SMS Login Verification - Argh | Page 11 | Australian Frequent Flyer
Australian Frequent Flyer

Welcome to Australia's leading independent Frequent Flyer and Travel Resource since 1998!
Our site contains tons of information that will improve your travel experience.

Joining AFF is fast, simple & absolutely free - register now and take immediate advantage of these great BENEFITS.

Once registered, this box will disappear. And you will see fewer advertisements :)

SMS Login Verification - Argh

Flying mermaid

AFF Supporter
Joined
May 20, 2011
Messages
4,133
Qantas
Platinum
Flights
My Map
Since the change came in, I have logged in a few times using the "questions"; now it is no longer asking me for any supplementary login info at all, just FF#, name and PIN get me in as they did previously.
Apparently that lasts for awhile and then you will need to log in using security questions again. Interestingly I got Dr FM to login to her account and then we set up her security questions together, so I would be able to log into her account in future but I found I can log in without using them, just normal pin. This is a different computer in a different town to her. I assumed it would be via a cookie system. Anyway presumably at some point I will need her info in order to be able to login.
 

Max Samuels

Member
Joined
Jun 30, 2010
Messages
260
Qantas
Platinum
Virgin
Silver
Yes you can, by switching to security questions and answers instead of SMS. It's in the AFF newsletter, and mentioned many times in this thread.



trying telling this, to the victims in the ABC article I linked to earlier.
So my entire argument revolves around the premise that FF points are not "money", and with a few keystrokes QF can credit said points back to your account - easy as pie. They give them away willy nilly. Every time they give away 100,000 points for this credit card, or 400,000 points for that home loan, they are essentially just printing more money. They own the mint, and they print as they please. There appears to be zero interest or requirement to perform any kind of reconciliation on their part - just the other day i disputed points from another carrier - the other carrier wouldn't "share" with Qantas private customer information - I supplied the e-ticket - still not enough info to prove the actual fare class - but Qantas just took my word and BANG - more points added to my account!!!

So...... rather than roll out an expensive and annoying 2FA system to protect an asset that can essentially be re-created whenever they want..... they should just:

1) Refund people's points if stolen (based on a stat dec or similar)
2) Investigate alleged fraud (would be pretty easy as points have to be sent to an account or flights redeemed for a specific person)
3) Launch police involvement if necessary

Thus far, no one has presented a case whereby 2FA would have stopped the "fraud"... one case was a child accessing their elderly parent's account, which they didn't "hack" as they knew the login details anyway (like I do my parents' account)

And the other example was a dodgy travel agent who used his OWN points to book a flight for which he received cash - fraud, probably, but nothing to do with hacking an account whereby 2FA would have saved the day....

QF isn't a bank, and i think this is just "theatre", probably the idea of some dodgy IT consulting firm trying to con more money out of the airline.....
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
So my entire argument revolves around the premise that FF points are not "money"

QF isn't a bank, and i think this is just "theatre", probably the idea of some dodgy IT consulting firm trying to con more money out of the airline.....
So tell me, if you were to make this call in Qantas, then, some kid stole some points, and the parent didn't know because the kid didn't get the SMS notification.

For argument sake, the kin only stole 5000 points to buy a toaster.

Now, this is on Today Tonight / Herald Sun / ABC.

How are you going to face your boss, and how is your boss going to face people upstairs?
 

dajop

AFF Supporter
Joined
Jul 1, 2002
Messages
9,308
Flights
My Map
Probably lowest risk use of points for a thief/scammer is not flights, but toasters. Well maybe not toasters, but certainly vouchers. Apart from being more useful than a flight at specifically controlled point in time, more likely to be spent by the time the victim notices, and more utile to a criminal than a random flight.
 

Max Samuels

Member
Joined
Jun 30, 2010
Messages
260
Qantas
Platinum
Virgin
Silver
So tell me, if you were to make this call in Qantas, then, some kid stole some points, and the parent didn't know because the kid didn't get the SMS notification.

For argument sake, the kin only stole 5000 points to buy a toaster.

Now, this is on Today Tonight / Herald Sun / ABC.

How are you going to face your boss, and how is your boss going to face people upstairs?
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.

Interestingly, the type of fraud you are hinting at is waaaaaaaaayyyyyyyy more likely to occur with credit cards (which it does), and I don't see credit card providers hauled on to ACA to explain why they let little 2-bit bobby rob his old gran blind using her credit card to buy toasters..... I just don't think it's a thing.

I prefer to live in a world where we go go after the person that does the crime, rather than blame the "system".
Did you know that in Victoria you cannot install a "non-flued" gas heater? You can in every other state. The reason being, that although the gas heaters have huge stickers saying "DO NOT INSTALL IN BEDROOMS OR BATHROOMS" and "DO NOT USE IN ROOMS SMALLER THAN xSQM" etc, some idiot ignored all of that, stuck the heater in his kid's room, and they suffocated. Then the idiot blamed the system. Rather than society call him out for the idiot that he was, he became the "victim", the system was blamed, and the laws were changed and now we all suffer.

Just as like my heaters non-flued, i like my QF account non-2FA....
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.
1: The example of this risk is in the ABC article I posted

Interestingly, the type of fraud you are hinting at is waaaaaaaaayyyyyyyy more likely to occur with credit cards

I prefer to live in a world where we go go after the person that does the crime, rather than blame the "system"
I will catch your word "prefer". There is no such thing as a prefer in a large multinational. A risk is a risk, and a risk which could be managed by a control is a control we need.

Nowadays, even EFTPOS going down for a few hours, or someone in a wheel chair needs to be on a later QF flight because someone made a real honest mistake of forgetting to arrange an extra FA to fly on Jetstar for that pax (like what? only a month ago?), the whole world would explode.

If I was to do what you suggested, and the risk did eventuate, it would unfold like this:
I will get kicked by my boss.
My boss will get kicked by his boss's team.
My boss's boss's teams will get kicked by my boss's boss's.
My boss's boss's would get kicked by the GM
My boss's boss's and the GM would then get kicked by governance.
GM and governance will get kicked by the CEO.
GM + governance + CEO would get kicked by the board.
CEO would get kicked by the media.

Now, tell me, would you like to be THAT person who started all these blackhole kicking?
 

drron

AFF Supporter
Joined
Jul 4, 2002
Messages
19,612
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.
I can give a personal account of fraud which I have posted before on AFF.
On one occasion on logging in to my AA acount I saw points disappear for a flight.I was on to AA immediately and fortunately phone answered quickly..Great agent who kept me on the line explaining what he was doing.Result no loss of points.

Mate you are just too trusting.Why don't you start searching because there over the years been many threads on many websites plus articles in magazines and papers about FF accounts being hacked and points stolen.I haven't put these things into my favourites etc.Basically getting a bit upset that you are in reality calling me and others liars.
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
Basically getting a bit upset that you are in reality calling me and others liars.
I don't think Max Samuels is calling anyone a lier. However, this is also the problem we have with security.

People keep complaining about things being stolen, data being stolen, money being stolen, ID being stolen, but people keep complaining and trying to bypass security.

Reminds me of the same attitude people have about Facebook, which comedian Ronny Chieng explains (from 0 minute 46 seconds).

Can't help it :D
 

Max Samuels

Member
Joined
Jun 30, 2010
Messages
260
Qantas
Platinum
Virgin
Silver
I can give a personal account of fraud which I have posted before on AFF.
On one occasion on logging in to my AA acount I saw points disappear for a flight.I was on to AA immediately and fortunately phone answered quickly..Great agent who kept me on the line explaining what he was doing.Result no loss of points.

Mate you are just too trusting.Why don't you start searching because there over the years been many threads on many websites plus articles in magazines and papers about FF accounts being hacked and points stolen.I haven't put these things into my favourites etc.Basically getting a bit upset that you are in reality calling me and others liars.
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
We are possibly approaching this from different angles. whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data.
No one is misappropriating (stealing) money from your work, zero evidence. Does that mean it's all good? Does that mean you don't need to have multiple level approval or approval from more than 1 business unit?
 

odysseus

Established Member
Joined
Feb 16, 2009
Messages
1,005
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
Just keep in mind, just because you haven't seen it, or it hasn't been reported, doesn't mean it hasn't happened.

There's a lot of confidentiality in certain matters, for a variety of reasons. Many don't want to air their 'dirty laundry' as one example.
 

drron

AFF Supporter
Joined
Jul 4, 2002
Messages
19,612
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
Though you have disregarded my link to the Gumtree selling of points.As I said it was much more prevalent on Ozbargain but was shut down there about 12-18 months ago-that is after QF began trialling the SMS option.The strong rumour was that QF had forced this shutdown.OK not hard evidence of hacking but definite evidence of trading that was totally against the T&Cs of the QFF loyalty program so a reason QF may have taken this step.
 

odysseus

Established Member
Joined
Feb 16, 2009
Messages
1,005
Though you have disregarded my link to the Gumtree selling of points.As I said it was much more prevalent on Ozbargain but was shut down there about 12-18 months ago-that is after QF began trialling the SMS option.The strong rumour was that QF had forced this shutdown.OK not hard evidence of hacking but definite evidence of trading that was totally against the T&Cs of the QFF loyalty program so a reason QF may have taken this step.
It's still on there. For example, there are a couple there just in the past couple of days.
 

Myrna

Active Member
Joined
Aug 23, 2002
Messages
601
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
 

Chicken

Active Member
Joined
May 9, 2006
Messages
976
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
I would log in to Qantas, and change the 4 digit PIN immediately.

In case you use this 4 digit PIN for something else, I would also change them (not that you should be sharing the same PIN / password between companies in the first place).
 

Myrna

Active Member
Joined
Aug 23, 2002
Messages
601
Thanks, chicken, for your reply. I logged into my account ok but when I logged into hubby‘s account it asked for the code but no code came thru my mobile - must be very weak signal where I am LA. So I will try later but not too many times else it will lock the account. No I don’t use the same pin for anything else.
 

whughes3

Active Member
Joined
Dec 21, 2009
Messages
626
Qantas
Platinum
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
Same with me! I got a verification SMS last night at 11:17PM despite not having accessed my a/c for some days. i have checked my a/c (still requires no 2FA!, as i noted above) and it looks OK.
 

NSun

Junior Member
Joined
Aug 2, 2017
Messages
44
I had an issue last night. I am in Auckland and my flight home got cancelled and I couldn't even accept changes because I was locked out of my account. I couldn't verify by SMS as I couldn't receive it and I entered the details correctly (I'm sure but maybe I didn't give my mother's maiden name when I signed up back in 2006) but was locked out. Had no choice but to call via my hotel. The first time I was told a 3 hour wait - I was really upset. But I called back and waited only a couple of minutes. The NZ agent was able to accept the change and move my seat forward (because my initial flight was an A330 and I am sadly now on a 737, row 24 is no longer anywhere near the front) but couldn't unlock my account. Why not have an opt in system or perhaps provide email verification?

@Pushka was spot on. We get several emails a week about things that may not be an interest but on something as important as this we only notice when we have an issue.
 

davidj

Member
Joined
May 9, 2009
Messages
489
People obviously don't like change but 2FA is standard today and if your company doesn't have it it's a dinosaur.

And point losses do happen. SIA drew criticism for not having 2FA and recently implemented an SMS system.

 

AFF on Air Podcast

  • Choosing a Rewards Program – AIR017
    Sat, 10 Aug 2019 13:32:24 AEST
      If you’re new to the world of frequent flyer points – or moving to a new country – it can be difficult to know where to start. In this episode, Matt discusses the con ...
  • Travel Insurance – AIR016
    Sat, 27 Jul 2019 07:34:12 AEST
      They say that if you can’t afford travel insurance, you can’t afford to travel! In this episode, Matt chats to James Green about the importance of travel insurance, and ...
  • The Qantas Oneworld Award – AIR015
    Sat, 13 Jul 2019 02:07:50 AEST
      Learn how to fly around the world using your Qantas Frequent Flyer points as Matt chats to James Green, an award travel consultant at Frequent Flyer Solutions. This episode ...
  • Qantas Frequent Flyer Changes – AIR014
    Sat, 29 Jun 2019 00:40:35 AEST
      Last week, Qantas announced a major shake-up to its Qantas Frequent Flyer program. In this episode, former Head of Loyalty at Malaysia Airlines, Mark Ross-Smith, joins Matt ...
  • jb747’s Stellar Career with Qantas – AIR013
    Sat, 15 Jun 2019 03:00:41 AEST
      In this special edition of the podcast, Matt chats to John Bartels (a.k.a. jb747) about his flying career with Qantas, the A380, the QF30 incident, flight training, retirem ...

Community Statistics

Threads
82,422
Messages
1,908,459
Members
50,203
Latest member
Chaucer
Top