Originally Posted by
High Technology
I won't dispute they should have a way to use an international cell number for 2FA, and I'm not defending Capital One in any way, but 2FA via email is not as secure as you might think. It's not that the email can be intercepted, but someone can get the 2FA codes if they have your email password, and do lots of damage (let's just say I spent days reversing all of the damage caused by a very creative hacker).
That said, in a well known cell phone forum a year or two ago, someone was talking about using the T-Mobile $3/month prepaid plan that is now managed through Ultra Mobile for 2FA for an expat. There is an "uproam" option, which is prepaid roaming also charge $0.05/message for SMS in most locations. So it's $3/month for the small domestic allowance you won't use (100 each min/txt/data), and the uproam prepaid balances are $5 increments (prepaid). The initial purchase needs to be in a T-Mobile store (so someone will need to ship you the SIM), but after that it can be recharged online. I've not used it personally, but this seemed to have solved this issue for the person on the cell forum.
Sorry to hear about your negative experience, but if 2FA via email was truly insecure, I'm sure Amex and Chase would not tolerate it, and perhaps they will end it someday. Cap 1, on the other hand, seems to take the position that everyone is a fraudster, which may be a good approach to security but it feels really weird as a customer. Until their cards are easier to apply for and use by international travelers, I will avoid them.