (but not always) your bank.

There are a number of ways that the secondary verification process can be manifested. My only experience of it to-date has been with one of my debit cards from one of my banks and in this case the process happens online, embedded within the buying activity. An inline frame (second screen) opens up within the purchase screen that is from my bank and this screen asks me to supply an answer to a previously logged question. If I answer correctly then the transaction proceeds and I get to buy the good or service that I set out to buy but if I don’t answer correctly then my debit card is declined.

My understanding (incomplete) is that there are at least three other ways that can be used to verify that you are using your credit/debit card (and not some thief) and they are A) asking for a biometric (finger/thumb print or face scan); B) sending you a SMS txt message to the phone number that you have registered with your financial institution; C) usage of a "security token" (a discussion for another time).

Option B, SMS message is the one that could potentially cause pilgrims problems. It was suggested (unverified) on another thread that North American FI's have a tendency to use the SMS message verification process and so this seems particularly applicable to North American pilgrims but also applies to anyone.

Some pilgrims deliberately choose not to bring their phone with them when they are on pilgrimage. This is a perfectly valid choice. However if they subsequently use a borrowed or public access computer to make an online reservation or purchase while on pilgrimage then they may find that in some cases they are unable to use their credit/debit card.

Other pilgrims bring their phone with them but choose to replace their home SIM card with a Spanish (or other European) SIM card while they are on pilgrimage to provide internet access at cheaper (than roaming) rates. These pilgrims may well encounter problems.

Those pilgrims that choose to bring their home phone and use their normal SIM card will not have these issues but they may well find that this process means that they will incur reasonably expensive roaming charges and they will need to remember to turn on roaming in their phone.

Okay, what can other pilgrims do?

  1. If you own a reasonably modern smart phone that has a dual SIM capability then you can use both your home SIM for SMS verification and a cheap to use Spanish SIM at the same time. I will, if I get time, do another post on dual SIM phones.
  2. Buy a cheap burner phone when you get to Spain and (ideally) install your home SIM card on this phone and the Spanish SIM card on your smart phone or vici verco (if you prefer). Again enabling both SMS verifications to your usual phone number and your in-Spain activity to go ahead.
  3. Ask your FI to switch the secondary verification process (for you) to one of the non-SMS options. It is apparent from a quick search that at least some FI's in North America offer this option. This is certainly available outside of North America.
  4. Log a second phone number belonging to a trusted person inside your home country with your FI and ask that trusted person to vigilantly watch for texts from your FI and to forward them to your Spanish phone number. This option is obviously awkward for most people and is fraught with opportunities for something to go amiss especially as the secondary verification process is time-bound and there are time differences between your home country and Spain. However, it may work for some especially when pre-arranged.
  5. Leave a cheap phone at home with your home SIM card in it and automatically forward SMS messages to your Spanish number. On the surface this looks like a reasonable choice but there are complications such as keeping your home phone constantly charged (hopefully no one borrows your charger while you are away) and in setting up the forwarding to a Spanish phone number that you won't know until you are in Spain! In my opinion, this option is the worst way to implement option 2.
  6. Log your Spanish phone number with your FI once you get to Spain so that the verification messages are sent to your Spanish phone number. If you are leaning towards this option then before leaving home check that your FI will be happy to send those verification messages to an out of country number. There has been some suggestion that not all companies will allow this.
  7. Create a virtual phone number that allows you to access SMS messages using a browser before you leave home and set that up as the phone number to receive the verification messages. In this case, also, check that your FI will allow this and if given a choice, use a “long” 10 digit number for your virtual phone number not a short (code) number.
  8. Resign yourself to not being able to use your credit/debit card online on the sites that use this service.
  9. Any other option that any other person can suggest.
A possible "gotcha" for anyone contemplating changing the phone number that receives SMS verification messages. One British bank has said on its website that they take up to a week to change the phone number within their organisation.

A general description of the process behind the Verified by Visa scheme and some criticism of it can be found at https://en.wikipedia.org/wiki/3-D_Secure
It's a pain. I had problems with RENFE while at home before leaving.
 
The focus is on reducing the risk of failure through being well prepared. 2nd ed.
Interestingly I just had an email from my bank who supply me with a Mastercard credit card. They say that the frequency with which they require 2-factor authentication will increase in coming months and that, as many online sellers are not in a position to facilitate the link to authentication, my card may well be declined.

The communication is written so as to suggest that this is essentially my problem.
 
They say that the frequency with which they require 2-factor authentication will increase in coming months and that, as many online sellers are not in a position to facilitate the link to authentication, my card may well be declined.
Yep, a struggle between credit companies, banks and merchants instead of co-operation.

Edit: Suppose you authorize some kind of purchase with the credit card company prior to checking out your cart. The merchants would only have to pass the credit requests on without having to change their purchasing software.
 
Last edited:
It's a pain. I had problems with RENFE while at home before leaving.
This is just the merchant (RENFE in this case) ensuring that they get paid for a purchase rather than lumbered with a charge back some time in the future.

I can fully understand them wanting to be paid.

All transactions that go through this process have the risk of fraud transferred from the merchant to the bank/credit union/financial institution that issued our card. Then they, of course, simply transfer that risk to us.

It is almost impossible to dispute a transaction that has gone through this process and so it is important that we have complete confidence in the process that our card issuer uses.
 
Perfect memento/gift in a presentation box. Engraving available, 25 character max.
If I remember correctly, and it was some years ago, the very first time I encountered the verified by VISA security check, I was asked to set up the security measure, which at that time was a pin code that I had to enter.

However, that pin code method is no longer used (by my bank) and now they send me a code via text. It seems to happen less often now than it used to, though.

I wonder if it's possible to use a site with verified by VISA protection before you leave and check which security system it will use.
Yes, this is a useful idea.
I don't think it's the same as the bank log-in system.
You are correct Molly, your bank's log in system and verification is completely separate from this transaction verification system.
 
Interestingly I just had an email from my bank who supply me with a Mastercard credit card. They say that the frequency with which they require 2-factor authentication will increase in coming months and that, as many online sellers are not in a position to facilitate the link to authentication, my card may well be declined.

The communication is written so as to suggest that this is essentially my problem.

I do hope this isn’t going to become universal in the UK.

And It’s outrageous that the bank doesn’t seem to expect to have to sort this out itself. What do they expect you to be able to do about it?!
 
Perfect memento/gift in a presentation box. Engraving available, 25 character max.
I do hope this isn’t going to become universal in the UK.
It isn't going to go away although how we interact with the secondary security process will become easier over time.

This is part of the Digital Euro initiative, see https://ec.europa.eu/info/business-...payments/payment-services/payment-services_en

And, from memory (and so it could be wrong) when the UK left the European Union there was an agreement that the UK financial regulations would remain coordinated with the EU.

And It’s outrageous that the bank doesn’t seem to expect to have to sort this out itself. What do they expect you to be able to do about it?!

Over time, customer pressure will drive the banks and other card issuing organisations towards a simpler interface.
 
A selection of Camino Jewellery
And, from memory (and so it could be wrong) when the UK left the European Union there was an agreement that the UK financial regulations would remain coordinated with the EU.
I don’t know much about this but you may well be right. I had to transfer money from my bank account in the EU to a bank account in the UK recently and was pleasantly surprised that I could still execute what we know as a SEPA transfer. I then learnt that the UK government had opted to stay in SEPA after Brexit - Single Euro Payments Area. It involves common standards for financial transactions that the members and their banks etc have to adher to or adher to voluntarily. And of course nothing stops the banks from using the technology that they develop and implement also for other kind of financial transactions and not only for SEPA payments.
 
Last edited:
Interestingly I just had an email from my bank who supply me with a Mastercard credit card. They say that the frequency with which they require 2-factor authentication will increase in coming months and that, as many online sellers are not in a position to facilitate the link to authentication, my card may well be declined.

The communication is written so as to suggest that this is essentially my problem.


I thought of this thread when I saw this article this morning:


 
I do plan to take a second cell phone that I have (with no current SIM card) and purchase an EU SIM card for it while I am there. I will have my original phone with a US based (VERIZON) SIM card in case I need it, but I plan to have it shut off most of time and only use the phone with the EU SIM card. The one caveat in this plan is that I will need to change my mobile number at the bank and booking sites and any other web sites that may require SMS verification. I'll handle this on a case by case basis, but that's where the second phone comes in to handle any "emergency" authorizations.
I’m a bit dizzy from reading this thread in its entirety. I’m now understanding a bit better why my attempt to pay online for Roncesvalles in 2020 took several attempts and a switch of credit cards.

@CA_Pilgrim I also use a Verizon phone in the US and wanted to clarify your plan, if I may? You’re going to keep your US SIM in your Verizon phone but keep it turned off most of the time. If you need to do a transaction, you can turn it on with the $10 a day roaming charge and use it to pay on the site so that the verification comes to you smoothly?

Here’s my question. Do you know if it also works to switch back and forth between the EU SIM and the Verizon SIM as necessary?
 
Get a spanish phone number with Airalo. eSim, so no physical SIM card. Easy to use app to add more funds if needed.
Here’s my question. Do you know if it also works to switch back and forth between the EU SIM and the Verizon SIM as necessary?
I hope you don't mind me jumping in here saying how to work this in theory.

Say you are at a place where you have a wifi. You will likely want to use that for the app or website that will text you your code. Switch your EU SIM for your Verizon one beforehand and you can enter your code pretty quickly into the wifi driven app or website. You'll get a $10 daily roaming charge and maybe a small charge for the text. Now swap the SIMs back.

Without a wifi connection available you will probably prefer to switch to your Verizon SIM and use it for all the app, website and text communication. In addition to the charges I mentioned above you will get data charges as well but I doubt this will add much extra cost.

Without wifi you could keep swapping SIMs so anytime you used data you used the EU SIM with the low data costs (and that you have already prepaid) but I don't think the savings would be worth the trouble.
 
I hope you don't mind me jumping in here saying how to work this in theory.

Say you are at a place where you have a wifi. You will likely want to use that for the app or website that will text you your code. Switch your EU SIM for your Verizon one beforehand and you can enter your code pretty quickly into the wifi driven app or website. You'll get a $10 daily roaming charge and maybe a small charge for the text. Now swap the SIMs back.

Without a wifi connection available you will probably prefer to switch to your Verizon SIM and use it for all the app, website and text communication. In addition to the charges I mentioned above you will get data charges as well but I doubt this will add much extra cost.

Without wifi you could keep swapping SIMs so anytime you used data you used the EU SIM with the low data costs (and that you have already prepaid) but I don't think the savings would be worth the trouble.
Thanks for jumping in. All advice appreciated. :) I’ve never been charged for data when using the $10 a day roaming. I have used it 2-3 times total when traveling for a month. I tend to use it when I am making a purchase because I always worry about identity theft on WiFi. But I don’t make a whole lot of online purchases when traveling. I know it can be controversial but if I’m traveling and need to book a hotel or albergue last minute I usually use booking dot com because they’ve already verified my CC.

The more I think about it, I’m not sure how often I would need to purchase something online while traveling? I usually purchase any necessarily train/bus tickets ahead of time from home.

Which reminds me…is cash still the preferred method for purchasing on the Camino or have a lot of places moved to plastic since the pandemic?
 
@CA_Pilgrim I also use a Verizon phone in the US and wanted to clarify your plan, if I may? You’re going to keep your US SIM in your Verizon phone but keep it turned off most of the time. If you need to do a transaction, you can turn it on with the $10 a day roaming charge and use it to pay on the site so that the verification comes to you smoothly?

Here’s my question. Do you know if it also works to switch back and forth between the EU SIM and the Verizon SIM as necessary
Correct, I plan on having 2 phones, my normal phone with a US SIM and a second phone with an EU SIM (to be purchased on arrival). I plan on using the US phone for the first couple days as I migrate from Paris to SJPP to start the Camino and be charged the $10/day fee. Once I get to a location where I can purchase an EU SIM (and have the time), I will switch mainly to the EU phone and shut my US phone off.

When I activate the EU phone and have the new number, I will contact my bank and other important financial sites and add my EU phone to the contacts. This will allow me to make financial transactions with the EU phone. In an emergency, I can always turn on the US phone and activate it for the day at a cost of $10 to complete any transactions that for one reason or another did not go through with the EU phone. I'm hoping this does not happen at all, but I like having the backup.

Clear as mud?
 
The focus is on reducing the risk of failure through being well prepared. 2nd ed.
Clear as mud?
Lol Right? I was just going over with my husband all the things I need to understand that didn’t use to be a thing and it feels like a bowl of spaghetti.

So for US pilgrims…let me see if I have this right:

1-A plan to get second factor identification that may include a second phone.

2-my CDC card to fly out of America (I think TSA requires it?)

3-A telehealth proctored Binax test in my pack in order to fly home.

4-My QR code for the Spanish system in order to leave the Madrid airport.

5-My CDC cards once I arrive in SJPP at a pharmacy to get my vaccination status into the French/EU conversion so I can eat and stay at a Gite.

6-All the phone numbers of local authorities along the way just in case I catch Covid and need to isolate in a hotel and contact them for further instructions. (And of course epidemic coverage travel insurance arranged before leaving the states).

And…you know…all the gear and pack considerations and being ready to walk over 500 miles to the ocean.

Clear as mud? 🤪🤣 Most definitely. And I still feel like I’m forgetting something!
 
Ideal sleeping bag liner whether we want to add a thermal plus to our bag, or if we want to use it alone to sleep in shelters or hostels. Thanks to its mummy shape, it adapts perfectly to our body.

€46,-
I’m a bit dizzy from reading this thread in its entirety. I’m now understanding a bit better why my attempt to pay online for Roncesvalles in 2020 took several attempts and a switch of credit cards.

@CA_Pilgrim I also use a Verizon phone in the US and wanted to clarify your plan, if I may? You’re going to keep your US SIM in your Verizon phone but keep it turned off most of the time. If you need to do a transaction, you can turn it on with the $10 a day roaming charge and use it to pay on the site so that the verification comes to you smoothly?

Here’s my question. Do you know if it also works to switch back and forth between the EU SIM and the Verizon SIM as necessary?
Hi Eve
You could also try asking your bank if they have any alternatives to using SMS txts as the secondary security method.

As I mentioned elsewhere, one of my banks does not have any alternatives but my other bank does. My more flexible bank allows me to use a pre-registered password. This really simplifies things for me because I then don't have to even think about swapping SIMs for SMS messages.

Buen Camino
 
Hi Eve
You could also try asking your bank if they have any alternatives to using SMS txts as the secondary security method.

As I mentioned elsewhere, one of my banks does not have any alternatives but my other bank does. My more flexible bank allows me to use a pre-registered password. This really simplifies things for me because I then don't have to even think about swapping SIMs for SMS messages.

Buen Camino

My husband works from home since the pandemic. I'm thinking your suggestion above about having someone at home to help might work for me, in addition to just paying the $10 if necessary for emergencies. I just can't get on board with the idea of two phones, and I find that the banks are pretty much "your problem not mine" whenever I contact them about any international issues.
 
The focus is on reducing the risk of failure through being well prepared. 2nd ed.
I was just re-reading this thread and checking that I had @DoughnutANZ ’s links bookmarked (on my browser).
This is what I found on one of them:

7FC39473-9F04-460F-B05F-2671639E9AFC.jpeg

I think I can guess why this has happened … 🙁 … but why would the site be accessible to anyone outside the EU?
 
I get older. I frequently ask myself "at what point did this all get so complicated". As I stuff cling film wrapped euros into my money belt in prep for my forthcoming "finale" Camino ( maybe, never say never and all that) I think on the couple of things.
The panicked pilgrim (not me) on the Primitive who tried getting her bus fare back to Bilbao from an ATM. Her bank sent a validating SMS but she could not access it as rain/ damp had rendered her "smart" phone inoperable. The remedy a non technical bag of dried rice and a long expectant wait.
The pilgrim....me as it happens...who mis- remembered his Visa debit Pin (several times) locking my account for the duration.
Or..trying to buy online ferry tickets using WiFi only for my bank to send me an SMS verification which of course I could not receive because there was no phone signal. Remedy...email base camp for my travel co-ordinator (partner- long suffering) to bail me out again.
Prior to a recent trip I asked my bank about notifications ref using Visa Debit in Central America. They did not want notification but advised I used the card at the UK airport before I went as this would give the algorithm the heads up I was leaving UK. I cannot say if that was true or not but Visa debit worked fine.
So taking a step away from facial recognition, burner phones,SMS ID and multiple verification what not's, this pilgrim will do as he has always done. Carry cash and a Visa Debit card, try to remember his pin, ensure that base camp is up and running and above all factor in the "what if's".
Oh and always keep his mobile phone securely wrapped in a plastic bag.
Buen (and ID verified) Camino.
Fast Ageing Don.
 
I was just re-reading this thread and checking that I had @DoughnutANZ ’s links bookmarked (on my browser).
This is what I found on one of them:

View attachment 141976

I think I can guess why this has happened … 🙁 … but why would the site be accessible to anyone outside the EU?
Which link?
 
Get a spanish phone number with Airalo. eSim, so no physical SIM card. Easy to use app to add more funds if needed.
That is a little odd. I followed the link and got the same response as you, then found the correct link, tried it and copied it for you. Then I read the link
https://finance.ec.europa.eu/consumer-finance-and-payments/payment-services/payment-services_en
and, guess what, it is the same link??????

Not sure what is going on with that website, try this new link.
 
That is a little odd. I followed the link and got the same response as you, then found the correct link, tried it and copied it for you. Then I read the link
https://finance.ec.europa.eu/consumer-finance-and-payments/payment-services/payment-services_en
and, guess what, it is the same link??????

Not sure what is going on with that website, try this new link.
Not the same links. The first one incorrectly has an extra character: payments-services_en

Bad:

Get rid of that s and you get the correct URL:
 
3rd Edition. More content, training & pack guides avoid common mistakes, bed bugs etc
Clearly you have better attention to detail than I do
I visited each link and copied the URL pasting each of them on a line and noticed a line length difference.

I had clicked each link thinking at first there might be a difference in the alphabet used for a letter (e.g., a Cyrillic s looks like a Latin c). That's a trick that scammers sometimes use to get you to click on a link that looks correct. Also, putting the two letters r and n can appear in a quick reading to be a m (m, rn).
 

❓How to ask a question

How to post a new question on the Camino Forum.

Most read last week in this forum

I completed my first Camino (solo) in July and August (Camino Frances) and loved everything about it. I’m not an overly social person but the Frances allowed me to socially interact when I wanted...
I've walked most of the French Camino twice and some of an aborted Portuguese Camino earlier this year. I'm considering a walk next Spring and getting some pushback from friends and relatives. My...
Hey all, This past summer, I walked SJPdP-->Santiago-->Finisterre-->Muxia. I am now starting to plan my camino for this upcoming summer (July-August). I have about 50-53 days to walk, and am...
November on the Camino France is wonderful. Quiet, safe, comfortable with enough pilgrim infrastructure to have a seamless exitance, enough English speaking people to get to know if one wants...

Featured threads

❓How to ask a question

How to post a new question on the Camino Forum.

Featured threads

Forum Rules

Forum Rules

Camino Updates on YouTube

Camino Conversations

Most downloaded Resources

This site is run by Ivar at

in Santiago de Compostela.
This site participates in the Amazon Affiliate program, designed to provide a means for Ivar to earn fees by linking to Amazon
Official Camino Passport (Credential) | 2024 Camino Guides
Back
Top