And I'll just chip in here....

Consumer VPNs are good at geolocating you somewhere else to get around content restrictions.

But their marketing mantra that they offer better security is often mis-sold. If you are using public WiFi then there is a reasonable argument that an extra tunnel to protect stuff like DNS on the shared medium of WiFi that isn't already encrypted is good. But the IP address you end up using to get to the internet is shared with many other people some of whom are up to no good. Most consumer VPN IP addresses therefore end up with medium or high risk scores in authentication and hygiene services. You've chosen to associate yourself with some other low-life.

Then you've got the issue that organisations like your bank are doing their best to keep your accounts safe now see that you've used your card in Cardiff (UK) but you're logging in from California (US) - what are they expected to think?

In many cases you might be better off just using your local source IP, and running some risk that your ISP might get a little bit of a clue about your browsing destinations from DNS queries or destination IPs. And if you want a tunnel for extra last mile security roll your own with a cheap linux virtual server or on other kit you have access to.

At my $dayjob anyone using a consumer VPN to access corporate resources as a minimum gets slapped into an extra round of MFA for good measure, if they don't get blocked.