Share Travel Plans? How to Password Protect Your Airline and Hotel Reservations

I’ve always been amazed by the lack of verification required to make or change an airline or hotel reservation, especially when booking a reward for someone else. Funny enough, I say this as someone that spends most of their time booking award ticket for others, with good intentions.

Airlines all have different approaches to “verifying” the identity of people making bookings by phone. At Continental and Delta for example, you need to verify your four digit PIN in order to make an award booking. American, on the other hand, requires the person redeeming miles to use a credit card in their name for the taxes on an award ticket. Then there are airlines like US Airways, which will simply verify the address of the member in order to make an award booking, if even that.

Certainly there’s a tradeoff between security and convenience though. On one hand I want my account protected (meaning I don’t want anyone else to have unauthorized access to the account), but at the same time I don’t want to spend five minutes verifying information every time I book something to prove who I am.

So when it comes to award redemptions among airlines, I think Delta has the best system. Each member has a four digit PIN, and in order to make a booking you need to enter your PIN in the automated system when you call, at which point you’re considered “verified.” The process is simple and does a good job of protecting your security. Continental has a similar system in theory, though you need to tell the agent your four digit PIN when making an award reservation. I’m not a fan of that system at all, mainly because I’m often in public and don’t want to say my four digit PIN out loud.

On the other end of the spectrum is Air Canada Aeroplan, one of my favorite loyalty programs. Nonetheless they have one of the silliest rules out there. Only the actual member can make a reward booking, and the way they verify that is by asking for the address and phone number of the member. However, the member can call and have someone else be authorized on the account by verifying that same information. There’s nothing preventing someone from calling in pretending to be that person in order to make a booking. It just seems like such a superficial security system to me. I far prefer the PIN based system where anyone can call in and make a booking for me, as long as they have my PIN.

Anyway, on to the topic of this post. Up until a few months ago I thought all of this was moot. Who’s really going to try to use my miles or cancel one of my reservations? Well, apparently someone.

A couple of weeks ago I was scheduled to fly to Paris on American Airlines. I had booked a discounted business class ticket and applied systemwide upgrades so that I could fly first class, so it looked to be quite a nice trip, especially since I would be earning top tier status with them upon the completion of the trip.

Everything looked fine until the afternoon before the flight, when I tried to check-in online. I logged into my AAdvantage account and went to the “My Reservations” tab and accessed my reservation. Under that same record locator a reservation pulled up for travel from Raleigh to Los Angeles in coach several weeks later. I chuckled, thinking it was an IT error. I closed my browser, opened a different browser, and pulled up my reservation again. The same reservation appeared.

As it turns out, someone decided to change my reservation just an hour earlier, I assume out of spite. After 90 minutes on the phone with an absolute savior of a service director my itinerary was fully restored, which I was thankful for. It could have very well ended up uglier, though, especially since I had some British Airways segments on my itinerary.

I would chalk it up to a fluke, though this was actually the second time this has happened to me. The first time around I assumed it was an IT glitch or maybe a human error. However, after the second time it was clear to me that there’s someone out there that’s quite malicious and desperate, which is why I looked into better ways to protect my mileage accounts.

The fact is, it was incredibly easy for him to change my itinerary. He probably called up earlier in the day, knowing I was flying from Miami to London, and pretended to be me, probably claiming to have forgotten the record locator. After confirming his name (pretending to be me) the agent likely gave him the record locator. Then he probably called back, after pulling up the reservation on American’s website, and with full confidence claimed to be me. They really don’t ask any questions at that point, assuming you have someone’s record locator and name, so he could do with my reservation whatever he wanted. And therein lies the value of password protecting your loyalty program account or a particular reservation.

But it’s not just travel bloggers that should protect their travel plans. I know members of online travel bulletin boards that posted their travel plans and had others make changes to their reservations, from minor things like a seat change to outright canceling a reservation. The same could happen if you have a disgruntled employee, ex-girlfriend/boyfriend/wife/husband, or any of a number of other different scenarios.

As a result of that I’ve done some research as to the policies of each of the major US airlines and hotel chains regarding password protecting accounts. As a starting point it’s probably worth mentioning that virtually all US airlines have no real form of security when it comes to revenue tickets. Anyway here’s a breakdown (and I don’t want to be too specific, because that could lead to further abuse):

Airline or Hotel

Award Travel Security

Recommendation

Contact

American Airlines

Medium: Credit card needs to be in member’s name, though you can always get a card in someone else’s name

Revenue tickets: Password protect by calling reservations

Award travel: Call AAdvantage customer service

Reservations & AAdvantage:
(800) 882-8880

Continental

Strong: PIN required

Revenue tickets: Password protect by calling reservations

Award travel: Use PIN

Reservations:
(800) 523-3273

Delta

Strong: PIN required

Revenue tickets: Password protect entire SkyMiles Account by calling reservations; remind agent to check SkyMiles to add pw to each new reservation

Award travel: Use PIN

Reservations:
(800) 221-1212

United

Medium: Only zip code required when making reservations for someone with same last name, though more verification if making reservation for others

Revenue tickets: Submit password request in writing to Mileage Plus; all new reservations will use this password

Award travel: see above

Mileage Plus Service Center P.O. Box 6120 Rapid City, SD  57709-6120

 

US Airways

Weak: Only asked address and possibly phone number or email address

Revenue tickets: Password protect by calling reservations

Award travel: see above

Reservations:
(800) 428-4322

Hilton

Strong: PIN required for verification

Revenue stays: No password protection, but you’ll be prompted for personal data and last 4 digits of credit card

Award travel: PIN required for verification

n/a

Hyatt

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Password protect by calling reservations

Award travel: see above

Reservations:
(888) 591-1234

Marriott/

Ritz-Carlton

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Requires confirmation number or last four digits of credit card

Award travel: see above

n/a

Priority Club

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: No password protection available

Award travel: No password protection available

n/a

Starwood

Strong: Security question required for verification

Revenue stays: Requires verification of security question you selected online

Award travel: see above

n/a

If you enjoyed this, please follow TravelSort on Twitter or  like us on Facebook to be alerted to new posts. 

Become a Member to find your perfect luxury or boutique hotel at up to 50% off: TravelSort Hotels


  • |
  • Print
    print |
Related Articles
Square_php8mx0efpm
3/13/2012
Last July I wrote a post about the 10 Best Premium Cabin Award Redemption Values. It’s amazing how quickly the industry changes, since I think the list could already use an update. This is due to program devaluations, changes in...
Square_php8mx0efpm
3/6/2012
March 3, 2012, marked the system integration of United and Continental Airlines. Many feared it would be a near meltdown given the massive scale of merging two airlines that ran on completely different systems. For the most part the transition...
Comments
Picture?type=large Kent O. commented 22 Jun 2011

Thanks for putting together this article: it is a great resource. The schmuck whom cancelled and altered your travel plans should be identified and shamed throughout the web travel community. What he did is out of line and unacceptable, but I do think that instant karma will catch up to him.

With regards to the Hilton program, I am asked almost every time for my PIN from an agent whether calling the HHonors line and the reservations usually requires it as well.

Avatar_60_hilary Hilary Stockton commented 22 Jun 2011

Kent, thanks for your comment, and update for Hilton--are you prompted for PIN for both revenue and award bookings? 

Picture?type=large Ben Schlappig commented 22 Jun 2011

Thanks for the correction, Kent. It's my understanding that's only for awards, though, right? I went ahead and updated the post to reflect that, though if it's still not right, let me know.

Picture?type=large Kent O. commented 23 Jun 2011

Ben and Hillary,

I make most of my bookings online with my HHonors account which requires entering a password or PIN to access the account. Whenever you make a change or cancel a reservation online or via phone, you then receive an email from Hilton notifying you of the action which was taken, so it makes it much easier to oversee. If someone alters a person's Hilton hotel reservation, he would be alerted very quickly.

AFAIK, the Hilton reservations agents do not distinguish between award and general reservations. They usually request your name and PIN before they will proceed further on a call. Then again, I have not made many award bookings or reservations changes via phone, so I will be more observant in regards to what info they request.

 


Leave a Comment
Comment
Facebook-logo
Get Free Email Blog Updates
Popular Articles
Square_150k_amex_business_platinum_card_bonus_offer
4/5/2015
  I just received a 150,000 AMEX Business Platinum Card bonus offer in the mail as a targeted offer, which was thrilling, as to my knowledge, this is the highest bonus offer available for the American Express Business Platinum card....
Square_100k_amex_business_platinum_bonus_offer
3/2/2015
  A 100K AMEX Business Platinum signup bonus offer just arrived in the mail, so I applied and was approved. I'd been hoping for such an offer, since in my view the 40K public offer is too low given the...
Square_100k_citi_prestige_card_signup_bonus_offer
4/18/2015
A 100K Citi Prestige Card targeted signup bonus offer has started arriving via mail to some Flyertalk posters such as ILGfly.   I have largely ignored this card, partly because I'm most focused on Citi AAdvantage cards in terms of...
Square_chase_refer_a_friend-earn_50000_points_
2/27/2015
Chase Refer a Friend is back: earn up to 50,000 points for referring family and friends to the Chase Sapphire Preferred and other Chase cards. You'll earn 5000 points for each successful referral, up to a maximum of 50,000 points...
Square_75k_amex_business_gold_rewards_bonus_offer_2015
3/9/2015
  A 75K AMEX Business Gold Rewards card bonus offer is available online, although unlike some previous offers, it has a minimum spend of $10,000 during the first 3 months. Update: some have written to say they can't get the...
Square_etihad_first_class_review_to_abu_dhabi-suite_1k_window_seat
3/20/2015
  This Etihad First Class 787-9 Review is part of a trip report including luxury resort stays in Abu Dhabi, the Maldives and Southeast Asia. For the prior post, please see my Review of Etihad's Lounge at Washington Dulles Airport (IAD). We...
Square_will_chase_amex_citi_claw_back_credit_card_signup_bonus_miles_or_points
3/22/2015
  Will Chase, AMEX, Citi claw back credit card signup bonus miles or points? A TravelSort reader writes "I was just approved for a Chase Sapphire Preferred, 75K AMEX Premier Gold Rewards card and a Citi AAdvantage Platinum Select card....
Square_when_to_cancel_a_credit_card_or_pay_the_annual_fee
3/5/2015
  When Should You Cancel a Credit Card or Pay the Annual Fee? A TravelSort Client emailed me: "My wife's Chase Sapphire Preferred Card's annual fee just became due and that made me think of a question for you. Do you...
Square_thai_airways_review_a380-first_class_cabin
3/7/2015
  This Thai Airways A380 First Class Review is part of a trip report including Asiana First Class and luxury resorts and dining in Chiang Rai and Siem Reap. For the previous articles, please see: SWISS Lounge JFK Terminal 4 Review Review: Asiana...
Square_aadvantage_and_dividend_miles_merging_in_april_and_faq_
3/14/2015
  AAdvantage and Dividend Miles are merging within 30 days, per emails being sent to AAdvantage members: "...we're on track to bring the US Airways Dividend Miles® program into the AAdvantage program within the next 30 days." Update: We now know that Dividend Miles will...