SMS Login Verification - Argh

Status
Not open for further replies.
whughes3 said:
Since the change came in, I have logged in a few times using the "questions"; now it is no longer asking me for any supplementary login info at all, just FF#, name and PIN get me in as they did previously.
Click to expand...
Apparently that lasts for awhile and then you will need to log in using security questions again. Interestingly I got Dr FM to login to her account and then we set up her security questions together, so I would be able to log into her account in future but I found I can log in without using them, just normal pin. This is a different computer in a different town to her. I assumed it would be via a cookie system. Anyway presumably at some point I will need her info in order to be able to login.
 
Chicken said:
Yes you can, by switching to security questions and answers instead of SMS. It's in the AFF newsletter, and mentioned many times in this thread.



trying telling this, to the victims in the ABC article I linked to earlier.
Click to expand...
So my entire argument revolves around the premise that FF points are not "money", and with a few keystrokes QF can credit said points back to your account - easy as pie. They give them away willy nilly. Every time they give away 100,000 points for this credit card, or 400,000 points for that home loan, they are essentially just printing more money. They own the mint, and they print as they please. There appears to be zero interest or requirement to perform any kind of reconciliation on their part - just the other day i disputed points from another carrier - the other carrier wouldn't "share" with Qantas private customer information - I supplied the e-ticket - still not enough info to prove the actual fare class - but Qantas just took my word and BANG - more points added to my account!!!

So...... rather than roll out an expensive and annoying 2FA system to protect an asset that can essentially be re-created whenever they want..... they should just:

1) Refund people's points if stolen (based on a stat dec or similar)
2) Investigate alleged fraud (would be pretty easy as points have to be sent to an account or flights redeemed for a specific person)
3) Launch police involvement if necessary

Thus far, no one has presented a case whereby 2FA would have stopped the "fraud"... one case was a child accessing their elderly parent's account, which they didn't "hack" as they knew the login details anyway (like I do my parents' account)

And the other example was a dodgy travel agent who used his OWN points to book a flight for which he received cash - fraud, probably, but nothing to do with hacking an account whereby 2FA would have saved the day....

QF isn't a bank, and i think this is just "theatre", probably the idea of some dodgy IT consulting firm trying to con more money out of the airline.....
 
Max Samuels said:
So my entire argument revolves around the premise that FF points are not "money"

QF isn't a bank, and i think this is just "theatre", probably the idea of some dodgy IT consulting firm trying to con more money out of the airline.....
Click to expand...

So tell me, if you were to make this call in Qantas, then, some kid stole some points, and the parent didn't know because the kid didn't get the SMS notification.

For argument sake, the kin only stole 5000 points to buy a toaster.

Now, this is on Today Tonight / Herald Sun / ABC.

How are you going to face your boss, and how is your boss going to face people upstairs?
 
Probably lowest risk use of points for a thief/scammer is not flights, but toasters. Well maybe not toasters, but certainly vouchers. Apart from being more useful than a flight at specifically controlled point in time, more likely to be spent by the time the victim notices, and more utile to a criminal than a random flight.
 
Chicken said:
So tell me, if you were to make this call in Qantas, then, some kid stole some points, and the parent didn't know because the kid didn't get the SMS notification.

For argument sake, the kin only stole 5000 points to buy a toaster.

Now, this is on Today Tonight / Herald Sun / ABC.

How are you going to face your boss, and how is your boss going to face people upstairs?
Click to expand...
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.

Interestingly, the type of fraud you are hinting at is waaaaaaaaayyyyyyyy more likely to occur with credit cards (which it does), and I don't see credit card providers hauled on to ACA to explain why they let little 2-bit bobby rob his old gran blind using her credit card to buy toasters..... I just don't think it's a thing.

I prefer to live in a world where we go go after the person that does the crime, rather than blame the "system".
Did you know that in Victoria you cannot install a "non-flued" gas heater? You can in every other state. The reason being, that although the gas heaters have huge stickers saying "DO NOT INSTALL IN BEDROOMS OR BATHROOMS" and "DO NOT USE IN ROOMS SMALLER THAN xSQM" etc, some idiot ignored all of that, stuck the heater in his kid's room, and they suffocated. Then the idiot blamed the system. Rather than society call him out for the idiot that he was, he became the "victim", the system was blamed, and the laws were changed and now we all suffer.

Just as like my heaters non-flued, i like my QF account non-2FA....
 
Max Samuels said:
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.
Click to expand...

1: The example of this risk is in the ABC article I posted

Interestingly, the type of fraud you are hinting at is waaaaaaaaayyyyyyyy more likely to occur with credit cards

I prefer to live in a world where we go go after the person that does the crime, rather than blame the "system"
Click to expand...

I will catch your word "prefer". There is no such thing as a prefer in a large multinational. A risk is a risk, and a risk which could be managed by a control is a control we need.

Nowadays, even EFTPOS going down for a few hours, or someone in a wheel chair needs to be on a later QF flight because someone made a real honest mistake of forgetting to arrange an extra FA to fly on Jetstar for that pax (like what? only a month ago?), the whole world would explode.

If I was to do what you suggested, and the risk did eventuate, it would unfold like this:
I will get kicked by my boss.
My boss will get kicked by his boss's team.
My boss's boss's teams will get kicked by my boss's boss's.
My boss's boss's would get kicked by the GM
My boss's boss's and the GM would then get kicked by governance.
GM and governance will get kicked by the CEO.
GM + governance + CEO would get kicked by the board.
CEO would get kicked by the media.

Now, tell me, would you like to be THAT person who started all these blackhole kicking?
 
Max Samuels said:
I just don't see the evidence of this happening.
I have asked for examples of this and no one can quite point to anything specific.
Click to expand...
I can give a personal account of fraud which I have posted before on AFF.
On one occasion on logging in to my AA acount I saw points disappear for a flight.I was on to AA immediately and fortunately phone answered quickly..Great agent who kept me on the line explaining what he was doing.Result no loss of points.

Mate you are just too trusting.Why don't you start searching because there over the years been many threads on many websites plus articles in magazines and papers about FF accounts being hacked and points stolen.I haven't put these things into my favourites etc.Basically getting a bit upset that you are in reality calling me and others liars.
 
drron said:
Basically getting a bit upset that you are in reality calling me and others liars.
Click to expand...

I don't think Max Samuels is calling anyone a lier. However, this is also the problem we have with security.

People keep complaining about things being stolen, data being stolen, money being stolen, ID being stolen, but people keep complaining and trying to bypass security.

Reminds me of the same attitude people have about Facebook, which comedian Ronny Chieng explains (from 0 minute 46 seconds).

Can't help it :D
 
drron said:
I can give a personal account of fraud which I have posted before on AFF.
On one occasion on logging in to my AA acount I saw points disappear for a flight.I was on to AA immediately and fortunately phone answered quickly..Great agent who kept me on the line explaining what he was doing.Result no loss of points.

Mate you are just too trusting.Why don't you start searching because there over the years been many threads on many websites plus articles in magazines and papers about FF accounts being hacked and points stolen.I haven't put these things into my favourites etc.Basically getting a bit upset that you are in reality calling me and others liars.
Click to expand...
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
 
Max Samuels said:
We are possibly approaching this from different angles. whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data.
Click to expand...

No one is misappropriating (stealing) money from your work, zero evidence. Does that mean it's all good? Does that mean you don't need to have multiple level approval or approval from more than 1 business unit?
 
Max Samuels said:
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
Click to expand...

Just keep in mind, just because you haven't seen it, or it hasn't been reported, doesn't mean it hasn't happened.

There's a lot of confidentiality in certain matters, for a variety of reasons. Many don't want to air their 'dirty laundry' as one example.
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Max Samuels said:
Disagreeing is hardly calling someone a liar!

We are possibly approaching this from different angles. My job (as in career) is as an analyst for really big companies (banks, Telcos, airlines, insurance etc), to trawl through their data, look for trends, patterns etc. I then design and model scenarios to test my theories..... and if they hold true, I provide advice to the business based on what I observe. Fraud detection and risk mitigation is a big part of this job. But whatever insights I provide, and any recommendations that accompany it, must be supported by hard evidence. I need to explain myself using actual data. In other words, my brain is kind of hard-wired to not take things at face value.

All I am saying, is that from my own observations in the world that I live in, I have not seen nor heard of any instances of so called FF account hacking. I am not saying that it NEVER happens, I am just saying that I don't think it happens ENOUGH to warrant this new security regime. And when I asked if anyone new of any instances, the 2 news articles that were sent to me didn't support the claim that was being made.
Click to expand...
Though you have disregarded my link to the Gumtree selling of points.As I said it was much more prevalent on Ozbargain but was shut down there about 12-18 months ago-that is after QF began trialling the SMS option.The strong rumour was that QF had forced this shutdown.OK not hard evidence of hacking but definite evidence of trading that was totally against the T&Cs of the QFF loyalty program so a reason QF may have taken this step.
 
drron said:
Though you have disregarded my link to the Gumtree selling of points.As I said it was much more prevalent on Ozbargain but was shut down there about 12-18 months ago-that is after QF began trialling the SMS option.The strong rumour was that QF had forced this shutdown.OK not hard evidence of hacking but definite evidence of trading that was totally against the T&Cs of the QFF loyalty program so a reason QF may have taken this step.
Click to expand...

It's still on there. For example, there are a couple there just in the past couple of days.
 
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
 
Myrna said:
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
Click to expand...

I would log in to Qantas, and change the 4 digit PIN immediately.

In case you use this 4 digit PIN for something else, I would also change them (not that you should be sharing the same PIN / password between companies in the first place).
 
Thanks, chicken, for your reply. I logged into my account ok but when I logged into hubby‘s account it asked for the code but no code came thru my mobile - must be very weak signal where I am LA. So I will try later but not too many times else it will lock the account. No I don’t use the same pin for anything else.
 
Myrna said:
A question: it is evening in LA I got an sms on my mobile giving me the code. Strange because I have not logged into either my account or hubby’s acoount, and hubby cannot do it because he is sleeping in London. Why I got the sms out of the blue? Someone hacking our accounts?
Click to expand...
Same with me! I got a verification SMS last night at 11:17PM despite not having accessed my a/c for some days. i have checked my a/c (still requires no 2FA!, as i noted above) and it looks OK.
 
I had an issue last night. I am in Auckland and my flight home got cancelled and I couldn't even accept changes because I was locked out of my account. I couldn't verify by SMS as I couldn't receive it and I entered the details correctly (I'm sure but maybe I didn't give my mother's maiden name when I signed up back in 2006) but was locked out. Had no choice but to call via my hotel. The first time I was told a 3 hour wait - I was really upset. But I called back and waited only a couple of minutes. The NZ agent was able to accept the change and move my seat forward (because my initial flight was an A330 and I am sadly now on a 737, row 24 is no longer anywhere near the front) but couldn't unlock my account. Why not have an opt in system or perhaps provide email verification?

@Pushka was spot on. We get several emails a week about things that may not be an interest but on something as important as this we only notice when we have an issue.
 
People obviously don't like change but 2FA is standard today and if your company doesn't have it it's a dinosaur.

And point losses do happen. SIA drew criticism for not having 2FA and recently implemented an SMS system.

www.channelnewsasia.com

Singapore Airlines investigating after woman loses 76,000 KrisFlyer miles in alleged hack

SINGAPORE: When 34-year-old general manager Sherie Low logged into her KrisFlyer account on Sunday (Apr 15), she discovered that the bulk of her ...
www.channelnewsasia.com www.channelnewsasia.com
 
Status
Not open for further replies.

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Staff online

Currently Active Users

Total: 209 (members: 28, guests: 181)
Back
Top