Qantas Frequent Flyer implemented two-factor authentication on Monday, meaning members may now be required to enter an SMS verification code or answer security questions when accessing their accounts.
Qantas’ two-factor authentication is designed to make frequent flyer accounts more secure and prevent fraud. But some AFF members are unhappy with the way it has been implemented.
How two-factor authentication works
Two-factor authentication is designed to add an extra layer of security to members’ frequent flyer accounts. The practice is commonly employed by banks, which sometimes require customers to enter a security code before completing a transaction online.
With Qantas Frequent Flyer, customers are now being asked to either enter an SMS verification code or answer some security questions when performing certain account functions. This could include when logging in, making a redemption, transferring points to a family member or accessing personal information.
Two-factor authentication is not triggered every time you log in to your account – only sometimes.
The SMS is sent to the customer’s mobile number on file. If you don’t have your mobile phone handy – or perhaps you’re overseas and are not receiving text messages – you can complete this process by answering some security questions instead. To set your own questions, simply log in to your Qantas Frequent Flyer account and go to “Profile > Personal Information > Security questions”.
Why Qantas has introduced two-factor authentication
Qantas decided to introduce two-factor authentication several years ago as a means to combat fraud. Previously, it was possibly to log in by knowing simply a person’s last name, account number and 4-digit PIN. This was arguably too easy, and as a result there have been many cases of stolen frequent flyer points over the years.
Qantas began trialling two-factor authentication in February 2017. After more than two years, it has now been implemented system-wide.
Some AFF members are unhappy with the change, particularly those who live or often travel outside of Australia and cannot receive SMS messages. It will also make it difficult for online tools like Award Wallet to monitor accounts. Some members would like this to be offered on an opt-in basis only, while others suggest the additional option of email verification (in lieu of an SMS code) would be helpful.
Join the discussion on the Australian Frequent Flyer forum: SMS Login Verification – Argh