An alarmingly high number of Velocity Frequent Flyer members have had their accounts hacked and points stolen in recent months.
Velocity Frequent Flyer says that the security of its members’ accounts is its priority. But it hasn’t yet implemented some common security measures such as multi-factor authentication.
Luckily, If your points get stolen through no fault of your own, Velocity Frequent Flyer will eventually reinstate them. But it’s still hugely inconvenient for those caught up in this mess.
Contents
Lots of people have had Velocity points stolen lately
Fraud is a serious problem for all frequent flyer programs. Hackers gaining unauthorised access to accounts is one aspect of that. Occasionally, they may even steal points from unsuspecting members.
This in itself is not new, and loyalty programs have protocols in place for when this happens. But a lot more people than usual have reported having points stolen from their Velocity accounts in recent weeks and months.
Here’s just a handful of AFF member posts from the last few weeks alone…
I just had my account hacked. Password and contact and credential details changed. By some weird twist of fate I still have view access to my account via the app. 264400 points used for a flight redemption.
– sharkiesrule, 7 August 2024
I had an almost identical experience – 2 business class tickets booked on ANA to JFK in mid-July, reported to Velocity a couple of days later and the account suspended for 30 business days. Email & password were also changed.
– Thomas088, 8 August 2024
I’ve had 700,000 points transferred out fraudulently on 31 July and 2 August. I noticed on Tuesday night and called Virgin immediately. It’s the same story as others, the hackers have changed my email, phone etc and booked flights to London, Shanghai, San Francisco, New York and more in names that I have never heard of. They have frozen my account and said they will launch an investigation that will take 30 days. The weird thing is that I updated my password for the first time in a few years in early July, to a unique password.
– Madz, 8 August 2024
I’m not sure what the point of the 125,000 point limit per transfer is. My account was cleaned out within 2 minutes using 4 back to back transfers.
– aikman, 8 August 2024
Today I found an unauthorised transaction on my velocity account. Someone booked ticket from Doha to Colombo using my points. I reached out to Velocity FF and they have suspended my account. Has it happened to other people?
VFF is saying that they will resolve it within 30 days.
– msarswat, 19 August 2024
I have had a very similar experience as of late. I’m now at 45 business days and I have been told by the last operator (offshore – I believe TCS) that they have an absolute influx of cases at the moment – and still no actual response.
I personally can’t wait to get my points back, redeem them, and be completely done with VFF. I’d rather accrue nothing and solely fly the other competitor (which I mainly do unless they are fully booked for the flight required) as this has been one of the most brutally frustrating experiences I can recall than have my account scammed because a multi-M company can’t afford to purchase 2FA for their systems.
– Ant1993, 19 August 2024
My Velocity account was hacked on 03/07/24 as well – 1.30 Million points were redeemed in Myers vouchers Telephone Number & Email was changed but strangely was not notified by any email from Velocity at all. I called the next day once i could not login & raised a dispute was told 30 business days but now that has passed still no update Getting no further update from the overseas call centre & told still working on it.
– angad596, 20 August 2024
I have the same. 2 days ago i tried to log on to book a flight and couldnt. Said account was blocked, so velocity knew something was going on but they failed to contact me. Called velocity and they had a different email for me. It was changed back, i logged on and i had lost over 700000 points a few weeks ago so now had almost none. Lost to a myer redemption.
– Crustypedro, 23 August 2024
What happens if someone steals your Velocity points
First of all, if you notice that someone has gained unauthorised access to your Velocity account and/or redeemed your points, you should call Velocity Frequent Flyer immediately on 13 18 75. The Velocity Membership Contact Centre is open daily from 7.30am-10.30pm (AEST).
Velocity will then lock your account, pending an investigation. It does this to protect both the member and the loyalty program.
“The security of Velocity member accounts is our priority, and we continuously evaluate and enhance our security measures,” a Velocity Frequent Flyer spokesperson told Australian Frequent Flyer.
“In the event unauthorised account activity is detected or reported, Velocity will assist members to secure their account while a thorough investigation is undertaken.”
Velocity generally advises that these investigations will take 30 business days. However, in recent months investigation times have blown out much further, causing even greater inconvenience to affected members.
When asked about this, the Velocity spokesperson said: “It is important that investigations are thorough to protect our members and our program partners. We sincerely apologise to members who have been impacted by an extended investigation process.”
While your account is under investigation, you won’t be able to log in or redeem any points. However, you can still earn Velocity points and use your membership benefits, including lounge access, when flying with Virgin Australia.
Once Velocity completes its investigation, if it finds you did nothing wrong, the program will reinstate your frequent flyer points.
See our guide to what happens when your frequent flyer account is locked for more details.
What is Velocity doing about this?
Velocity Frequent Flyer already has dedicated fraud prevention resources in place, including several security and anti-fraud protections.
Two weeks ago, Velocity temporarily suspended the ability to transfer points to family members online. Although Velocity wouldn’t specifically say why, we understand this was a direct response to a recent spate of thefts using this feature. (In the meantime, if you need to transfer points to a family member, you can still do so by calling the Velocity Membership Contact Centre.)
Australian Frequent Flyer understands that Velocity is also now in the process of introducing new security measures to further protect member accounts, including multi-factor authentication. Velocity will announce more details about this soon – and frankly, that couldn’t come soon enough.
Qantas Frequent Flyer implemented two-factor authentication in 2019. It’s perhaps no coincidence that there have been far fewer reported instances of stolen Qantas points in the past five years.
What you can do to protect your account
Currently, all somebody needs to access your Velocity Frequent Flyer account is your membership number and password. For this reason, it’s a really good idea to set a strong password that is hard to guess and that you don’t use anywhere else.
“To help protect their accounts, we encourage members to regularly change passwords and not use the same password across multiple accounts,” Velocity’s spokesperson said.
If you haven’t changed your Velocity password recently, now might be a good time to do so.
Other than that, keep a close eye on your account. And don’t ignore any emails you may receive from loyalty programs advising of unusual activity on your account.
If you haven’t logged into your Velocity account for a while, you might also want to check now if anyone there is any recent redemption activity on there that you don’t recognise. If there has been, you should report this to Velocity so they can take steps to protect your account – and reinstate any points that may have been stolen.
Community Comments
Loading new replies...
Join the full discussion at the Australian Frequent Flyer →