Share Travel Plans? How to Password Protect Your Airline and Hotel Reservations

I’ve always been amazed by the lack of verification required to make or change an airline or hotel reservation, especially when booking a reward for someone else. Funny enough, I say this as someone that spends most of their time booking award ticket for others, with good intentions.

Airlines all have different approaches to “verifying” the identity of people making bookings by phone. At Continental and Delta for example, you need to verify your four digit PIN in order to make an award booking. American, on the other hand, requires the person redeeming miles to use a credit card in their name for the taxes on an award ticket. Then there are airlines like US Airways, which will simply verify the address of the member in order to make an award booking, if even that.

Certainly there’s a tradeoff between security and convenience though. On one hand I want my account protected (meaning I don’t want anyone else to have unauthorized access to the account), but at the same time I don’t want to spend five minutes verifying information every time I book something to prove who I am.

So when it comes to award redemptions among airlines, I think Delta has the best system. Each member has a four digit PIN, and in order to make a booking you need to enter your PIN in the automated system when you call, at which point you’re considered “verified.” The process is simple and does a good job of protecting your security. Continental has a similar system in theory, though you need to tell the agent your four digit PIN when making an award reservation. I’m not a fan of that system at all, mainly because I’m often in public and don’t want to say my four digit PIN out loud.

On the other end of the spectrum is Air Canada Aeroplan, one of my favorite loyalty programs. Nonetheless they have one of the silliest rules out there. Only the actual member can make a reward booking, and the way they verify that is by asking for the address and phone number of the member. However, the member can call and have someone else be authorized on the account by verifying that same information. There’s nothing preventing someone from calling in pretending to be that person in order to make a booking. It just seems like such a superficial security system to me. I far prefer the PIN based system where anyone can call in and make a booking for me, as long as they have my PIN.

Anyway, on to the topic of this post. Up until a few months ago I thought all of this was moot. Who’s really going to try to use my miles or cancel one of my reservations? Well, apparently someone.

A couple of weeks ago I was scheduled to fly to Paris on American Airlines. I had booked a discounted business class ticket and applied systemwide upgrades so that I could fly first class, so it looked to be quite a nice trip, especially since I would be earning top tier status with them upon the completion of the trip.

Everything looked fine until the afternoon before the flight, when I tried to check-in online. I logged into my AAdvantage account and went to the “My Reservations” tab and accessed my reservation. Under that same record locator a reservation pulled up for travel from Raleigh to Los Angeles in coach several weeks later. I chuckled, thinking it was an IT error. I closed my browser, opened a different browser, and pulled up my reservation again. The same reservation appeared.

As it turns out, someone decided to change my reservation just an hour earlier, I assume out of spite. After 90 minutes on the phone with an absolute savior of a service director my itinerary was fully restored, which I was thankful for. It could have very well ended up uglier, though, especially since I had some British Airways segments on my itinerary.

I would chalk it up to a fluke, though this was actually the second time this has happened to me. The first time around I assumed it was an IT glitch or maybe a human error. However, after the second time it was clear to me that there’s someone out there that’s quite malicious and desperate, which is why I looked into better ways to protect my mileage accounts.

The fact is, it was incredibly easy for him to change my itinerary. He probably called up earlier in the day, knowing I was flying from Miami to London, and pretended to be me, probably claiming to have forgotten the record locator. After confirming his name (pretending to be me) the agent likely gave him the record locator. Then he probably called back, after pulling up the reservation on American’s website, and with full confidence claimed to be me. They really don’t ask any questions at that point, assuming you have someone’s record locator and name, so he could do with my reservation whatever he wanted. And therein lies the value of password protecting your loyalty program account or a particular reservation.

But it’s not just travel bloggers that should protect their travel plans. I know members of online travel bulletin boards that posted their travel plans and had others make changes to their reservations, from minor things like a seat change to outright canceling a reservation. The same could happen if you have a disgruntled employee, ex-girlfriend/boyfriend/wife/husband, or any of a number of other different scenarios.

As a result of that I’ve done some research as to the policies of each of the major US airlines and hotel chains regarding password protecting accounts. As a starting point it’s probably worth mentioning that virtually all US airlines have no real form of security when it comes to revenue tickets. Anyway here’s a breakdown (and I don’t want to be too specific, because that could lead to further abuse):

Airline or Hotel

Award Travel Security

Recommendation

Contact

American Airlines

Medium: Credit card needs to be in member’s name, though you can always get a card in someone else’s name

Revenue tickets: Password protect by calling reservations

Award travel: Call AAdvantage customer service

Reservations & AAdvantage:
(800) 882-8880

Continental

Strong: PIN required

Revenue tickets: Password protect by calling reservations

Award travel: Use PIN

Reservations:
(800) 523-3273

Delta

Strong: PIN required

Revenue tickets: Password protect entire SkyMiles Account by calling reservations; remind agent to check SkyMiles to add pw to each new reservation

Award travel: Use PIN

Reservations:
(800) 221-1212

United

Medium: Only zip code required when making reservations for someone with same last name, though more verification if making reservation for others

Revenue tickets: Submit password request in writing to Mileage Plus; all new reservations will use this password

Award travel: see above

Mileage Plus Service Center P.O. Box 6120 Rapid City, SD  57709-6120

 

US Airways

Weak: Only asked address and possibly phone number or email address

Revenue tickets: Password protect by calling reservations

Award travel: see above

Reservations:
(800) 428-4322

Hilton

Strong: PIN required for verification

Revenue stays: No password protection, but you’ll be prompted for personal data and last 4 digits of credit card

Award travel: PIN required for verification

n/a

Hyatt

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Password protect by calling reservations

Award travel: see above

Reservations:
(888) 591-1234

Marriott/

Ritz-Carlton

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: Requires confirmation number or last four digits of credit card

Award travel: see above

n/a

Priority Club

Weak: Only basic information is asked (address, phone number, etc.)

Revenue stays: No password protection available

Award travel: No password protection available

n/a

Starwood

Strong: Security question required for verification

Revenue stays: Requires verification of security question you selected online

Award travel: see above

n/a

If you enjoyed this, please follow TravelSort on Twitter or  like us on Facebook to be alerted to new posts. 

Become a Member to find your perfect luxury or boutique hotel at up to 50% off: TravelSort Hotels


Share This:

Leave a Reply

Be the First to Comment!

avatar