Business

COMMENT

They're coming after your frequent flyer points

  • 23 reading now

Here's something else to worry about: the legion of cyber fraudsters and identity thieves are trying to steal your frequent flyer points – and they're succeeding.

The scumbags have stolen some of mine and would have grabbed more if Qantas hadn't picked up the fraud.

Up Next

Ahmed Fahour's shock Australia Post resignation

null
Video duration
01:08

More BusinessDay Videos

They're coming for your frequent flyer points

Just when you think the risk of identity theft and cyber fraud means you’ll have to leave your credit cards in a safe, here's another one. The scumbags are stealing your frequent flyer points.

Qantas won't divulge just how common frequent flyer identity theft is, but it's common. (The airline, like the banks being a bit vague about the extent of credit card fraud, says it's a security issue, not wanting to encourage the criminals. I suspect it's also a little embarrassing.)

Qantas is fighting back by beefing up its cyber security. Starting from Thursday, it's rolling out a trial of "a second-factor authentication process" – geek speak for texting you a code before you can log on to your account, the same way banks SMS a security code for many online payments.

OK, having your frequent flyer membership identity stolen is not like losing the deeds to your house or having your life savings cleaned out, but it's still annoying, can represent a considerable loss of value and could be part, or the start, of a broader identity theft.

In my case, when I was getting on a Qantas flight from Los Angeles to Sydney earlier this month, a low life used my points to buy a ticket from Hanoi to Ho Chi Minh city on Jetstar Pacific. An alarm rang in Qantas and the ticket was cancelled, but the fraudsters had another crack closer to flight time and got away with it.

Advertisement

And here's the thing – it was Qantas that told me about it. There are 11.5 million Qantas frequent flyer accounts – how many of us ever check the points unless we're about to try to use them?

Satisfied that it was a fraud, Qantas quickly refunded the points and is happy to give tips about protecting your identity.

Yes, you should change your PIN often and, no, it shouldn't be your postcode or birthday. One of the dumbest things you can do is post a photograph of your boarding pass – it has enough information on it to give an identity thief a flying start. (No, I didn't do that.)

A Qantas spokesperson said the airline was continually investing in people, processes and technology to protect frequent flyer members' security and accounts. As well as the second-factor authentication trial, Qantas has introduced SMS alerts to members to confirm account changes.

How did the bad guys steal my Qantas identity? It's impossible to be sure, but it's usually through compromising a computer or mobile phone when a victim goes online via a public network. Qantas recommends using only secure networks to access accounts, rather than public Wi-Fi hotspots.

But, come to think of it, I had written my account number on my baggage tag, believing it would help find the bag if it went missing. It could also help someone steal my identity. D'oh.

So consider yourself warned. Check your points regularly – and be smarter than me.