SMS Login Verification - Argh

Status
Not open for further replies.
Since the change came in, I have logged in a few times using the "questions"; now it is no longer asking me for any supplementary login info at all, just FF#, name and PIN get me in as they did previously.
Apparently that lasts for awhile and then you will need to log in using security questions again. Interestingly I got Dr FM to login to her account and then we set up her security questions together, so I would be able to log into her account in future but I found I can log in without using them, just normal pin. This is a different computer in a different town to her. I assumed it would be via a cookie system. Anyway presumably at some point I will need her info in order to be able to login.
 
Yes you can, by switching to security questions and answers instead of SMS. It's in the AFF newsletter, and mentioned many times in this thread.



trying telling this, to the victims in the ABC article I linked to earlier.
So my entire argument revolves around the premise that FF points are not "money", and with a few keystrokes QF can credit said points back to your account - easy as pie. They give them away willy nilly. Every time they give away 100,000 points for this credit card, or 400,000 points for that home loan, they are essentially just printing more money. They own the mint, and they print as they please. There appears to be zero interest or requirement to perform any kind of reconciliation on their part - just the other day i disputed points from another carrier - the other carrier wouldn't "share" with Qantas private customer information - I supplied the e-ticket - still not enough info to prove the actual fare class - but Qantas just took my word and BANG - more points added to my account!!!

So...... rather than roll out an expensive and annoying 2FA system to protect an asset that can essentially be re-created whenever they want..... they should just:

1) Refund people's points if stolen (based on a stat dec or similar)
2) Investigate alleged fraud (would be pretty easy as points have to be sent to an account or flights redeemed for a specific person)
3) Launch police involvement if necessary

Thus far, no one has presented a case whereby 2FA would have stopped the "fraud"... one case was a child accessing their elderly parent's account, which they didn't "hack" as they knew the login details anyway (like I do my parents' account)

And the other example was a dodgy travel agent who used his OWN points to book a flight for which he received cash - fraud, probably, but nothing to do with hacking an account whereby 2FA would have saved the day....

QF isn't a bank, and i think this is just "theatre", probably the idea of some dodgy IT consulting firm trying to con more money out of the airline.....
 
So my entire argument revolves around the premise that FF points are not "money"

QF isn't a bank, and i think this is just "theatre", probably the idea of some dodgy IT consulting firm trying to con more money out of the airline.....

So tell me, if you were to make this call in Qantas, then, some kid stole some points, and the parent didn't know because the kid didn't get the SMS notification.

For argument sake, the kin only stole 5000 points to buy a toaster.

Now, this is on Today Tonight / Herald Sun / ABC.

How are you going to face your boss, and how is your boss going to face people upstairs?
 
Probably lowest risk use of points for a thief/scammer is not flights, but toasters. Well maybe not toasters, but certainly vouchers. Apart from being more useful than a flight at specifically controlled point in time, more likely to be spent by the time the victim notices, and more utile to a criminal than a random flight.
 
So tell me, if you were to make this call in Qantas, then, some kid stole some points, and the parent didn't know because the kid didn't get the SMS notification.

For argument sake, the kin only stole 5000 points to buy a toaster.

Now, this is on Today Tonight / Herald Sun / ABC.

How are you going to face your boss, and how is your boss going to face people upstairs?
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.

Interestingly, the type of fraud you are hinting at is waaaaaaaaayyyyyyyy more likely to occur with credit cards (which it does), and I don't see credit card providers hauled on to ACA to explain why they let little 2-bit bobby rob his old gran blind using her credit card to buy toasters..... I just don't think it's a thing.

I prefer to live in a world where we go go after the person that does the crime, rather than blame the "system".
Did you know that in Victoria you cannot install a "non-flued" gas heater? You can in every other state. The reason being, that although the gas heaters have huge stickers saying "DO NOT INSTALL IN BEDROOMS OR BATHROOMS" and "DO NOT USE IN ROOMS SMALLER THAN xSQM" etc, some idiot ignored all of that, stuck the heater in his kid's room, and they suffocated. Then the idiot blamed the system. Rather than society call him out for the idiot that he was, he became the "victim", the system was blamed, and the laws were changed and now we all suffer.

Just as like my heaters non-flued, i like my QF account non-2FA....
 
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.

1: The example of this risk is in the ABC article I posted

Interestingly, the type of fraud you are hinting at is waaaaaaaaayyyyyyyy more likely to occur with credit cards

I prefer to live in a world where we go go after the person that does the crime, rather than blame the "system"

I will catch your word "prefer". There is no such thing as a prefer in a large multinational. A risk is a risk, and a risk which could be managed by a control is a control we need.

Nowadays, even EFTPOS going down for a few hours, or someone in a wheel chair needs to be on a later QF flight because someone made a real honest mistake of forgetting to arrange an extra FA to fly on Jetstar for that pax (like what? only a month ago?), the whole world would explode.

If I was to do what you suggested, and the risk did eventuate, it would unfold like this:
I will get kicked by my boss.
My boss will get kicked by his boss's team.
My boss's boss's teams will get kicked by my boss's boss's.
My boss's boss's would get kicked by the GM
My boss's boss's and the GM would then get kicked by governance.
GM and governance will get kicked by the CEO.
GM + governance + CEO would get kicked by the board.
CEO would get kicked by the media.

Now, tell me, would you like to be THAT person who started all these blackhole kicking?
 
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.
I can give a personal account of fraud which I have posted before on AFF.
On one occasion on logging in to my AA acount I saw points disappear for a flight.I was on to AA immediately and fortunately phone answered quickly..Great agent who kept me on the line explaining what he was doing.Result no loss of points.

Mate you are just too trusting.Why don't you start searching because there over the years been many threads on many websites plus articles in magazines and papers about FF accounts being hacked and points stolen.I haven't put these things into my favourites etc.Basically getting a bit upset that you are in reality calling me and others liars.
 
Basically getting a bit upset that you are in reality calling me and others liars.

I don't think Max Samuels is calling anyone a lier. However, this is also the problem we have with security.

People keep complaining about things being stolen, data being stolen, money being stolen, ID being stolen, but people keep complaining and trying to bypass security.

Reminds me of the same attitude people have about Facebook, which comedian Ronny Chieng explains (from 0 minute 46 seconds).

Can't help it :D
 
I can give a personal account of fraud which I have posted before on AFF.
On one occasion on logging in to my AA acount I saw points disappear for a flight.I was on to AA immediately and fortunately phone answered quickly..Great agent who kept me on the line explaining what he was doing.Result no loss of points.

Mate you are just too trusting.Why don't you start searching because there over the years been many threads on many websites plus articles in magazines and papers about FF accounts being hacked and points stolen.I haven't put these things into my favourites etc.Basically getting a bit upset that you are in reality calling me and others liars.
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
 
We are possibly approaching this from different angles. whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data.

No one is misappropriating (stealing) money from your work, zero evidence. Does that mean it's all good? Does that mean you don't need to have multiple level approval or approval from more than 1 business unit?
 
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.

Just keep in mind, just because you haven't seen it, or it hasn't been reported, doesn't mean it hasn't happened.

There's a lot of confidentiality in certain matters, for a variety of reasons. Many don't want to air their 'dirty laundry' as one example.
 
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
Though you have disregarded my link to the Gumtree selling of points.As I said it was much more prevalent on Ozbargain but was shut down there about 12-18 months ago-that is after QF began trialling the SMS option.The strong rumour was that QF had forced this shutdown.OK not hard evidence of hacking but definite evidence of trading that was totally against the T&Cs of the QFF loyalty program so a reason QF may have taken this step.
 
Though you have disregarded my link to the Gumtree selling of points.As I said it was much more prevalent on Ozbargain but was shut down there about 12-18 months ago-that is after QF began trialling the SMS option.The strong rumour was that QF had forced this shutdown.OK not hard evidence of hacking but definite evidence of trading that was totally against the T&Cs of the QFF loyalty program so a reason QF may have taken this step.

It's still on there. For example, there are a couple there just in the past couple of days.
 
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
 
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?

I would log in to Qantas, and change the 4 digit PIN immediately.

In case you use this 4 digit PIN for something else, I would also change them (not that you should be sharing the same PIN / password between companies in the first place).
 
Thanks, chicken, for your reply. I logged into my account ok but when I logged into hubby‘s account it asked for the code but no code came thru my mobile - must be very weak signal where I am LA. So I will try later but not too many times else it will lock the account. No I don’t use the same pin for anything else.
 
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
Same with me! I got a verification SMS last night at 11:17PM despite not having accessed my a/c for some days. i have checked my a/c (still requires no 2FA!, as i noted above) and it looks OK.
 
I had an issue last night. I am in Auckland and my flight home got cancelled and I couldn't even accept changes because I was locked out of my account. I couldn't verify by SMS as I couldn't receive it and I entered the details correctly (I'm sure but maybe I didn't give my mother's maiden name when I signed up back in 2006) but was locked out. Had no choice but to call via my hotel. The first time I was told a 3 hour wait - I was really upset. But I called back and waited only a couple of minutes. The NZ agent was able to accept the change and move my seat forward (because my initial flight was an A330 and I am sadly now on a 737, row 24 is no longer anywhere near the front) but couldn't unlock my account. Why not have an opt in system or perhaps provide email verification?

@Pushka was spot on. We get several emails a week about things that may not be an interest but on something as important as this we only notice when we have an issue.
 
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

People obviously don't like change but 2FA is standard today and if your company doesn't have it it's a dinosaur.

And point losses do happen. SIA drew criticism for not having 2FA and recently implemented an SMS system.

 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..
Back
Top