Have you checked your frequent flyer miles lately?

David Pollino
Posted by David Pollino

Loyalty points and frequent flyer miles might not seem like obvious targets for cybercriminals, but think again.

Rear view of an airplane coming in for a landing at sunset.Miles and points are currency, as they can be used for many real-world transactions such as flights, shopping, gift cards and even cash. Connexion Loyalty estimates that the loyalty points accrued in the U.S. have a combined value of $48 billion.

Part of the problem is that many loyalty program sites don’t have the same levels of built-in security that protect bank accounts or other online accounts. But account-holders sometimes don’t help themselves, because they use weak passwords and PINs which can be quickly and easily cracked by professional hackers.

As if that weren’t enough, there’s the ever-present danger of email phishing. This not only puts your points at risk, but also any personal information you have stored in your loyalty accounts, such as credit card and trusted traveler numbers. The modus operandi is usually simple: you get a bogus email claiming to be from an airline, hotel, or travel agent asking you to verify your account information, perhaps to claim a prize. You fall for it, enter your credentials, and the thief gets access to your points and your personal information.

If you’d rather hang on to your points, here are a few tips to help you.

  1. Vigilance is critical: Monitor your loyalty accounts, and the data associated with them, as carefully as you manage access to your bank accounts. Check your balances regularly and report any suspicious transactions.
  2. Choose strong and unique passwords and change them regularly: Password managers such as LastPass can help with this.
  3. If the website offers two-factor authentication, sign up: It adds steps to the login process but offers greater security. There are different types; for example, you may be asked to create security questions you must answer in order to access your account.
  4. Take care with communications: If you are contacted by email or SMS and asked to validate an account or reset a password, be suspicious.

Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.