Fraud on Velocity Frequent Flyer accounts

[AIRwin]

Va have now introduced MFA...finally!

FAQ on MFA:

MFA Help Hub Service Message

www.velocityfrequentflyer.com

 

[Flyerwin]

Virgin, why not just implement 2FA?

Thanks Virgin for reading AFF and finally setting up 2FA.

 

[FishFood]

Would prefer a MFA factor that isn't vulnerable to SIM swapping or phishing but any MFA is better than none, good job Virgin

 

[mel-world]

My code came to my email so no issue with SIM swapping. Guess it depends on how you want to receive communications from VA. About time but easy enough.

 

[SydneySwan]

I imagine one of the Virgin directors must have got hacked so it suddenly became a priority.

 

[ben95]

I imagine one of the Virgin directors must have got hacked so it suddenly became a priority.

I got the feeling that it’s coming since a few weeks ago that banner asking you to keep your information up to date showed up.

I was not wrong.

 

[ferntree]

Good to have it, but would have appreciated at least a few days' advance warning. Seems to have just a hint of panic about it!

 

[Happy Dude]

I got the feeling that it’s coming since a few weeks ago that banner asking you to keep your information up to date showed up.

I was not wrong.

Or you could have been equally not wrong as the rest of us in October when it was posted here that 2FA was coming in December

 

[Legoman]

Would prefer a MFA factor that isn't vulnerable to SIM swapping or phishing but any MFA is better than none, good job Virgin

Be careful what you wish for because the next step is passkeys that can only be accepted with biometric information like face scans or fingerprints. What would you prefer the next hack to capture about you? Your e-mail address and an anonymous PIN that you can relatively easily and cheaply reset? Or would you prefer the hackers to get your facial and fingerprint identity and have that permanently distributed and sold on the dark web instead?

 

[pauly7]

I imagine one of the Virgin directors must have got hacked so it suddenly became a priority.

Or an MP….

 

[Legoman]

Or an MP….

Don't be silly, all the MP's have comp'd Chairman's Lounge membership <redacted>. They wouldn't be seen dead in a Virgin Lounge

 

[johnjones878]

Does this mean they're gonna resume online family transfers then?

 

[Flyerwin]

My code came to my email so no issue with SIM swapping.

I changed mine to SMS. I always thought SMS is safer and more secure than email. Maybe I'm wrong? Obviously I prefer an authenticator app, like QF does.

 

[HeavyElectricity]

Be careful what you wish for because the next step is passkeys that can only be accepted with biometric information like face scans or fingerprints. What would you prefer the next hack to capture about you? Your e-mail address and an anonymous PIN that you can relatively easily and cheaply reset? Or would you prefer the hackers to get your facial and fingerprint identity and have that permanently distributed and sold on the dark web instead?

This is all very wrong information and isn't how passkeys work. Please don't spread around FUD.

 

[mel-world]

I changed mine to SMS. I always thought SMS is safer and more secure than email. Maybe I'm wrong? Obviously I prefer an authenticator app, like QF does.

Does anyone have an opinion on whether Email or SMS is better for 2FA? I'd prefer an authenticator app as well but interested in others thoughts.

 

[Legoman]

Does anyone have an opinion on whether Email or SMS is better for 2FA? I'd prefer an authenticator app as well but interested in others thoughts.

Use whichever one gets to your device quicker and is easier to retrieve and enter. This could be either now that Telstra have shut down 3G. The answer used to be an easy SMS was faster and more reliable, but now it very much depends on your phone and where you are relative to the 3G crevices and black holes that now exist everywhere that 4G/5G doesn't reach into. Email will probably be much more reliable, but far slower and more onerous to access.

 

[simmomelb]

Does anyone have an opinion on whether Email or SMS is better for 2FA? I'd prefer an authenticator app as well but interested in others thoughts.

As long as others don't have access to your email, either are just as secure if you have your phone or email well locked down.
Most of the major email servers, such as those from Microsoft and Google are very secure now, if you've taken the right steps, such as using their respective authenticator apps.

 

[pauly7]

. They wouldn't be seen dead in a Virgin Lounge

True, except the ones Qantas banned

 

[Bagpuss]

I wonder if the MFA implementation is to do with the new tie up with Qatar.

The application referenced being able to sell tickets from today (11st December) and internally it may have decided this was a prerequisite with concerns over fraud with the new services prior to ticket sales / increase in frequent flyer availability on flights.

 

[burmans]

Personally I think it’s more likely that with a known security hole this knowledge can only spread and it was starting to cost them enough to hurt.