Using a VPN on my phone and separate card for travel not linked to bank account

I still maintain my US TMobile account even though I spend so much time in Hungary. Its flawless in Europe. I am no more worried about data theft here than I am in the US. So I would say that if you feel a need for VPN at home, get one one for travel. If not, then not.

I use my US bank cards over here daily. Carry 2 but one on you and one hidden and both on Google or Apple Pay so you have a backup. Or at least im comfortable with that.

The implication is that you are 1) intending to withdraw cash at various points
and 2) want to have a secure way of accessing your bank account from Italy
in case it is required.

Is #1 accurate? If so, what makes you think you will need extra cash along the way?
Credit card tap and pay is the predominate method of payment nowadays, unless
you perhaps are so far into the countryside that internet access doesn't exist.
If you don't need cash, you don't need to worry about a chime card or any other
cash access method. Or just get some stateside and most likely you won't need
any more than that on your trip.

As far as using the (ATM, I assume) card linked to your account back home, many
people set up a small separate account and use that bank card for any necessary
withdrawals.

For 2), what data access options will you have in Italy? If you have service with a
carrier that is supported in Italy (such as Google Fi, T-Mobile, Verizon + intl plan, etc),
a VPN is likely unnecessary. I hope you don't need to access a stateside website
very often, but, a service like Windscribe offers a small amount of VPN access for
free each month.

I assume you are concerned about using a debit card linked to a checking account, not a traditional credit card that is not? I only use a debit card to get cash, not for everyday purchases. IMHO as long as you have your phone locked (with fingerprint, face id, or PIN) and you set up multi-factor authentication (MFA) for any banking apps, that is pretty secure without a VPN. Though using an e-sim won't help you if your MFA texts to your US-based number (if you intend to turn off your US cell coverage while overseas). As Mr. E suggests setting up Google or Samsung pay as a backup is a good idea. Even though theft is a low probability, it goes without saying it's wise to keep the emergency contact info for any cards you take separate from your wallet in case you need them.

Definitely set up Google or Samsung Pay before you go and use it locally before you travel so you don't have to fumble on how to use it. I have "Apple-pay'd" my way across Italy, France and UK since 2022 and it's wonderful. You can sometimes even use it for bathrooms in train stations!

editing to add: Is this your first international trip? You may be overthinking some things and it is seriously hard to know beforehand what you should and should not worry about.

Lots of good insights above on banking. I use my normal bank credit and debit cards when traveling, and I have a Wise card as a backup. You should maintain good security procedures with banking regardless of whether you're traveling or at home.

I don't believe you need a VPN. Bank apps are heavily secured anyway. Personally I do avoid using public WiFi for banking or email, but with cellular data you should be fine.

I don’t have a VPN or a smartwatch or a pay feature on my phone.
I would only access online banking in a dire emergency while traveling, such as when I got Covid in Italy in 2022 and had to change and pay for new plane tickets after I had to extend my stay.
Other than that, I have never accessed bank info in decades while traveling
Now, for travel, I have a credit and debit card for an account in a completely different bank to the one we use at home.
It’s only got enough in the account to use for two weeks of travel, so I use that for day to day while I’m on a trip.
If those are accessed by any thieves , I’m not too much out of pocket.
All my accommodation, transport and any reservations are prepaid before leaving home, so no big things to pay for while I’m away.
I do bring my cards from my regular bank with me, but they are in “deep” storage in my moneybelt, and used only if necessary.
Last trip, I never took them out at all.
That’s my security!

Always good to ask questions about security.

I'm looking at options for security to make sure no one will have
access to my passwords/ bank account or other sensitive information.

I do use a VPN and keep it on during travel, but the improvement in security is less than it used to be, fortunately for a good reason: Today, more websites use secured, encrypted connections and any reputable bank website will certainly be secured, so your web traffic can’t easily be intercepted.

I also think VPNs are best for those with some experience with computer networks. For example, VPNs are sometimes used for bad purposes so many websites are suspicious of traffic coming from VPNs and some will even block them, so that it looks to you like the Internet is down. What do you do about that? A tech-savvy person might know that a workaround is to switch to another exit node to change the IP address that your connection seems to be coming from, but a non-technical person might not know the real cause of the problem and get frustrated while trying to make online arrangements during a trip.

A bigger risk is someone or maybe even a room security camera watching you enter your username and password while you stand in line, or sit in a waiting room at a station. A VPN can’t prevent that, but what can is a secure, trusted password manager, like the Passwords app that comes with an iPhone (I’m not familiar with Android phones). It can fill in passwords instantly without error, with the great advantage that no one can see which keys you pressed because you didn’t have to type your password.

Another more likely risk is that if you’re not careful to make sure you’re on the right website, you might enter your username and password on a fake website that just collects them for criminals. People have entered sensitive personal info into airline reservation websites and passport renewal websites that they did not realize were fake, so all that info went into the wrong hands, plus they never get their tickets or passport because the real websites never got their information. Just be mindful about checking the spelling of web addresses you type, or use a bookmark of the known correct web address.

On the street, be mindful of surroundings and keep a good grip on your phone to guard against grab-and-run phone thefts (often reported in some areas). Also set your phone to a short period before it locks. It’s a pain to unlock often, but if it’s stolen while unlocked then they could REALLY dig into all your personal info that isn’t further secured on your phone. For example, if a thief on a motorcycle grabs your phone and speeds away, would they be able to tap a bank app on your unlocked phone and gain complete control over all your finances? Or will your bank app require sign-in and stop them?

I’m not sure how Google Pay works, but hopefully it works like Apple Pay: When you use Apple Pay, the store sees a virtual card number that is not your actual credit card number which is never exposed. This can greatly reduce the chance of your credit card number being stolen so now I always try to use Apple Pay first; if they don’t take it then I use my actual credit card.

Side note: Being aware of the percentage cut that credit card companies take, in small non-chain/family businesses I will often try to pay cash so that they can keep all the money for themselves. By the way, for getting cash at ATMs, I use a debit card for a secondary account with only a modest amount of money in it in case someone drains it. Also, stick to ATMs that are clearly run by an actual bank, to try to avoid fake street ATMs that just harvest data.

A VPN merely hides your actual IP address. For example, while in Italy, you can choose a server in the USA to convince your 'bank bot' that you are located in the USA. A VPN will not protect your passwords or account numbers. Those are still vulnerable to ID theft if you enter them into a fraudulent site by mistake, through data breaches, or phishing attacks. The only possible use of a VPN when in a country different from your home base is to access geoblocked content (e.g., your Netflix account). I have VPN on my phone, but hardly use it.

Dubious post from noahblake above containing link submitted to Webmaster for investigation. If I’m wrong, apologies to the poster!

I wrote my post carefully. There are those who worry a lot about privacy and security. They may be right to do so and I am not going to argue it. But where I would step in is when someone thinks network service or even Wi-Fi service is inherently riskier in Europe than in the US. Well, maybe it is in russia or belarus or Azerbaijan or Turkey. I really don’t know. But in Italy? So my answer is do here what you would do in the US.

The bank card issue is a little different as if something happens, hack or loss, you don’t have a support group here to help you replace it quickly and that can be a real inconvenience. Carrying two cards isn’t a bad idea. The risk of hacking is low these days as most of the ATMs (at least in Hungary) have become tap card machines. No opportunity to skim your card that way and no chance that the machine will eat your card.

Keeping a minimum amount in the account? For me that’s been my norm even in the US. One bank, one checking and one savings account. The checking never has more than 2 weeks cash in it. I can top it off at will out of my savings account using the bank app.

As for the 2-party authentication. I never quite understood, but with my credit cards, on line, sometimes I get asked for it, most often not. But when it does, I still carry my US TMobile phone linked to the bank. No issue. Having my US phone has been such a convenience that I can not imagine not having it. Oh, I have a European phone too, but I live here so that’s common sense. Never been asked in a store.

I use a VPN whenever I go on public WiFi (hotel, airport, hospital, etc.) whether in USA or internationally.

I have had a Capital One debit card separate from my regular bank for travel. I am waiting to see the general consensus on how the Discover network switch will work in the UK and Ireland for this next trip. I also bring my regular bank card for back up. I also hunt down swipe ATMs for safety. However, i haven’t used an ATM more than once on each trip since Covid.

I feel safer with a VPN.

I feel safer with a VPN.

Once you progress beyond a certain level (basic common sense), then Wray, thats really what its all about. Peace of mind. At home and especially on holiday when you are supposed to enjoying yourself.

Google Pay, (and Apple Pay) gives you an added layer of security as it doesn't transmit your actual 16 digit card number when used at a store's terminal. Your phone creates a special stand‑in number just for that device, plus a one‑time code for that purchase. So even if the card reader is compromised, your actual card number isn’t exposed and can't be recorded or used for cloning purposes.

"A VPN merely hides your actual IP address"

A VPN encrypts your data traffic, which is why my work (and many others) requires us to use their VPN when accessing the work network. So there definitely is additional protection. That said, I don't normally use one for personal use, and you're correct when you say it doesn't stop someone entering personal data/passwords etc into comprised web sites.

Mr E - re 2 factor authentication, it is up to the online merchant to decide whether or not to activate it. Those that don't run a higher risk of chargebacks due to fraud, but i guess do so to make it easier for customers to pay them.

Simon, that's like when s store wants a signature. But no one in 15 years had wanted a pin. The last time was a shoe store in Romania. I didn't have a PIN so I put in 4 random numbers and it worked.