Share Travel Plans? How to Password Protect Your Airline and Hotel Reservations

I’ve always been amazed by the lack of verification required to make or change an airline or hotel reservation, especially when booking a reward for someone else. Funny enough, I say this as someone that spends most of their time booking award ticket for others, with good intentions.

Airlines all have different approaches to “verifying” the identity of people making bookings by phone. At Continental and Delta for example, you need to verify your four digit PIN in order to make an award booking. American, on the other hand, requires the person redeeming miles to use a credit card in their name for the taxes on an award ticket. Then there are airlines like US Airways, which will simply verify the address of the member in order to make an award booking, if even that.

Certainly there’s a tradeoff between security and convenience though. On one hand I want my account protected (meaning I don’t want anyone else to have unauthorized access to the account), but at the same time I don’t want to spend five minutes verifying information every time I book something to prove who I am.

So when it comes to award redemptions among airlines, I think Delta has the best system. Each member has a four digit PIN, and in order to make a booking you need to enter your PIN in the automated system when you call, at which point you’re considered “verified.” The process is simple and does a good job of protecting your security. Continental has a similar system in theory, though you need to tell the agent your four digit PIN when making an award reservation. I’m not a fan of that system at all, mainly because I’m often in public and don’t want to say my four digit PIN out loud.

On the other end of the spectrum is Air Canada Aeroplan, one of my favorite loyalty programs. Nonetheless they have one of the silliest rules out there. Only the actual member can make a reward booking, and the way they verify that is by asking for the address and phone number of the member. However, the member can call and have someone else be authorized on the account by verifying that same information. There’s nothing preventing someone from calling in pretending to be that person in order to make a booking. It just seems like such a superficial security system to me. I far prefer the PIN based system where anyone can call in and make a booking for me, as long as they have my PIN.

Anyway, on to the topic of this post. Up until a few months ago I thought all of this was moot. Who’s really going to try to use my miles or cancel one of my reservations? Well, apparently someone.

A couple of weeks ago I was scheduled to fly to Paris on American Airlines. I had booked a discounted business class ticket and applied systemwide upgrades so that I could fly first class, so it looked to be quite a nice trip, especially since I would be earning top tier status with them upon the completion of the trip.

Everything looked fine until the afternoon before the flight, when I tried to check-in online. I logged into my AAdvantage account and went to the “My Reservations” tab and accessed my reservation. Under that same record locator a reservation pulled up for travel from Raleigh to Los Angeles in coach several weeks later. I chuckled, thinking it was an IT error. I closed my browser, opened a different browser, and pulled up my reservation again. The same reservation appeared.

As it turns out, someone decided to change my reservation just an hour earlier, I assume out of spite. After 90 minutes on the phone with an absolute savior of a service director my itinerary was fully restored, which I was thankful for. It could have very well ended up uglier, though, especially since I had some British Airways segments on my itinerary.

I would chalk it up to a fluke, though this was actually the second time this has happened to me. The first time around I assumed it was an IT glitch or maybe a human error. However, after the second time it was clear to me that there’s someone out there that’s quite malicious and desperate, which is why I looked into better ways to protect my mileage accounts.

The fact is, it was incredibly easy for him to change my itinerary. He probably called up earlier in the day, knowing I was flying from Miami to London, and pretended to be me, probably claiming to have forgotten the record locator. After confirming his name (pretending to be me) the agent likely gave him the record locator. Then he probably called back, after pulling up the reservation on American’s website, and with full confidence claimed to be me. They really don’t ask any questions at that point, assuming you have someone’s record locator and name, so he could do with my reservation whatever he wanted. And therein lies the value of password protecting your loyalty program account or a particular reservation.

But it’s not just travel bloggers that should protect their travel plans. I know members of online travel bulletin boards that posted their travel plans and had others make changes to their reservations, from minor things like a seat change to outright canceling a reservation. The same could happen if you have a disgruntled employee, ex-girlfriend/boyfriend/wife/husband, or any of a number of other different scenarios.

As a result of that I’ve done some research as to the policies of each of the major US airlines and hotel chains regarding password protecting accounts. As a starting point it’s probably worth mentioning that virtually all US airlines have no real form of security when it comes to revenue tickets. Anyway here’s a breakdown (and I don’t want to be too specific, because that could lead to further abuse):

Airline or Hotel

Award Travel Security

Recommendation

Contact

American Airlines

Medium: Credit card needs to be in member’s name, though you can always get a card in someone else’s name

Revenue tickets: Password protect by calling reservations

Award travel: Call AAdvantage customer service

Reservations & AAdvantage:
(800) 882-8880

Continental

Strong: PIN required

Revenue tickets: Password protect by calling reservations

Award travel: Use PIN

Reservations:
(800) 523-3273

Delta

Strong: PIN required

Revenue tickets: Password protect entire SkyMiles Account by calling reservations; remind agent to check SkyMiles to add pw to each new reservation

Award travel: Use PIN

Reservations:
(800) 221-1212

United

Medium: Only zip code required when making reservations for someone with same last name, though more verification if making reservation for others

Revenue tickets: Submit password request in writing to Mileage Plus; all new reservations will use this password

Award travel: see above

Mileage Plus Service Center P.O. Box 6120 Rapid City, SD  57709-6120

 

US Airways

Weak: Only asked address and possibly phone number or email address

Revenue tickets: Password protect by calling reservations

Award travel: see above

Reservations:
(800) 428-4322

Hilton

Strong: PIN required for verification

Revenue stays: No password protection, but you’ll be prompted for personal data and last 4 digits of credit card

Award travel: PIN required for verification

n/a

Hyatt

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Password protect by calling reservations

Award travel: see above

Reservations:
(888) 591-1234

Marriott/

Ritz-Carlton

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Requires confirmation number or last four digits of credit card

Award travel: see above

n/a

Priority Club

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: No password protection available

Award travel: No password protection available

n/a

Starwood

Strong: Security question required for verification

Revenue stays: Requires verification of security question you selected online

Award travel: see above

n/a

If you enjoyed this, please follow TravelSort on Twitter or  like us on Facebook to be alerted to new posts. 

Become a Member to find your perfect luxury or boutique hotel at up to 50% off: TravelSort Hotels


  • |
  • Print
    print |
Related Articles
Square_php8mx0efpm
3/13/2012
Last July I wrote a post about the 10 Best Premium Cabin Award Redemption Values. It’s amazing how quickly the industry changes, since I think the list could already use an update. This is due to program devaluations, changes in...
Square_php8mx0efpm
3/6/2012
March 3, 2012, marked the system integration of United and Continental Airlines. Many feared it would be a near meltdown given the massive scale of merging two airlines that ran on completely different systems. For the most part the transition...
Comments
Picture?type=large Kent O. commented 22 Jun 2011

Thanks for putting together this article: it is a great resource. The schmuck whom cancelled and altered your travel plans should be identified and shamed throughout the web travel community. What he did is out of line and unacceptable, but I do think that instant karma will catch up to him.

With regards to the Hilton program, I am asked almost every time for my PIN from an agent whether calling the HHonors line and the reservations usually requires it as well.

Avatar_60_hilary Hilary Stockton commented 22 Jun 2011

Kent, thanks for your comment, and update for Hilton--are you prompted for PIN for both revenue and award bookings? 

Picture?type=large Ben Schlappig commented 22 Jun 2011

Thanks for the correction, Kent. It's my understanding that's only for awards, though, right? I went ahead and updated the post to reflect that, though if it's still not right, let me know.

Picture?type=large Kent O. commented 23 Jun 2011

Ben and Hillary,

I make most of my bookings online with my HHonors account which requires entering a password or PIN to access the account. Whenever you make a change or cancel a reservation online or via phone, you then receive an email from Hilton notifying you of the action which was taken, so it makes it much easier to oversee. If someone alters a person's Hilton hotel reservation, he would be alerted very quickly.

AFAIK, the Hilton reservations agents do not distinguish between award and general reservations. They usually request your name and PIN before they will proceed further on a call. Then again, I have not made many award bookings or reservations changes via phone, so I will be more observant in regards to what info they request.

 


Leave a Comment
Comment
Facebook-logo
Get Free Email Blog Updates
Popular Articles
Square_50k_united_mileageplus_explorer_business_card_bonus
2/3/2015
  There's a 50K United MileagePlus Explorer Business Credit Card offer targeted to most United MileagePlus members. While United MileagePlus miles aren't as valuable as they were over a year ago, before the United Award Chart Devaluation that increased awards...
Square_travel_credit_cards-_whats_in_my_wallet_now
1/2/2015
  How We Earned 1 Million Miles and Points This Year prompted some readers to ask which travel credit cards I have in my wallet now, which I plan to cancel, and strategy for new cards in 2015. It's been over...
Square_50k_amex_premier_rewards_gold_bonus_offer-new
1/30/2015
  A 50,000 American Express Premier Rewards Gold Card offer is available to new AMEX card holders. Here are the details: Earn 50,000 AMEX Membership Rewards points after $1000 in eligible purchases on the Premier Rewards Gold Card within 3...
Square_100k_amex_business_platinum_bonus_offer
3/2/2015
  A 100K AMEX Business Platinum signup bonus offer just arrived in the mail, so I applied and was approved. I'd been hoping for such an offer, since in my view the 40K public offer is too low given the...
Square_up_to_50_percent_bonus_when_you_buy_american_or_us_airways_miles
1/8/2015
Get up to a 50% bonus when you buy AAdvantage Miles or Dividend Miles through January 30, 2015. Here are the links and details, along with a FAQ and other ideas for earning the miles more cheaply. Buy AAdvantage Miles...
Square_new_british_airways_avios_devaluation
1/28/2015
  Another British Airways Avios Devaluation--already. I thought it might be towards the end of this year, given the major British Airways devaluation in late 2011, but it's again time to burn Avios, at least if you're planning on British...
Square_discounted_united_partner_business_class_awards_bookable_for_all_of_2015-asiana_business_class
2/1/2015
  Discounted United Partner Business Class Awards are Bookable for All of 2015 Starting Feb. 10 if you ticket by February 28 (see United announcement) via Dan--good news if you have tons of United miles you didn't manage to redeem before...
Square_75k_and_50k_amex_business_gold_card_bonus_offers-50k
2/11/2015
  There are 75K and 50K American Express Business Gold Card signup bonus offers which you may be targeted for or be able to get. Here are the details: 75K AMEX Business Gold Card Bonus Offer Via teddy25 at Flyertalk,...
Square_75k_amex_business_gold_rewards_bonus_offer_2015
3/9/2015
  A 75K AMEX Business Gold Rewards card bonus offer is available online, although unlike some previous offers, it has a minimum spend of $10,000 during the first 3 months. Update: some have written to say they can't get the...
Square_emirates_first_class_award_booked
1/17/2015
  Well, Emirates First Class on the A380 is booked as an award with Alaska miles, thanks to Hang Up Call Again (HUCA) and luck. As I wrote in Emirates Devaluation: Retroactive No Chauffeur for Partners, No First Class Awards via...