Most loyalty programs reserve the right to suspend, lock or close members’ accounts if they detect suspicious activity.
This could be because someone has hacked into your account – something that seems to be happening more and more frequently. It could even be because the loyalty program thinks something you’ve done looks suspicious – regardless of whether that’s actually the case.
So, what actually happens a frequent flyer program locks your account? And what do you need to do?
Contents
Why an airline might lock your account
Let’s take a closer look at what might cause a frequent flyer program to suspend a member’s account…
Fraudulent activity
Loyalty programs reserve the right to close accounts if they believe you’ve earned, used or transferred points in a way that is fraudulent or breaches the program terms and conditions.
For example, Velocity Frequent Flyer may automatically suspend accounts that it suspects are breaking the family pooling rules. Many programs will also suspend members they suspect have bought or sold points, including to mileage brokers. (This is a serious problem for many airlines.)
Hacked accounts
If someone has hacked into your frequent flyer account, they may have changed the contact details on your profile. They might have also stolen some or all of your points.
If a loyalty program spots this kind of behaviour, and thinks it might be suspicious, their fraud department will usually flag it and suspend your account.
That said, on rare occasions, someone could steal your points without anyone noticing. You might only realise after logging into your account and realising that your points balance is lower than expected. If this happens, you should immediately report it to the loyalty program. You should probably also change your password.
The loyalty program may then lock your account temporarily to prevent any fraudsters from stealing more points.
To reduce the risk of this happening to you, there are a few things you can do. These include:
- Setting strong, unique passwords
- Enabling two-factor authentication whenever possible
- Being alert to scams
- Not posting photos of your boarding passes on social media
Suspicious login attempts
I’ve personally had two of my frequent flyer accounts unexpectedly locked over the years. Once, it was due to a European airline flagging an AwardWallet login on my account as suspicious.
AwardWallet is a service that tracks the balances and expiry dates of points in your loyalty program accounts. Unless you’ve disabled the feature, AwardWallet periodically logs into your account on your behalf to scrape the latest information and send you updates.
I consider this to be a useful service as I’m a member of lots of different loyalty programs, and it can be hard to keep track of all those accounts. Unfortunately, some airlines may consider AwardWallet logins to be unusual or suspicious – as happened in this instance. (I’ve since disabled AwardWallet from automatically logging into my loyalty accounts.)
I have no clue why I once got locked out of one of my other frequent flyer accounts, with a Middle Eastern airline. Their call centre couldn’t tell me either, although that’s not really surprising if they thought my account was somehow compromised (it wasn’t).
What happens next?
This depends on the loyalty program…
Velocity Frequent Flyer
An unusually high number of AFF members have recently reported that Velocity Frequent Flyer suspended their accounts due to suspicious or fraudulent activity. In many cases, Velocity did this after thieves hacked into their accounts and stole large amounts of points.
When this happens, Velocity conducts an investigation which it says could take up to 30 business days. However, in many cases, the investigations are taking even longer than that at the moment.
After completing its investigation, Velocity will generally reinstate any points that were stolen from your account through no fault of your own. It may also issue you with new account details. You’ll then be able to log into your account again and resume redeeming points.
In the meantime, while the investigation is ongoing, you won’t be able to redeem any Velocity points – even for legitimate bookings.
Qantas Frequent Flyer
If Qantas Frequent Flyer suspects fraud on a member’s account, they will notify the member that their account is suspended. They will then give the member 14 days to respond to the allegations. Qantas will then review the available information and either remove the suspension or take actions as set out in section 8 of the program terms & conditions.
In cases of accounts getting hacked and points stolen, Qantas Frequent Flyer will typically issue a new account to the member and reinstate their points, if the member was not responsible. However, with Qantas actively using two-factor authentication, this seems to happen much less often with Qantas than with Velocity Frequent Flyer.
Other loyalty programs
Other frequent flyer programs have their own policies. Many simply require members to verify their identity by sending a copy of their passport or other photo ID. You may also need to call the airline.
It could take anything from a few hours to several months before the airline reinstates your account. For example, some AFF members have had to wait over three months for Air Canada’s Aeroplan program to unlock their account after it was flagged.
When my account with a European airline was locked, I got an email saying that the airline would contact me again with more information within two weeks. After three weeks I had heard nothing further, so I called the airline. The airline confirmed my details and then asked me to email them a copy of my passport. They unlocked my account a few days later.
The Middle Eastern airline also instructed me to email a copy of my passport to their fraud prevention team, which unlocked my account a few hours later.
Loyalty programs are starting to take fraud more seriously
Sadly, loyalty program fraud is a serious problem that’s only getting worse, as cyber attacks and hackers become more sophisticated.
In recent months, both Aeroplan and Velocity Frequent Flyer have suspended online points transfers between family members. This is a common way that hackers may steal points.
Another common way that hackers may steal frequent flyer points is to redeem them for gift cards or flights. When booking flights, these are often for departures within the next day or two. This increases the chances that either the hacker (or perhaps even an unsuspecting customer of a mileage broker) is able to board the flight before the airline cancels the ticket.
To combat this, most serious loyalty programs now require two-factor authentication when they detect unusual logins, or when a member tries to redeem points online. This can be a fairly effective security measure when it works properly.
