Originally Posted by
WesNSpace
So if AwardWallet were to be hacked and your information was compromised and hackers cancelled any active tickets or purchased a last minute award ticket to Aruba and wiped out your account who would you be calling?
I'm not saying AwardWallet has bad security but if I was the Delta CTO I would be locking them out as well and forcing anyone who we could verify had been using them to change their password on next login. In this world where everyone wants to file a class action lawsuit for loss of personal information I wouldn't want any unauthorized third party accessing my systems.
Sorry if that makes you loyal AwardWallet users unhappy but I fly out of HSV and tickets are high enough without someone filing a class action lawsuit against Delta for not protecting their personal information.
How would this situation be different from you having your DL credentials phished or stolen by Zeus/Cridex/Spyeye? Ultimately it's up to the institution to authenticate their users before allowing them to perform actions (book or cancel tickets, transfer points, etc). If DL was concerned about the security of their data, they should be implementing a more robust authentication system, 2-factor auth just as an example. Allowing certain IPs access to an API for retrieving trip details and account balances wouldn't be that difficult if security is the concern.