All content copyright © 2010-2024 Frank Revelo, www.frankrevelo.com
Phone should be unlocked, to allow use on any network.
Because I depend heavily on smartphone while traveling, I carry primary and spare. Primary smartphone has local prepaid SIM, which I buy new upon entering country and discard when leaving: as of 2024, $5-20/month for at least 15GB data (Mint Mobile in USA, Yoigo in Spain, A1 in Bulgaria, Yettel in Serbia, Vodafone in Ukraine, etc).
Spare smartphone has USA Ultramobile PayGo plan: as of 2023, $3/month for 100 minutes, 100 SMS and 100MB data, purchase additional data for $10/GB. International roaming on T-Mobile network, paid for from non-expiring wallet credit: receiving SMS texts is free, sending SMS in Europe typically $.05 each, voice in Europe typically $.25/minute, no data roaming. Spare smartphone only used for emergency receipt of SMS 2FA (two factor authorization) texts, though could also be used for emergency calls (plus data in USA) if primary smartphone/SIM fails. Because PayGo Terms and Conditions states that primary usage must be USA, I keep PayGo SIM deactivated other than when in USA and if primary smartphone/SIM fails outside USA and I need to make emergency voice call.
Alternative to Ultramobile PayGo is NumberBarn. $5 setup then $2/month, includes Send/Receive SMS through their App.
Many mobile operators do not immediately delete accounts if monthly fee not paid, but merely disable account and account only deleted after year of no payment. So instead of buying new SIM upon entering country, simply add money to existing account and SIM again becomes active. This is convenient if returning to same countries year after year and especially convenient if using eSIMs and smartphone has room for multiple eSIMs.
As of 2024, all my accounts (financial institutions, PayPal, AirBnb, etc) allow Google Voice VOIP service for receipt of SMS 2FA texts. Because companies can stop support for VOIP at any time without warning, very important to be able to receive SMS while roaming. In 2020, I was forced to close Ally bank account because it stopped working with Google Voice. At that time, I had ATT prepaid mobile service, which did not allow receipt of SMS texts while roaming outside USA. Ultramobile PayGo does allow receipt of SMS texts while roaming outside USA, however this feature should be used only as emergency backup, since PayGo terms and conditions state that service usage must be primarily USA.
Viber and other chat apps associated with mobile number. I have two such accounts: one permanently associated with Ultramobile PayGo number, one associated with current local number. Each time local SIM replaced, chat app notifies contacts of new number and preserves chat history. Possible to lose chat history if both phone and number changed simultaneously, thus best to store important information outside chat app.
For transactions with financial institutions, computer must be free of keyboard monitors and other malware. Possibly you can trust someone else's computer. If not, bring your own or bring a smartphone with adequate capabilities to substitute for computer when secure access to internet is needed. Or use old-fashioned voice telephone (including via Google Voice or other VOIP service) instead of internet to perform financial transactions.
Even with your own computer or smartphone, remember that eavesdropping on wifi connections is easy. Mobile data connections are much more secure than wifi. SSL ("https" rather than "http") mostly eliminates insecurity of both wifi and mobile connections. SSL might still be vulnerable to man-in-middle attacks during connection setup. Banks and other other websites protect against such man-in-the-middle attacks by using two-factor authentication (2FA), such as sending SMS text to mobile phone number.
VPN (virtual private network) service only adds security if VPN provider is trustworthy. As of 2021, I used free version of ProtonVPN to connect with USA financial institutions while in Ukraine, since many such institutions assume all connections from Ukraine are fraudulent. Since connection to USA financial institution is via SSL and with two-factor authentication, it doesn't really matter if ProtonVPN is trustworthy or not.
There has been much progress in recent years in technology of cracking passwords. In particular, 8 character passwords are no longer reliably secure, and networks of hackers now exist to take immediate advantage of cracked passwords which have been used on multiple sites. It is thus best to create unique 16 character or longer randomly generated password for each website for which you have account. Memorizing such passwords is impossible, so use password manager, protected by secure master password, which then becomes the only password you need to remember. I use KeePass (which is free, though I donated to author) because it is very secure and runs on all systems I am likely to use: Windows, Linux, Android, iOS, MacOS. Master password database is kept on my computer, with copies on smartphone and memory cards in wallet and storage locker. There is little risk in storing copies of master password database in insecure locations (like memory card), since database is protected by secure master password. Big risk is forgetting master password, so be sure to write down on scrap of paper and store somewhere secure, like safe deposit box or storage locker.
I prefer web-based accounts (such as Google gmail), so that email automatically synchronized between laptop and smartphone. Avoid accessing web-based email accounts using shared computers, due to possibility of keystroke-monitors and other forms of malware. That is, assume anything you type into shared computer or shared smartphone, including all userids and passwords, is being intercepted and read by hacker somewhere.
Because most websites are setup to send password reset information via email, it is critical to securely protect email accounts. Google gmail allows for persistent login, meaning you are automatically logged in, using "cookies" stored on your local computer or smartphone/tablet, next time you visit Google website. Also, some email apps store logon information so as to log you on to email account automatically. For email accounts like this, if someone steals your local computer or smartphone/tablet, and that device is not protected by strong password, then thief will have access to your email account, and thus access to password reset emails, and thus access to all your internet accounts, including financial websites. So protect your computer and smartphone/tablet with strong passwords that are automatically activated after 5 minutes or so of inactivity.
This is a nice way to have a permanent address in cyberspace. As of 2022, Godaddy.com provides domain name service and email forwarding for $20/year. Bluehost provides web hosting for about $6/month or $72/year. Cheapest web hosting is Amazon Web Services (AWS), which runs about $1/month for website like mine, with static html only and limited amount of visitors. AWS does not provide unlimited bandwidth, so mass attack by hackers could cause higher costs.
Online backup sounds nice, but I don't trust it. Also, motels often have slow wifi connections, which makes online backup difficult, especially for large media files. Thus I rely on combination of smartphone and memory cards (as of 2024, 128GB microSD cards) for backing up my laptop computer.
Media files (ebooks, photos, music, video) and this website don't require encryption, so I copy these directly to both smartphone and memory cards. Document files are compressed into zip format twice (initial zip file, then another zip file wrapping initial zip file so as to hide filenames, which would otherwise be visible due to technical limitations of zip file format), with wrapper file encrypted using 256-bit AES encryption method, using same password as for KeePass password manager. These zip files are small (about 20MB), so I keep multiple copies on both smartphone and memory cards (both of which have storage measured in GB). To organize zip files, I use filenames like YYYY_MM_DD.zip (initial zip file) and YYYY_MM_DD.zip.zip (encrypted wrapper zip file).
I keep one pair of memory cards in my storage locker and one pair in my wallet, and swap whenever I visit storage locker. (Like any physical media, memory cards can fail, so backup should always consist of pair of cards with identical contents, rather than single card.) While traveling, changed document files backed up as attachments to emails to myself (effectively, online backup).
It only takes a few minutes to create new zip file for documents and copy to smartphone and memory cards, so I do this daily, assuming any changes. Thus, if laptop fails or is stolen from motel, I lose only one day of modifications to files. If motel burns down and I am unable to rescue either smartphone or wallet containing memory cards (very unlikely), I lose only modifications since I last visited storage locker.
Simplest and usually cheapest way to get cash while traveling is ATM withdrawals, assuming card has minimal fees for use with international ATMs. Several bank accounts are advisable, in case something goes wrong with primary account. For example, damaged ATM cards, account drained by thief, account locked because of suspicion of fraud.
For travel to countries undergoing financial crisis (such as Ukraine in 2015 or 2022), it would be advisable to bring along some crisp recently printed $100 or €50 bills, which can be easily converted to local currency at a good exchange rate at banks and other reputable exchange offices. Be careful about shady looking characters who congregate in bus stations, offering very attractive sounding exchange rates, as they tend to be sleight-of-hand swindlers.
Printed ATM receipts showing account balance are sometimes needed to show proof of funds to border control officials. However, some banks do not support showing balance when used with international ATMs in some countries. No way to know for sure until you test, plus banks can change policies at any time. This is another argument for having multiple banks, each with substantial account balances.
From 2020-2023, I experimented with account at Piraeus Bank in Ukraine, funded by depositing Ukrainian currency withdrawn via ATM machine from USA banks. This convoluted scheme was only required because problems in Ukraine using debit cards from USA banks and with making SWIFT or other direct transfers from USA banks to Ukraine banks. After war broke out in Ukraine in 2022 and I was unable to travel there, I tried doing bank-to-bank transfers from Piraeus to pay for Kyiv storage locker. This required receiving 2FA SMS at Ukrainian phone number, which I had kept active specifically for use with Piraeus, which was nuisance and added expense. Initial transfer in 2022 worked, but then in 2023 Piraeus website was updated so that I could no longer login, but I could still login to smartphone app, though for some reason app did not allow transfer to proceed. I ended up doing bank-to-bank transfer from USA bank using Wise. However, Wise did not allow me to specify exact amount of Ukrainian currency. Instead, I had to estimate value in USA currency then add a few dollars to be on safe side. Also, comment accompanying Wise transfers can only be 30 Latin or no numeric chars, no Cyrillic, no punctuation such as dashes or periods. Storage locker in Kyiv was cooperative, so transfer was eventually accomplished.
At this point, I am disgusted with foreign banks and hope to be able to avoid them in the future. Account at Piraeus was always under $10K, so only reporting to USA government was checking box on form 1040-SchB of income tax return to indicate ownership of foreign bank accounts. Since my income tax return is otherwise extremely simple, audit risk is low, but I would like to reduce audit risk to zero, and so would prefer not to have to check this box. When I opened Piraeus account, bank clerk spoke English, but telephone customer support is Ukrainian or Russian, and that will likely be true for all banks in Ukraine. Hopefully, when I return to Ukraine, I will not have so much trouble with debit cards from USA banks and perhaps Wise will be updated to support exact transfers to Ukraine, in which case I can close my Piraeus account and be done with foreign banks permanently. (Wise currently supports exact transfer for less volatile currencies.) If not, then I might open PrivatBank account upon entering Ukraine and fund account with enough cash for annual bank account maintenance fee, storage locker rent for year in advance, and routine debit card payments. Before exiting Ukraine, drain account to minimum possible, or perhaps leave enough for 2 years of annual bank account maintenance fees.
As of 2022, Bank Of America charges $45 per SWIFT transfer and Citibank charges $35, whereas Schwab and Fidelity debit cards can be used to obtain local currency from non-USA ATMs with only 1% currency conversion fee. So SWIFT is only cheaper than debit cards for transfers over $4500 (Bank of America) or $3500 (Citibank). SWIFT can transfer money as US dollars, rather than local currency, which might be an advantage. Banks often impose low daily limits on SWIFT transfers for consumer accounts. When I tested $100 Bank of America SWIFT transfer to Piraeus bank in Ukraine, Citibank was used as intermediary bank. Citibank did not charge any fee, but fee for intermediary is possible. So probably Citibank better USA bank if planning to do frequent international SWIFT transfers. Citibank requires visiting branch bank in person to enable account for international transfers, and scrupulously follows USA government regulations for establishing new bank accounts, meaning proof of permanent physical residence required (such as utility bill in my name or voice conversation with apartment leasing office), which is problem for people like me who live in motels, since motels don't count as permanent address.
OFX.com is an alternative to Wise and Swift for international bank transfers. I have no personal experience with OFX.
Foreign banks typically require USA citizens to provide social security number for reporting to USA government. In some cases, bank may want to see photo of social security card or other proof that number you provide is correct. For this reason, I recommend carrying photograph of social security card on smartphone, assuming you don't carry original social security card while traveling.
Some banks charge stiff fees for using ATM's outside their network, especially internationally. Others charge only 1% Visa/Mastercard foreign exchange fee, plus whatever fee foreign bank charges for using its ATM (typically about $2). Cards with Visa logo use Plus network while cards with Mastercard logo use Cirrus network. Most (though not all) ATMs work with both networks. Payments by debit/credit cards (either with card itself or through Google or Apple pay or other electronic payment systems) another possibility, but fees sometimes very high for international transactions. Also, fees typically very high (5% or more) for cash advances on credit cards, plus interest charges until cash advance balance paid off.
Plain vanilla ATM cards have the advantage that they cannot be used without PIN. Thus possible to store such cards insecurely as ready source of emergency cash. Since banks often make it very easy to change PIN via automated telephone system, using information that is readily available to fraudsters (social security number, date of birth, zipcode of mailing address), only keep limited amount of money in these accounts. Many banks no longer issue plain vanilla ATM cards for checking accounts, whereas they do issue vanilla ATM cards for savings accounts. So this might be reason to set up savings rather than checking accounts at one or more banks.
All my banks allow debit/credit cards to be locked online using website or smartphone app. Note that unlocking requires internet access, but internet access might not be available when you first arrive in a new country and need to withdraw cash from ATM or use debit/credit card to setup mobile service. Also, if smartphone lost/stolen, you might need debit/credit card to buy new smartphone. I always unlock one debit card before traveling to new country, unless I already have enough currency with me to setup mobile service. Can also use debit/cards over internet, using details (card number, expiration date, security code) carried securely in password manager app on smartphone (KeePass2Android).
Buyer protections are much better for credit cards than debit cards or cash, because possible to ask credit card company to put hold on transaction until dispute resolved. Whereas with debit card or cash, you will have to fight merchant directly to get money back. In practice, this credit card feature of limited value to long-term travelers, who usually can't wait around several months for credit card dispute to be fully resolved. Better approach is to simply avoid major purchases where there is possibility of disputes. Purchases I make via credit/debit cards are for airfare, electronics, books and gear, with most of these purchases made over the internet. Disputes over airfare with major carrier are unlikely, and even less likely is possibility that consumer will prevail. Dispute with small travel agency is another matter—I recommend avoiding these or else paying with hard cash rather than plastic. Purchases for electronics, books and gear are usually for small amounts that I can afford to lose. In practice, I have yet to have problems with dishonest vendors for purchases made over the internet, probably because I carefully evaluate these vendors in advance. Long ago, I dropped a credit card after using it to buy a bus ticket. It was picked up by a thief, who quickly bought several thousand dollars of electronics goods (big-screen television, etc). Because I notified credit card company within a day of loss of card, and because thief was caught (while buying more electronics), and because I agreed to testify in court if that was ever necessary (it wasn't), charges were cancelled and I lost nothing. That is the only credit/debit card problem I have ever had.
To reduce credit fraud, setup credit freeze at all major credit bureaus: Equifax, Experian, Transunion, Innovis. Credit freeze can be easily imposed and released online at zero cost. Release when want to establish new credit account, otherwise keep frozen to prevent fraudsters from creating credit accounts in your name.
Good mail box service will offer option of bundling and forwarding mail. USPS post office boxes are inferior to private mail box services for many reasons: (a) post office may return mail if not picked up within 30 days, especially if mail overflows box; (b) can't pay box rent while traveling, such as by automatic deduction from credit card or mailed check; (c) no forwarding service; (d) some mailers require street address, especially for UPS or Fedex packages. In Reno, I use The Postal Depot, which charges $215/year as of Feb 2024 for their basic service, plus forwarding fees as needed. (I have never used their forwarding service. Instead, I let mail accumulate and pick up each Nov and Feb, months when I'm in the Reno area. I also receive packages at their office each Nov and Feb but do not let packages accumulate because there is a charge for that.) I have been with this company for over 20 years and can recommend highly.
Even if you retain your permanent apartment while traveling, secure storage locker is good idea for storing enough gear to be able to recover in case apartment burns or is burglarized. For example, back when I still had an apartment, I stored an old laptop computer and full set of winter clothes, among other items, in a small locker. I also store either my passport book or passport card in my storage locker, in case I am robbed of identification I am carrying on my person. Rumor has it that some low cost storage lockers in big cities have high rates of insider theft.
In Reno, I use Interstate U-stor, which charges $1464/year ($122/mo) as of Jan 2024 for 5'x10' indoor locker (big enough to easily store my bicycle). I have been with this company for over 20 years and can recommend highly. Price would be $10/mo lower if I had my own insurance.
In Kyiv, Ukraine, I use Pochaina metro location of TetrisBox, which charges $192/year as of Feb 2024 for 1 cubic meter sized locker. I began service with this company in 2021. Payment by bank transfer from Ukraine bank account (or by bank transfer from USA bank using Wise or Wells Fargo transfer services, or by PayPal if all else fails). Competitor is Komora4You.
If living in motels while not traveling, useful to have access to workshop for messy bike work. I use public work stations at Reno Bike Project for $10/hour as of 2023.
EFTPS automates paying United States estimated income tax. I've been using this system for over 20 years. Works very well once set up.
As of 2022, I use HRBlock to file USA income taxes. Previously, I used Turbotax, but that service become steadily worse over the years and finally failed completely for 2021 tax year, due to inability to properly handle form 1116, foreign tax credit. HRBlock is cheaper than Turbotax, easier to use, and provides better documentation of internal calculations.
As of 2013, possible for criminal to file a false tax return for someone else, giving false information to generate big refund, which is then routed to criminal's bank account. Once problem is detected, IRS will allow victim to refile. However, if victim was due refund, then IRS will not give that refund until it collects refund it previously routed to criminal, which may take years. This argues for being careful not to overpay taxes, so as to avoid refunds. Many flaws with IRS procedures, but biggest flaw is that IRS, unlike private companies, does not require taxpayer's name to be identical to name on bank account to which refunds are routed.
EFTPS can be combined with above flaw to drain bank account, as follows. Criminal creates EFTPS account using someone else's name and social security number, attaches this EFTPS account to victim's bank account, uses EFTPS account to pay large amount of estimated tax for victim, files tax return for victim, and then has tax refund routed to criminal's bank account. Only way to protect against this sort of fraud would be to ask bank to disallow ACH (automated clearing house) transactions against your account. However, that would prevent online bill paying and other conveniences (though these conveniences also enable other types of fraud). As noted above in regard to debit card, simplest way to limit losses to bank account is minimize money stored in bank account, while keeping bulk of money in separate investment company account. I use Vanguard for my investments.
As of 2013, supposedly possible to request IRS to provide Identity Protection PIN or IP PIN (file form 14039 or call Identity Protection Specialized Unit at 800-908-4490, extension 245). Each year in mid-December, IRS will send letter 4869CS, containing unique 6-digit IP PIN for that tax year, which is then used when filing either electronically or by hardcopy mail so as to prove return is legitimate. IRS will only send this letter once and will not reissue PINs. I'm not sure what happens if postal service loses letter. I'm considering enrolling in this service myself, though I've never been a victim of identity fraud.
Also good idea to setup ssa.gov account, to avoid various types of Social Security fraud. May need id.me account as well, which in turn may require 2FA SMS texts to non-VOIP number.