FF Account just hacked and almost 300,000 points taken

[docjames]

Unfortunately this seems to be becoming more common.

QF probably need to move to an SMS authorisation process or similar - such as that used by banks for new transfers etc, but no doubt that's more expensive than a 1990s-era 4 digit pin.

Glad it was resolved for you. A relative of mind had a similar problem - there was more to it than just "computer hack" (QF investigated) but probably best not for public forum.

 

[izbork]

Did you ever get the points back from the airline?

 

[Tassey69]

Yes, all I had to do was obtain a Police report and forward a copy to Qantas who credited all points promptly, it also pays to change pin access code regularly

 

[trippin_the_rift]

What the banks don't want you to know is that they actually don't really care about credit card fraud. At the end of the day it's the merchants who lose out, as the banks simply take the money back off them.

This is so true. One of my past businesses we had huge fraud problems in amounts under $50. Police don't care, service providers don't care and even when you fight the chargeback with full info on the customer including signed declarations that they made the transactions you still lose the case as a merchant.

If I didn't hold such high ethics for myself fraud would be a great career in Australia.

 

[cove]

A 4 digit PIN is quite a risk.
Never ever leave your boarding pass unshredded after flying.

 

[get me outta here]

And yet, it is what all the banks operate on for their little plastic cards.

A 4 digit PIN is quite a risk.

 

[cove]

Never relax when it comes to security of your frequent flyer points and of course your bank accounts and investments.

 

[LadyC]

This is so true. One of my past businesses we had huge fraud problems in amounts under $50. Police don't care, service providers don't care and even when you fight the chargeback with full info on the customer including signed declarations that they made the transactions you still lose the case as a merchant.

If I didn't hold such high ethics for myself fraud would be a great career in Australia.

So true. The gentleman runs an online business and faces this problem regularly.

 

[drron]

And yet, it is what all the banks operate on for their little plastic cards.

Just received our new Visa cards.Activated by.........signing the back.:shock:

 

[Danger]

A 4 digit PIN is quite a risk.
Never ever leave your boarding pass unshredded after flying.

Can you expand on this? What information can be gleaned from a boarding pass to gain access to a FF account? I know there is some information that can be imbeded in the barcode but that doesn't include a pin number or any identifying information, to my knowledge.

 

[DeKa]

Can you expand on this? What information can be gleaned from a boarding pass to gain access to a FF account? I know there is some information that can be imbeded in the barcode but that doesn't include a pin number or any identifying information, to my knowledge.

Surname and Frequent Flyer number (which for Qantas is 2/3 of what you need to log in).

 

[straitman]

And yet, it is what all the banks operate on for their little plastic cards.

I use a 6 digit pin on those who accept it.
(CBA does)

 

[Cynicor]

A 4 digit PIN is quite a risk.
Never ever leave your boarding pass unshredded after flying.

It's only a risk without lockouts. There are still 9999 combinations possible. If you lockout after, say 5, it becomes pretty obviously if you are being hacked.

Hilton had issues because they didn't lockout. Try getting an ATM pin wrong 10 times in a row

 

[anat0l]

Can you expand on this? What information can be gleaned from a boarding pass to gain access to a FF account? I know there is some information that can be imbeded in the barcode but that doesn't include a pin number or any identifying information, to my knowledge.

Surname and Frequent Flyer number (which for Qantas is 2/3 of what you need to log in).

The barcode can also have the PNR embedded, which (at least on bookings which have not been completely exhausted) can be used to access your booking and any details within.

 

[jackthomas]

Can you expand on this? What information can be gleaned from a boarding pass to gain access to a FF account? I know there is some information that can be imbeded in the barcode but that doesn't include a pin number or any identifying information, to my knowledge.

FF number and full name would be the most info I'd imagine could be found from a BP... Still giving anyone smart with a computer a one up if they got this info.

 

[ozbeachbabe]

Some airlines will actually print the pnr on a boarding pass eg AA so anyone who found the boarding pass in a seat pocket could log on to AA.com & enter the pax last name & pnr number which would give them full access to the booking to cancel or do whatever they wanted.

 

[serfty]

FF number and full name would be the most info I'd imagine could be found from a BP... Still giving anyone smart with a computer a one up if they got this info.

One of the data points on how to with "a forgotten PIN", is "One of the last 5 flights flown that earned or redeemed points:".

 

[kelvedon]

I use a 6 digit pin on those who accept it.
(CBA does)

I can't remember how many numbers by PIN has.

 

[puppysparkes]

Can you expand on this? What information can be gleaned from a boarding pass to gain access to a FF account? I know there is some information that can be imbeded in the barcode but that doesn't include a pin number or any identifying information, to my knowledge.

Some more reading for you here:

http://www.ausbt.com.au/what-that-barcode-on-your-boarding-pass-reveals-about-you

 

[JohnK]

One of the data points on how to with "a forgotten PIN", is "One of the last 5 flights flown that earned or redeemed points:".

Wouldn't you receive an email that the FF pin has been changed? I did this recently with my fiancee's account.

FF number and full name would be the most info I'd imagine could be found from a BP... Still giving anyone smart with a computer a one up if they got this info.

I am still missing the point. Unless you booked domestic flights only wouldn't international flights require the use of a passport and therefore reveal the identity of the person who flew with points they stole? I am not sure why Qantas and authorities dance around this subject. This is serious stuff and needs to be treated seriously.