![Marriott Bonvoy Status Match [2020]](https://www.australianfrequentflyer.com.au/app/uploads/2020/08/marriott-bonvoy-phone-150x150.jpg)
Qantas is trialling additional security measures to protect its members’ frequent flyer accounts against fraud. Once the changes are implemented, activities such as logging into your frequent flyer account or redeeming points will become a two-step process.
Using what’s known as “two-factor authentication”, Qantas will soon require its frequent flyers to either enter a code sent to their phone by SMS, or answer a security question, when accessing their accounts. This system is commonly used by banks to protect customers’ accounts from fraud.
The increased security measures have been welcomed by our members. Numerous members say they have had their Qantas accounts hacked and points stolen in the past. Generally, Qantas has responded by refunding the stolen points and issuing new login details. But the fraudulent use of frequent flyer points is a serious problem, and it’s more common than you might think. These measures will go some way towards cracking down on fraud.
About time! Long overdue IMO and the opinion of many others here. 4 miserable digits just isn’t enough these days….
Almost all of our members agree that, in this day and age, a simple 4-digit PIN is not enough to protect a frequent flyer account. Most airlines require their members to use a more complex password, as this decreases the likelihood of the account being hacked. But not everyone agrees that two-factor authentication is the solution. For example, some members worry they may be unable to access their own accounts when overseas if they do not have access to their mobile phone.
Its when you are overseas and something goes wrong that you want access to the account. SMS won’t work for some people especially in another country where your number that you have registered with doesn’t work.
Some members believe that simply requiring a more complex password would solve the problem. Others would like to be given the option to choose from a range of additional security measures.
TFA for airlines makes no sense to me. Just increase the complexity requirements of the password, problem solved.
Other suggestions for improving account security have been offered. For example, one member would like to be able to see a list of past login attempts.
Another good thing to have would be a list of previous log ins (including unsuccessful attempts) so the member can see if there is any potential risk to their account.
At this stage, the increased security measures are only a trial. But given the frequency at which frequent flyer accounts are being hacked, it would be good to see these measures introduced on a permanent basis.
Join the discussion HERE.
