A timely reminder about frequent flyer & guest account security and fraud protection

In recent weeks we’ve received e-mails from two major frequent guest programmes (Hilton Honors and Starwood Preferred Guest) advising us to change our account passwords.

We’ve also seen anecdotal claims online regarding Avios frequent flyer miles having been stolen from British Airways Executive Club accounts, with BA also temporarily freezing accounts following suspected unauthorised access. The Mandarin Oriental hotel group was also recently the subject of a data theft.

This is a timely reminder that frequent flyer miles and hotel reward currencies do have a substantial monetary value (in redemption terms) and accounts should be treated as you would an account for any other financial instrument.

Given how big the frequent guest and flyer industry has become with many travellers having accounts across a range of hotels and airlines, it’s often difficult to keep track of every account and fraudulent activity can easily go un-noticed.

Some of the methods we have heard fraudsters adopt to access accounts have bordered on the ingenious and there can be no immunity against the risk of fraud – particularly when it is airlines and hotels that are compromised. However, there are some simple steps that can be followed to improve account security:

1. Use the e-mail address with which you have registered your accounts sparingly. Use it only for registering with established and reputable websites. Keep a separate e-mail address for registrations on websites that may not be reputable. Your password for your e-mail account should always be unique. Never use the same password for any other account.

2. As you would with online banking, avoid accessing your accounts on public computers or through networks where you cannot be confident of their security. Always make sure you log out after accessing your account.

3. It is advisable not to use the same password across all of your frequent guest and flyer accounts as fraudulent access to one account is likely to prompt attempts to access other frequent guest and flyer programmes.

4. Your password should be a “strong” password with a combination of capitalised and lower case letters, numbers and characters that could not be easily guessed. Also change passwords regularly. Ditto for e-mail and online banking accounts.

5. It’s worth checking accounts regularly for any suspicious activity. Always review periodic e-mail statements from airlines and hotels.

6. Also, be aware of “phishing e-mails”. Like banks, airlines and hotels will never e-mail you requesting your personal details. Also be aware of e-mails in respect of bookings that you do not recognise. Or e-mails containing attachments (airlines and hotels do not send booking details via attachment). If any doubt, go directly to the airline website via your browser, rather than following the link in the e-mail.

We welcome any thoughts and comments below: