Your bank's fraud team doesn't know you moved.
The first time you log into Chase from Lisbon, their fraud detection sees Texas yesterday, Portugal today — and locks the account pending verification. The verification call goes to the US phone you can't easily answer. The login you needed to make a transfer doesn't happen.
A VPN solves that — and two other real problems. It also doesn't solve a few things people assume it does. Here's the honest version.
Affiliate disclosure: this page contains links we earn a commission from.
Updated · Published
This page is educational. It explains how US retirees typically use a VPN to smooth access to legitimately-theirs accounts after moving abroad — not advice for misrepresenting residency to a financial institution, which can have legal and account consequences. Always keep your actual address current with your bank, brokerage, and the IRS.
Yes, an expat VPN belongs in your stack — for three specific reasons.
For a typical retiree moving abroad — here's the whole picture in six bullets:
- A VPN with a US server makes your login look domestic to US banks, brokerages, and government portals — which stops the foreign-IP fraud flag from locking you out.
- It also encrypts your traffic on public Wi-Fi — hotel, cafe, airport, short-term rental — which is the actual mitigation for the man-in-the-middle attacks retirees abroad get hit by.
- And it lets you keep using US-only streaming — Hulu, MLB.tv, news sites — from your couch in San Miguel.
- What it doesn't fix: brokerage closures. Vanguard, Fidelity, Merrill, and others close expat accounts based on the address you give them, not the IP you log in from. A VPN won't save the account.
- Critical detail: shared VPN IPs make it worse with banks — banks blocklist datacenter IPs because real fraudsters use them. The fix is a dedicated IP, a paid add-on most providers offer.
- We recommend NordVPN with the dedicated-IP add-on (~$3.69/mo extra on the two-year plan, on top of the base subscription). Best fit for the banking use case, clean ownership and audit history, and the UX a 67-year-old can actually use.
One ethical line up front: a VPN is a smoothing layer for accounts that are legitimately yours and where your bank knows you live abroad. It is not a tool for hiding your residency from a US financial institution. Those are different things, and the second one can be fraud.
See our NordVPN recommendation →Why your first login from Lisbon gets blocked.
US banks track where you log in from. The fraud AI is tuned to notice when "Texas yesterday" becomes "Portugal today" — that's the signal it was built to catch. Real fraudster, real you, same pattern.
Hard fraud holds
Chase is the most-cited bank for aggressive foreign-IP holds. First login from a new country often triggers an account freeze until you complete identity verification — which means a call to a US number and, sometimes, a notarized form. Not the workflow you want on day three abroad.
Soft locks & step-up auth
BofA's pattern is gentler: a step-up authentication challenge on the first login, then the account stays accessible. Still annoying — the challenge usually depends on a US phone number receiving an SMS code, which is its own problem if your old carrier has already gone dark.
Mostly fine, sometimes not
Brokerages with international support tend to handle foreign IPs more gracefully — they expect their customers to travel. Schwab International and Interactive Brokers in particular are built around the use case. But forum reports suggest even friendly brokerages occasionally flag a login that looks "off."
Why this matters more for retirees than for working expats
A working-age expat locked out of their bank for a day loses an inconvenience. A retiree relying on monthly Social Security or IRA distributions to cover rent can lose the rent payment, the late fee, and a week of stress while customer service in a different time zone catches up. The fix is preventative — smooth the login before the flag fires.
A VPN fixes three things. It doesn't fix two others.
Most VPN marketing treats "expat" as one big problem. The real picture is more useful: it solves three specific things cleanly, and there are two things you'll hear it recommended for where the actual fix is somewhere else.
Three real use cases
- ✓Bank-login smoothing. Connect through a US server before logging into Chase, BofA, or your brokerage. The login looks domestic. The fraud flag doesn't fire.
- ✓Public Wi-Fi security. Cafe Wi-Fi, hotel Wi-Fi, airport Wi-Fi, short-term rental Wi-Fi. All of these are attack surfaces. A VPN encrypts the traffic so anyone snooping the network sees noise, not your banking session.
- ✓US streaming services. Hulu, MLB.tv, NFL Game Pass, US-only news sites. A US server unblocks them. Not the headline use case, but a real one — especially for snowbirds keeping the same Hulu sub working from Mexico.
Two things people assume it does
- ✕Brokerage account closures. Vanguard, Fidelity, Merrill, Edward Jones, Ameriprise, TIAA, and USAA have all restricted or terminated expat accounts since 2024. They do it based on the address on file, not your IP. A VPN won't save the account. The actual fix is moving to an expat-friendly broker.
- ✕Government portals (SSA, Medicare, IRS). Mostly these work fine from abroad if you've set up an ID.me credential. SSA explicitly tells expats to use ID.me, not Login.gov. A VPN can help if you hit a specific block, but it's not a routine requirement here.
See investing as an expat and keeping your US brokerage accounts abroad for what to do instead.
The simple test: does the institution care about your IP, or your address on file?
Banks and fraud-detection systems care about your IP — a VPN helps there. Brokerage compliance teams and KYC reviews care about the address you gave them — a VPN doesn't help there. Sorting your use case into the right bucket is most of the question.
Why most VPNs make the bank problem worse.
This is the detail most "use a VPN for banking" articles miss — and it's the difference between a setup that works and a setup that gets you flagged twice as fast. The fix isn't expensive, but you have to know to ask for it.
The default: a shared IP
When you connect to a standard NordVPN or ExpressVPN server, you're sharing the same US IP address with hundreds of other users. That IP lives in a known datacenter — AWS, Google Cloud, DigitalOcean — and banks know those address blocks.
Two things happen: the bank's fraud system sees a flood of logins from one IP and treats it as a coordinated attack, and the IP itself sits on a blocklist of "known VPN" addresses. Your shared-IP login looks more suspicious than your bare foreign IP did.
The fix: a dedicated IP
A dedicated IP is a US IP address that belongs only to you. You connect, and the bank sees a single consistent US IP — the same one, every login. After two or three uses, the fraud system stops flagging it. It looks like a home broadband connection, because that's effectively what it's behaving like.
Every major VPN offers this as a paid add-on. NordVPN's runs about $3.69/month on top of the base plan when committed to a two-year term. Cheaper than two months of cable internet.
If you take one thing away from this page: don't recommend yourself the base plan for banking. A shared IP is fine for streaming and public Wi-Fi. For US bank logins, the dedicated-IP add-on is the difference between "this fixed it" and "this made it worse."
The use case nobody argues with: cafe Wi-Fi is hostile.
Set the banking question aside for a second. Once you're abroad, you'll be on more public Wi-Fi than you ever were at home — airport layovers, hotel rooms, cafes you work from, Airbnbs with whatever router the host hasn't updated since 2019. That's a real security story on its own.
Man-in-the-middle attacks
An attacker on the same Wi-Fi can intercept traffic between your device and the websites you're using. On unencrypted connections — and even on partially-secured ones — they can grab login cookies, session tokens, sometimes passwords. Hotel and airport networks are the most-cited venues.
Fake Wi-Fi networks
The "Free Airport Wi-Fi" SSID in the corner of the lounge isn't always the airport's. Attackers spin up rogue access points with familiar-looking names and route every connecting device through their laptop. Your phone happily joins, and your traffic is someone else's data.
End-to-end encryption
A VPN encrypts every byte between your device and the VPN provider's server. Anyone snooping the local Wi-Fi sees encrypted gibberish — not your banking page, not your email, not your search history. Set the VPN to auto-connect on untrusted Wi-Fi and it happens without you thinking about it.
Even with a VPN, your phone's hotspot is better for banking on the road
If you're doing something high-stakes — wiring money, opening an account, anything you wouldn't want to redo — use your phone's cellular hotspot rather than hotel Wi-Fi, even if the VPN is on. Defense in depth. The VPN handles the everyday case; the hotspot handles the "if anything goes wrong, the consequences are big" case.
NordVPN
with the dedicated IP add-on.
~$7 a month, all in.
NordVPN is the right pick for retirees who actually want this to solve the bank-login problem. The dedicated-IP add-on is the best-developed in the market, US server coverage is broad enough that streaming and basic browsing stay quick, and the app is one-click simple — the kind of thing you can set up on an iPad and forget about.
- Dedicated US IP add-on — the actual fix for bank fraud flags
- Audited no-logs policy — PwC and Deloitte audits, Panama jurisdiction
- Six simultaneous devices — phone, laptop, tablet — both partners covered
- One-click apps — iOS, Android, Mac, Windows — minimal setup
- Auto-connect on untrusted Wi-Fi — the public Wi-Fi protection happens automatically
Affiliate link — we earn a commission if you sign up, at no cost to you.
What it actually costs
NordVPN plans
Two-year commit · billed annually
Skip the dedicated IP if you're only using the VPN for streaming and public Wi-Fi — the base plan covers those fine. The $3.69 add-on is specifically for the bank-login use case, where a shared IP makes things worse.
Pricing reflects published NordVPN rates at time of writing and can change. Confirm at signup.
A quick word on the alternatives.
ExpressVPN is the brand most retirees have heard of, thanks to a decade of podcast ads. We don't recommend it. Here's the short version of why, and the alternatives that are actually credible.
Ownership concerns
ExpressVPN was bought by Kape Technologies in 2021 — a company formerly known as Crossrider, with a history in adware browser extensions. In 2026, Kape went fully private, removing external visibility into the parent. The trust posture is worse than what we'd recommend to a 65-year-old trusting it with banking traffic.
The value pick
Surfshark is owned by Nord Security (same parent as NordVPN, since 2022), so the trust posture is the same. It's cheaper, offers unlimited device connections, and has static-IP options. The dedicated-IP product is less mature than Nord's — use it as the value alternative if Nord's pricing pushes back.
For the technically inclined
ProtonVPN is the strongest privacy story — Swiss jurisdiction, fully open-source apps, run by the Proton Mail team. It's also the most technically demanding to set up. Worth it if you actively care about the privacy posture; not the best UX fit for most of our readers.
What about the free VPNs (and the ones built into browsers)?
Free VPNs — including the ones bundled with Opera or other browsers — are not appropriate for any use case on this page. Many free providers fund themselves by logging and selling user data, the encryption quality varies wildly, and most lack the US server coverage and dedicated-IP option you'd need for banking. If you wouldn't run an unknown free antivirus, don't run an unknown free VPN — especially over your banking traffic.
Browser-built-in VPNs (Brave, Opera) protect traffic in that browser only. Your banking app on your phone, your email client, your iPad — none of those get the protection. For an expat use case, you want a system-wide VPN that covers every app on the device.
Smoothing logins isn't the same as hiding your residency.
The most common bad advice on this topic goes one step too far. A VPN is a fine tool to keep your bank's fraud system from locking you out of an account it knows belongs to you. It is not a tool to tell a US brokerage you live in Dallas when you live in Lisbon.
Smoothing a known-yours account
- —Logging into Chase from Lisbon, where Chase has your CMRA address and knows you've moved
- —Watching your paid Hulu subscription from Mexico
- —Encrypting hotel Wi-Fi to stop a stranger from sniffing your traffic
- —Avoiding a fraud lockout on the IRS payment portal during tax season
Misrepresenting your residency
- ×Telling Vanguard you live in Dallas so they don't close your account, when you actually live in Lisbon
- ×Opening a new US brokerage account using a US address you don't actually live at, with the VPN as the cover
- ×Using a VPN to evade a sanctions geofence on a service
- ×Filing state taxes from a state you no longer have ties to because the IP "looks" right
The good news: there are real, compliant fixes for every "not fine" item above. Use a CMRA address service and tell your bank you live abroad. Move your investments to a brokerage that serves expats. Sort your state residency properly. None of these require pretending.
Five things to do, in this order.
-
Decide whether you need the dedicated IP
If your reason for getting a VPN is bank-login smoothing, yes — add it. If you only want the public Wi-Fi security and US streaming, the base plan is enough. Most retirees moving abroad full-time want the dedicated IP.
-
Sign up for NordVPN on the two-year plan
The two-year price is the meaningful one — month-to-month NordVPN is much more expensive. Add the dedicated US IP during checkout if you decided you needed it.
See NordVPN plans → (opens in new tab) -
Install the app on every device you bank from
Phone, tablet, laptop. NordVPN covers six simultaneous devices on one account, which is enough for both partners' phones, both laptops, and a tablet. Set the app to auto-connect on untrusted Wi-Fi.
-
Test it before you fly
From your kitchen in the US, connect to NordVPN's US server (or your dedicated IP), and log into your main bank. Confirm nothing flags. Better to discover a setup problem here than at the cafe on day three.
-
Update your real address with your bank and brokerage
Whether or not you use a VPN, your bank and brokerage need your current address — your CMRA mailbox if you use one, or your foreign address if your institution accepts it. The VPN doesn't replace this; it sits alongside.
How to set up a US address →
VPN handles the IP problem. The phone number is the other half.
The same banks that flag your foreign IP also expect 2FA codes to arrive at a US mobile number. A cheap MVNO keeps that line working from anywhere — and pairs naturally with the VPN setup above.
Read the phone setup guidePrimary sources
- SSA — How will I access my personal Social Security account if I am overseas?
- Cerity Partners — American Expat: Brokerage Account Closures and Restrictions
- WhereNext — US Brokerage Account Closures for Expats 2026
- Norton — Public Wi-Fi: A guide to the risks and how to stay safe
- NordVPN — Dedicated IP feature details and pricing
- Cloudwards — Kape Technologies acquisition of ExpressVPN (background on ownership concerns)