EMV Leading Fraudsters to Frequent Flyers?

by Raymond Pucci 0

May the flyer beware! Airlines and their customers are seeing an increase in hacked frequent flyer accounts. Security experts are predicting more to come, and one likely cause is the EMV transition that makes in-store payment card fraud more difficult. The following explains how fraudsters are moving in on this new opportunity.

You track your bank account regularly and make sure there are no unauthorized charges on your credit cards. But when did you last check your frequent-flier accounts? Thieves are stealing miles and points and turning them into cash. Criminals gain access to your account and either sell or barter your miles and points online or redeem them for tickets, merchandise or gift cards. United changed its login procedures in August after some thefts around the industry.

Perhaps most important, lots of people don’t check their accounts very often, giving thieves a head start before anyone notices unauthorized withdrawals. Most airlines no longer mail out monthly account statements. They send electronic updates that are often ignored. Thieves stole miles from thousands of accounts last year, including those belonging to United and American customers, after obtaining passwords from a chat-room site and using the same passwords to get into mileage accounts.

Miami computer programmer Milad Avazdavani was charged earlier this year with siphoning miles from at least six American accounts to steal $260,000 worth of airline tickets and fancy car rentals.

Some security experts expect a rise in mileage theft now that embedded chips have made credit card fraud harder. “It’s always going to be a cat-and-mouse game,” says Arlan McMillan, United’s chief information security officer.

So the airlines are getting some religion when it comes to frequent flyer account security. Just as EMV has spiked card-not-present fraud for online merchants, fraudsters identity other vulnerabilities very quickly. This hacking is not just for the miles, either, as frequent flyer accounts are data rich in personal and credit card information. Airlines will beef up log-in and password protections, but flyers will have to be more vigilant by monitoring all of their online accounts. Even though airline loyalty programs have been significantly diluted, the miles are still valuable currency, and make even the worst aspects of air travel slightly more bearable.

Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group

Read the full story here