Air India Flying Returns miles stolen (inside job suspected!)

by Ajay Leave A Comment

That Air India’s FFP was prone to hacking is well known, given they don’t even store the data on their own servers but a third party company. They’ve made very public noises in the past that mileage accounts were frequently used by Travel Agents to amass miles which rightfully belonged to members who travel on those tickets, and then these miles were used to sell tickets to other unsuspecting customers. This was the reason that they instituted a paper trail to be attached to all the accounts, a process which is ongoing.

However, it seems in connivance with some insiders, a group of travel agents and hackers still managed to amass enough miles from unsuspecting travellers to get tickets worth INR 1.6 million in to the market to other unsuspecting travellers. This just about sounds similar to the hack on British Airways’ accounts done by a Delhi-based hacker last year costing the airline tonnes of money.

The Modus Operandi

As per a First Information Report filed with the Delhi Police Cyber Cell yesterday, the Vigilance department of Air India suspects that 20 bogus accounts were created without the knowledge of the real travellers. After all, how hard is it to sign up for a Gmail account. Then miles belonging to the real travellers were put in these accounts, hence real passengers never got their miles. After this, the gang managed to make about 170 redemptions worth INR 16 lakh using those miles.

Why an inside job? Well, Air India requires you to provide paper proof of your existence. I’ve had to send them a copy of my Passport to be able to redeem my miles. In this case, it seems someone used a Driving License, that too digitally morphed perhaps, to get these accounts activated for redemption. As per various reports, all the 20 scans of the DL had the same signature. The best part is, Driving Licenses are not even a valid proof for Air India to accept for address verification. Also, it seems the person who ok’d the verification of these accounts is not authorised to do so per Air India.

Of course, Air India has deactivated these accounts, but it remains to be seen if they make good to the original passengers.

Bottomline

Do your KYC, please! Use AwardWallet to keep an eye on your miles.

But for Air India, please, stop using patchwork on your frequent flyer program. I think it is time they invested in strong backend architecture, or just privatized the frequent flyer program and make some money out of their 2 million FFP members.

Are your miles safe on Air India Flying Returns?

About Ajay

Ajay Awtaney is the Founder and Editor of Live From A Lounge (LFAL), a pioneering digital platform renowned for publishing news and views about aviation, hotels, passenger experience, loyalty programs, travel trends and frequent travel tips for the Global Indian. He is considered the Indian authority on business travel, luxury travel, frequent flyer miles, loyalty credit cards and travel for Indians around the globe. Ajay is a frequent contributor and commentator on the media as well, including ET Now, BBC, CNBC TV18, NDTV, Conde Nast Traveller and many other outlets.

More articles by Ajay »

Leave a Reply

Your email address will not be published. Required fields are marked *