Originally Posted by
DaviddesJ
I'm curious what people think UA and other airlines should do about this, going forward. The ability to change and cancel reservations with the record locator and passenger name is a pretty central assumption of all reservation systems I've used. I often make use of it for friends and family. It seems a bit hard for me to imagine that UA and other airlines are going to completely revoke that assumption, any time soon. So what would you do?
A simple partial fix could be, for award travel with partner airlines only, to send an email confirmation of the cancellation but wait 24 hours before actually releasing the partner inventory? That seems within the scope of what they could implement. Is it enough?
It's really not that complicated. Require online cancellations of award tickets (and, at passenger's request, other reservations) to be from a logged-in account. And add a feature allowing passengers to password-protect their reservations so that any changes made by phone require the password.
I mean, think about it. Is there
any other product worth thousands of dollars that are just as cavalierly protected by the companies that offer them? If you buy a $1,000 piece of jewelry online, does the seller send it via first class mail, or via a more secure method? UA is guilty of negligence for using the equivalent of first class mail to deliver (and store) our tickets.
Yes, there are probably ways for bad guys to get around the basic protections I suggest. But it's better than leaving it as is.