Fraud on Velocity Frequent Flyer accounts

[Legoman]

Same issue here. 1.3m points gone

Yikes!

Wait and see? Or there is something else that I can do?

It seems there's nothing any of use can do. Velocity is a law unto themselves and they work on their timeline only and are answerable to no-one. I get the impression there is a feeling that people with airline points are not exactly destitute anyway and therefore can wait their good turn for an investigation. With 1.3 million points, you go straight to the very bottom of the priority in-tray. Not forgetting of course that points represent a liability for Velocity, so if someone nicks them and redeems them, then that's a lot of points off their books, which in Velocity's POV is a good thing.

 

[aikman]

Wait and see? Or there is something else that I can do?

Just wait. Allow 7 weeks (35 business days) before you panic. That's how long mine took. They will send you an email when they're done.

 

[gty222]

The media should pick this up and call on Velocity to tell us when they will have 2FA in place.

Has anyone sent this to the media? Should make a good story for them.

 

[pauly7]

Two colleagues from work have had their VFF accounts suspended ‘pending investigation’ - interestingly both hacked at exactly the same time as well.

One is furious as was mid trying to move points out of VFF to SQ to book some OS travel, has called the VFF “customer no service line” multiple times and been given the brick wall, different team handling, can’t give you an update, go away speech mirroring everything posted in this thread…

Sounds like something systematic is going on…

 

[Legoman]

It must be nice being an organisation or industry where you're left completely alone to 'self regulate' yourself via a token ombudsman that you pay for who does only exactly what you tell them to do. You don't ever have to explain yourself, justify anything to your customers, or be subjected to any scrutiny, oversight or regulation whatsoever. You make up your own rules and then selectively choose which ones you want to police or comply with on a case by case basis depending on what benefits your organisation the most.

That must be fun.

 

[moa999]

Also shows just how slow big organisations are on stuff like this.

Rolling out authenticator based security should be a doddle for any decent developer, arguably even easier than an SMS based 2FA.

 

[33kft]

Rolling out authenticator based security should be a doddle for any decent developer

If they have any in house. I can see this being a big production if it was built to spec in the past and requires someone to come in and make a big project of it.

 

[A321]

It seems like this needs media attention asap..

 

[johnjones878]

Not forgetting of course that points represent a liability for Velocity, so if someone nicks them and redeems them, then that's a lot of points off their books, which in Velocity's POV is a good thing.

Since Virgin would have full control of points and can track where they are transferred to etc, wouldn't it be a pretty easy and straightforward thing for them to restore points + cancelling illegitimately redeemed bookings once the dust settles? ie. like they already do after catching accounts that buy/sell/trade points against the T&C? Unless you're saying Virgin will simply conclude without evidence that all these compromised accounts are actually members doing exactly that and use that as justification to deny restoration?

If they have any in house.

So does this mean adding multi-city search for international flights isn't on the horizon then?