Share Travel Plans? How to Password Protect Your Airline and Hotel Reservations

I’ve always been amazed by the lack of verification required to make or change an airline or hotel reservation, especially when booking a reward for someone else. Funny enough, I say this as someone that spends most of their time booking award ticket for others, with good intentions.

Airlines all have different approaches to “verifying” the identity of people making bookings by phone. At Continental and Delta for example, you need to verify your four digit PIN in order to make an award booking. American, on the other hand, requires the person redeeming miles to use a credit card in their name for the taxes on an award ticket. Then there are airlines like US Airways, which will simply verify the address of the member in order to make an award booking, if even that.

Certainly there’s a tradeoff between security and convenience though. On one hand I want my account protected (meaning I don’t want anyone else to have unauthorized access to the account), but at the same time I don’t want to spend five minutes verifying information every time I book something to prove who I am.

So when it comes to award redemptions among airlines, I think Delta has the best system. Each member has a four digit PIN, and in order to make a booking you need to enter your PIN in the automated system when you call, at which point you’re considered “verified.” The process is simple and does a good job of protecting your security. Continental has a similar system in theory, though you need to tell the agent your four digit PIN when making an award reservation. I’m not a fan of that system at all, mainly because I’m often in public and don’t want to say my four digit PIN out loud.

On the other end of the spectrum is Air Canada Aeroplan, one of my favorite loyalty programs. Nonetheless they have one of the silliest rules out there. Only the actual member can make a reward booking, and the way they verify that is by asking for the address and phone number of the member. However, the member can call and have someone else be authorized on the account by verifying that same information. There’s nothing preventing someone from calling in pretending to be that person in order to make a booking. It just seems like such a superficial security system to me. I far prefer the PIN based system where anyone can call in and make a booking for me, as long as they have my PIN.

Anyway, on to the topic of this post. Up until a few months ago I thought all of this was moot. Who’s really going to try to use my miles or cancel one of my reservations? Well, apparently someone.

A couple of weeks ago I was scheduled to fly to Paris on American Airlines. I had booked a discounted business class ticket and applied systemwide upgrades so that I could fly first class, so it looked to be quite a nice trip, especially since I would be earning top tier status with them upon the completion of the trip.

Everything looked fine until the afternoon before the flight, when I tried to check-in online. I logged into my AAdvantage account and went to the “My Reservations” tab and accessed my reservation. Under that same record locator a reservation pulled up for travel from Raleigh to Los Angeles in coach several weeks later. I chuckled, thinking it was an IT error. I closed my browser, opened a different browser, and pulled up my reservation again. The same reservation appeared.

As it turns out, someone decided to change my reservation just an hour earlier, I assume out of spite. After 90 minutes on the phone with an absolute savior of a service director my itinerary was fully restored, which I was thankful for. It could have very well ended up uglier, though, especially since I had some British Airways segments on my itinerary.

I would chalk it up to a fluke, though this was actually the second time this has happened to me. The first time around I assumed it was an IT glitch or maybe a human error. However, after the second time it was clear to me that there’s someone out there that’s quite malicious and desperate, which is why I looked into better ways to protect my mileage accounts.

The fact is, it was incredibly easy for him to change my itinerary. He probably called up earlier in the day, knowing I was flying from Miami to London, and pretended to be me, probably claiming to have forgotten the record locator. After confirming his name (pretending to be me) the agent likely gave him the record locator. Then he probably called back, after pulling up the reservation on American’s website, and with full confidence claimed to be me. They really don’t ask any questions at that point, assuming you have someone’s record locator and name, so he could do with my reservation whatever he wanted. And therein lies the value of password protecting your loyalty program account or a particular reservation.

But it’s not just travel bloggers that should protect their travel plans. I know members of online travel bulletin boards that posted their travel plans and had others make changes to their reservations, from minor things like a seat change to outright canceling a reservation. The same could happen if you have a disgruntled employee, ex-girlfriend/boyfriend/wife/husband, or any of a number of other different scenarios.

As a result of that I’ve done some research as to the policies of each of the major US airlines and hotel chains regarding password protecting accounts. As a starting point it’s probably worth mentioning that virtually all US airlines have no real form of security when it comes to revenue tickets. Anyway here’s a breakdown (and I don’t want to be too specific, because that could lead to further abuse):

Airline or Hotel

Award Travel Security

Recommendation

Contact

American Airlines

Medium: Credit card needs to be in member’s name, though you can always get a card in someone else’s name

Revenue tickets: Password protect by calling reservations

Award travel: Call AAdvantage customer service

Reservations & AAdvantage:
(800) 882-8880

Continental

Strong: PIN required

Revenue tickets: Password protect by calling reservations

Award travel: Use PIN

Reservations:
(800) 523-3273

Delta

Strong: PIN required

Revenue tickets: Password protect entire SkyMiles Account by calling reservations; remind agent to check SkyMiles to add pw to each new reservation

Award travel: Use PIN

Reservations:
(800) 221-1212

United

Medium: Only zip code required when making reservations for someone with same last name, though more verification if making reservation for others

Revenue tickets: Submit password request in writing to Mileage Plus; all new reservations will use this password

Award travel: see above

Mileage Plus Service Center P.O. Box 6120 Rapid City, SD  57709-6120

 

US Airways

Weak: Only asked address and possibly phone number or email address

Revenue tickets: Password protect by calling reservations

Award travel: see above

Reservations:
(800) 428-4322

Hilton

Strong: PIN required for verification

Revenue stays: No password protection, but you’ll be prompted for personal data and last 4 digits of credit card

Award travel: PIN required for verification

n/a

Hyatt

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Password protect by calling reservations

Award travel: see above

Reservations:
(888) 591-1234

Marriott/

Ritz-Carlton

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Requires confirmation number or last four digits of credit card

Award travel: see above

n/a

Priority Club

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: No password protection available

Award travel: No password protection available

n/a

Starwood

Strong: Security question required for verification

Revenue stays: Requires verification of security question you selected online

Award travel: see above

n/a

If you enjoyed this, please follow TravelSort on Twitter or  like us on Facebook to be alerted to new posts. 

Become a Member to find your perfect luxury or boutique hotel at up to 50% off: TravelSort Hotels


  • |
  • Print
    print |
Related Articles
Comments
Picture?type=large Kent O. commented 22 Jun 2011

Thanks for putting together this article: it is a great resource. The schmuck whom cancelled and altered your travel plans should be identified and shamed throughout the web travel community. What he did is out of line and unacceptable, but I do think that instant karma will catch up to him.

With regards to the Hilton program, I am asked almost every time for my PIN from an agent whether calling the HHonors line and the reservations usually requires it as well.

Avatar_60_hilary Hilary Stockton commented 22 Jun 2011

Kent, thanks for your comment, and update for Hilton--are you prompted for PIN for both revenue and award bookings? 

Picture?type=large Ben Schlappig commented 22 Jun 2011

Thanks for the correction, Kent. It's my understanding that's only for awards, though, right? I went ahead and updated the post to reflect that, though if it's still not right, let me know.

Picture?type=large Kent O. commented 23 Jun 2011

Ben and Hillary,

I make most of my bookings online with my HHonors account which requires entering a password or PIN to access the account. Whenever you make a change or cancel a reservation online or via phone, you then receive an email from Hilton notifying you of the action which was taken, so it makes it much easier to oversee. If someone alters a person's Hilton hotel reservation, he would be alerted very quickly.

AFAIK, the Hilton reservations agents do not distinguish between award and general reservations. They usually request your name and PIN before they will proceed further on a call. Then again, I have not made many award bookings or reservations changes via phone, so I will be more observant in regards to what info they request.

 


Leave a Comment
Comment
Facebook-logo
Get Free Email Blog Updates
Popular Articles
Square_best_premium_economy-seat_pitch_41_inches
4/3/2016
  I had my best Premium Economy flight today. Granted, I normally try to fly at least business class for international flights, but this was a relatively short international flight and I decided Premium Economy was all my son and...
Square_amex_platinum_airline_fee_credits_posted-400_off_american_airlines_flights
5/14/2016
Our 2016 AMEX Platinum Airline Fee Credits have posted, which will give us $400 off American Airlines flights. My husband and I both have the AMEX Business Platinum card, so we each were reimbursed $200 for our American Airlines e-gift...
Square_75k_mercedes_benz_platinum_amex_bonus_offer
4/30/2016
  A 75K Mercedes-Benz Platinum AMEX bonus offer is available, for $3000 minimum spend, so I've updated our Best Travel Credit Cards page and made it 4th on that list. Recently I wrote about the semi-targeted 75K AMEX Business Platinum...
Square_review-american_a321_first_class_seat_2f
4/5/2016
  This American Airlines A321 First Class Review is part of a trip report on Bora Bora, Tahiti and New Zealand luxury resorts, dining and activities. For the prior posts, please see: Review: American A321 Business Class New York to Los...
Square_50k_lufthansa_miles_and_more_bonus_offer_returns
4/5/2016
  A 50,000 Lufthansa Miles & More World MasterCard bonus offer has returned, and I've added it to the Best Travel Credit Cards page.   Here are the offer details: 20,000 Miles & More miles after first purchase Additional 30,000 Miles & More...
Square_japan_airlines_jal-no_seat_selection_online_for_aa_award_tickets
4/26/2016
  Update: JAL online seat selection is again available, perhaps thanks to my and others' complaints about the system update that had eliminated it. -----Original Post----- JAL Seat Selection Online is No Longer Available for AA Award Tickets and other...
Square_ritz-carlton_stars_benefits_and_top_stars_exclusive_offers-ritz-carlton_pudong-3rd_night_free
4/24/2016
Ritz-Carlton STARS Benefits are the perks of the Ritz-Carlton's preferred partner program, and can only be reserved through TravelSort, as a TravelSort Client, or via another STARS member luxury travel advisor. Here are the benefits: Guaranteed 4pm late check-out, when...
Square_review-lax_international_lounge_at_tbit-view_of_terminal
3/30/2016
This Los Angeles International Lounge Review at LAX TBIT before an Air Tahiti Nui flight is part of a new trip report on Bora Bora and Tahiti luxury resorts, dining and activities. For the prior posts, please see: Review: American A321 Business...
Square_british_airways_first_class_from_1984_roundtrip
5/12/2016
  British Airways First Class Can Be Booked for as little as $1998 roundtrip today, May 12, thanks to a BA first class and business class fare sale combined with an AARP discount and an extra 10% British Airways Visa...
Square_march_expiring_deals-_35k_spg_amex-chase_cobrand_cards-buy_alaska_miles_with_40_percent_bonus_
3/27/2016
Several March Deals are worth mentioning before they expire soon: the 35K SPG AMEX offers, Chase cobranded cards such as the British Airways Visa, and the Alaska Mileage Plan buy miles up to 40% bonus offer. Here are the details:...