invisible

The procedure below is for people who the first time tried to make an international online transaction with OTP, or US equivalent - 3D security and it did not go thru.

The standard procedure is the following (applies to any bank in the US) when an international transaction is denied. The procedure below is with US Bank, but I had to repeat with Chase as well.

1. Call the main number your card issuer
2. After verification tell them to transfer your call to VISA Verify/Fraud department
2a. The rep will tell you that they don't even see the transaction. Tell them it is normal because the transaction does not even hit bank's systems because it will be blocked by the VISA systems
2b. After that they will transfer you to VISA Fraud/security department.
3. Now prepare for very serious questions from them based on credit history. I was asked:
3a. Full details of my card - address, number, expiration date, CCV,
3b. Last three transactions of the card, including the failed one
3c. My SSN
3d. State where the SSN was issued
3e. What is the county name where the card's billing number is
3f. In which state is my voter registration
3g. The address from my credit history which I had 18 years ago.
4. Once you answer ALL the questions correctly, then they will ask you what you want.
5. You tell them that you are making an overseas transaction with this specific merchant and whitelist the merchant for this transaction
6. They will ask you to try once again. The transition will fail but they need to see in their internal systems the transaction and clear fraud codes - I got a fraud notification on SMS and needed to answer it otherwise the card is blocked automatically.
7. Once they tell you that they are ready, they will ask you to repeat the transaction and in this case, it will go thu.

Every single time I wanted to book a local flight with TK, VN, AirAsia, Lion Air, and now with Indigo for a domestic India flight - as well as to make local online transactions - I have to go with this procedure.

There is no other way. But it works.

Good luck.

zkzkz

This is all handled by the bank. There isn't a single Visa Fraud department for all banks. Normally when they deny a charge they should send you a notification by email or SMS or in an app and you should have the opportunity to say it wasn't fraud in which case they say to go ahead and do the transaction again. It's very odd for it to be denied but have no notification at all. You should maybe check your contact details and make sure they're up to date in case they sent you a notification but you aren't receiving it.

Fwiw I have no experience with US Bank but yeah, Chase had some nutty ideas about what made good security questions. They seem to have improved recently though.

paperwastage

Verified by Visa.

I believe Amex safekey and boa vbv would work too, does OP have any of those cards (without FX fee)?

invisible

This has nothing to do with the bank but rather the payment processor and 2FA that is implemented outside of the US differently. I know what I am talking about - I lived 15 years in Europe and Asia and have/had a number of local cards.

2FA - specifically - either 4-6-8 digit code sent to the registered phone number that is registered at the bank issuing the credit card. In that part of the world, it is called 3D Security. Here in the US, it is called Verified by Visa or Secured by MasterCard. You don't get SMS message to enter the code when doing online/mobile transaction, but there is a splash screen 'Verified By Visa' and then the transaction is going thru. But it is not in the case of an overseas payment processor because the processor does not receive authorization from the card issuing bank about the successful transaction.

To bypass this you really need to call the bank and ask them to transfer you to fraud/verified by the visa department. As I mentioned, the bank does not even see the failed transaction - Chase did not see it, US Bank did not see it - they will tell you (at least they told me) that 'I don't see the transaction you are telling me about'. That is because the transaction is blocked by Visa. While fraudVisa security folks are bank employees, they do have access to Visa systems, not just bank systems, will go thru your verification and once they whitelist the transaction, the merchant payment processor will receive the flag of authorization of a successful transaction and it will go thru.

Above is the case with Visa/MC. Amex does not have this problem, but I have not had Amex cards for >20 years. And yes, I had this problem when I booked internal flights in the region and had to make local online payments with the US-issued cards - specifically Chase and US Bank.

notquiteaff

I have had Bahn.de train ticket purchases fail in the app, but go through on the website. That was with the Chase CSR. Read reports from others reporting the same. Thanks for pointing out that Amex works - instead of going through the interrogation you described, I will just use an Amex card if I run into this issue down the road. Visa and MC really need to make this work seamlessly for their cards.

tmiw

The real problem is that American banks have the mindset that even a code sent by SMS is a major inconvenience to their customers, so having some/most foreign transactions fail (especially when most of their customers will likely rarely or never step foot in a foreign country, let alone buy anything from foreign websites) is an acceptable tradeoff. Make 2FA mandatory in the US (by card network rules and/or law) and the problem will solve itself.

(FWIW, I never have problems with my CSR on foreign websites. Meanwhile, I've had at least one Mastercard--which I'm pretty sure is supposed to send SMS codes if needed--simply never work. I could just be using the wrong websites, though.)

invisible

None. My US-issued cards are only Visa and they are Chase/US Bank.
If you try to top up Suica/Pasomo with CSR, it will fail.

paperwastage

sounds like its time to diversify/derisk (just in case the visa network goes down or your bank is down, you have alternative)

no problems with jetstar/tigerair/scoot, other asia/europe online websites, VbV text message comes through on my boa visa


usually dont use my amex overseas, but tested it and safekey comes through

US AMEX Plat to make payment on site requires 3-D secure
that is a known problem, blame the suica/applepay blocking almost all foreign visa, mastercard/amex may still work

invisible

While I agree with the sentiment, If VISA and/or Chase/US Bank goes down, I and the whole world are going to have a much bigger problem on our hands than purchasing something on foreign websites.

mia

In this context I think "goes down" refers to a service outage, not a financial failure. Chase and VISA are not immune to problems.

der_saeufer

Exactly. It's time to diversify cards. Contrary to the statement up-thread, how VbV is implemented can and does vary by bank. Not all American card issuers choose to implement it the same way. Chase doesn't want to "inconvenience" its customers, so when VbV is triggered, Chase will normally just process the transaction anyway. When that doesn't work, you find yourself in the situation in the OP, having to call the fraud department and play games just to spend money. That's one of the reasons I cancelled my Chase cards.

Capital One supports SMS second factor, so when I try to buy something online that trips VbV, I get a box telling me that Capital One will SMS me a code. I click OK, I get the code, I enter it on the website and the purchase goes through. Even still, Capital One's implementation is annoying if you have AUs--it'll only SMS one number no matter which card is used to make the transaction. The ridiculous workaround we came up with is that my wife and I have a shared Google account with a GV number so we both get the codes. USAA has a similar implementation where (when it works correctly) I can approve the transaction in the USAA app or receive a code.

It's the same story for European card issuers. ING's 3DS implementation required me to get the ancient calculator-looking code generator, insert my card, enter the challenge token, etc. and then enter the code on the webpage. N26 sent a push notification to my phone to approve.

I just did this the other day for an upcoming trip to Japan. Three Visa cards in a row failed, but Mastercard worked fine.

jchock1

jchock1

I've had a jp morgan chase reserve card for years, and travel extensively internationally. I can count on one hand the number of times I've had any issues with it being declined. It just works 99.999% of the time with no involvement from me.

I just got a capital one venture x business card, and over the last 4 months traveling, for most online purchases it requires the 2fa texts, even for tiny amounts (1Ą). Museum tickets, airline tickets, taxi apps, and on and on. Even when I get the green checkmark that I've been verified, about half the time the card is declined when I'm redirected to the merchant. And as you mention, there can only be one phone number for all cards on the account, so when my husband isn't with me, he has to text me to get the code. I'm not dedicated enough to to get a joint gv number to resolve this issue but what a clever workaround.

After I meet the spend for the welcome bonus it's going directly into the sock drawer. Who needs a hassle to use your credit card. I assume chase has an algorithm that does a sufficiently good job of detecting fraud such that they don't need 2fa.