Feel offended by A3 [account placed in audit]

Old Nov 24, 18, 6:46 am
  #1  
Original Poster
 
Join Date: Apr 2015
Programs: BA G/HH D
Posts: 6
Angry Feel offended by A3 [account placed in audit]

I just purchased A3 award miles during its Black Friday promotion. But I received an email shown as below. I do understand A3 wants to control it but i still believe there will be a better way to do this kind of verification. Feel very offended and weird. Any way to shoot it back?
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Dear member,

As a member of the Miles + Bonus Program , we seek your understanding on the following matter. Account reviews are periodically performed for the protection of the Program and all its members. You are a valued customer and we want to keep you informed while we perform some random and/or routine internal control practices.

Your flights will continue to accrue on your account although issuance of awards has been temporarily suspended pending completion of the review. Aegean Airlines’ primary goal is to protect our members and the mutual benefits of the program. We seek to maintain a positive relationship with our members and provide rationale for our actions as we validate program integrity, rules, and procedures.

Could you please provide us the below specifications in order to verify your account:
- Selfie photo of yours holding your national ID.
- Photo of your national ID.
- Photo of any utility bill which validate the shipping address in your M+B card.
- Photo of credit card used to purchase the miles.
It is our hope that this communication is clear on our intent. It is not to jeopardize customer rapport but rather to maintain a viable program. Dear member, your cooperation is very much appreciated and we apologize for any inconvenience or potential concern that this standard review may cause. Please reply via email at[email protected]
tzhang5 is offline  
Old Nov 25, 18, 8:21 pm
  #2  
 
Join Date: Jun 2010
Location: SFO
Programs: A3*G, AA-Exec, DL, UA*S, AS
Posts: 172
I received the same message a couple of years back, but the reason was not the same as yours. While the reason for my audit was quite lame (see thread), they resolved it almost immediately after contacting them. I would advise that you just send the requested documentation over as requested, and it should be cleared up very fast.
swgsword is offline  
Old Nov 26, 18, 2:03 am
  #3  
Original Poster
 
Join Date: Apr 2015
Programs: BA G/HH D
Posts: 6
tks. I just replied with all the required docs and the account got cleared immediately. just feel bad
tzhang5 is offline  
Old Nov 26, 18, 2:10 am
  #4  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 88,289
Glad to hear that they are at least very timely in handling the matter nowadays.

I have to wonder how in or out of legal compliance A3 is with regard to GDPR when it demands and handles such information as it demands to unlock accounts which it has flagged as being suspicious accounts and/or as being accounts with suspicious transactions.
GUWonder is online now  
Old Nov 26, 18, 2:42 am
  #5  
 
Join Date: Oct 2012
Location: PAS, Paros Greece
Programs: A3 *G
Posts: 1,033
This is similar to the requests people have posted about before, where their account was audited - usually because of excessive/suspicious use of Together accounts. What worries me is that the information asked for here is different,much more invasive and a security concern.

1) Selfie. Why? I suppose it proves that you are the person in the ID, but that hardly helps. Collecting points in a false name is unlikely. If this is an existing account and you have credited 'real' points then you MUST be anyway, or you would never have boarded an aircraft.
2) Photo of ID. Fair enough - this is what they were asking for in those previous cases.
3) Utility Bill. Could be a problem for many people. I live in rural Greece and my house doesn't even have an address. I receive one domestic bill just via the Post Office with my name, the name of the Island and the postcode. the other two are done electronically. I think many/most people in the most developed countries these days deal with ALL domestic bills electronically, don't they? And we all know how easy it is to Photoshop a screenshot. Before this I lived with friends in a shared flat and, even had it had an address, I had no bills in my name.
4) HUGE security concern - that image could stick around for ages or be intercepted. Sending a photograph of a credit card via standard email has to be about the most absurd thing one could be requested to do by a reputable company. About the only saving grace is that the CVC number is only on the back and is thus not visible.

This does seem FAR more invasive than previous incidents. I'd be very unhappy if this were me. I know they have a right to suspend or cancel any account at any time, for any reason, but I think this is a step too far unless they are VERY suspicious. Why would spending lots of money on purchased miles be suspicious anyway? About the only possible breach of rules I can see is that somebody could be trying to breach the 50,000 mile per year maximum for purchased miles by opening fake accounts and adding them to a Together account. I assume the OP could confirm if this was a new account or if any actual miles had been accrued. The simple answer for Aegean would be to only allow the purchase of miles for accounts that have 'real' points already credited.
Arrivals and tzhang5 like this.

Last edited by Knobbgb; Nov 26, 18 at 3:05 am
Knobbgb is offline  
Old Nov 26, 18, 3:29 am
  #6  
 
Join Date: Mar 2018
Location: ARN, ATH
Programs: A3*G, SK*G
Posts: 233
Originally Posted by Knobbgb View Post
This is similar to the requests people have posted about before, where their account was audited - usually because of excessive/suspicious use of Together accounts. What worries me is that the information asked for here is different,much more invasive and a security concern.
+1

Originally Posted by Knobbgb View Post
1) Selfie. Why? I suppose it proves that you are the person in the ID, but that hardly helps. Collecting points in a false name is unlikely. If this is an existing account and you have credited 'real' points then you MUST be anyway, or you would never have boarded an aircraft.
I haven't changed my national ID card since like 15 years ago, and I hardly any longer look very much like the guy in the photo I don't even need to do this since for any transactions within Sweden my driver's licence does fine, while abroad I use my passport.

Originally Posted by Knobbgb View Post
3) Utility Bill. Could be a problem for many people. I live in rural Greece and my house doesn't even have an address. I receive one domestic bill just via the Post Office with my name, the name of the Island and the postcode. the other two are done electronically. I think many/most people in the most developed countries these days deal with ALL domestic bills electronically, don't they? And we all know how easy it is to Photoshop a screenshot. Before this I lived with friends in a shared flat and, even had it had an address, I had no bills in my name.
In Sweden one pays an environmental fee of 30-40 kronor (~3.5 EUR) for getting one's bills in paper so all my bills come via e-mail. And one doesn't even need photoshop to change these documents, even Abode Reader Pro can do this. Notwithstanding that one may live with partners, siblings, flatmates etc with the bills in their name...

Originally Posted by Knobbgb View Post
4) HUGE security concern - that image could stick around for ages or be intercepted. Sending a photograph of a credit card via standard email has to be about the most absurd thing one could be requested to do by a reputable company. About the only saving grace is that the CVC number is only on the back and is thus not visible.
Couldn't agree more. I have never encountered this request before with any company whatsoever. Even when I lived in the US where various companies (telecoms, utilities, banks, etc) ask you for crazy stuff (visa photos, marriage certificate, etc) nobody ever asked me to send them a photo of my credit card. The first thing that would cross my mind if I saw this in an email would be that it's a scam...
tzhang5 likes this.

Last edited by East_and_West; Nov 26, 18 at 3:44 am
East_and_West is offline  
Old Nov 26, 18, 4:04 am
  #7  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 88,289
Originally Posted by East_and_West View Post
+1


I haven't changed my national ID card since like 15 years ago, and I hardly any longer look very much like the guy in the photo I don't even need to do this since for any transactions within Sweden my driver's licence does fine, while abroad I use my passport.



In Sweden one pays an environmental fee of 30-40 kronor (~3.5 EUR) for getting one's bills in paper so all my bills come via e-mail. And one doesn't even need photoshop to change these documents, even Abode Reader Pro can do this. Notwithstanding that one may live with partners, siblings, flatmates etc with the bills in their name...



Couldn't agree more. I have never encountered this request before with any company whatsoever. Even when I lived in the US where various companies (telecoms, utilities, banks, etc) ask you for crazy stuff (visa photos, marriage certificate, etc) nobody ever asked me to send them a photo of my credit card. The first thing that would cross my mind if I saw this in an email would be that it's a scam...
An interception of such info in its entirety could make fraudulent bank card transactions much much easier for the information thief, and it could also easily facilitate the creation of new accounts that can create a massive identity theft problem for the individual flagged by Aegean and asked to give over all such info.
GUWonder is online now  
Old Nov 26, 18, 5:39 am
  #8  
TPJ
 
Join Date: Jun 2008
Programs: TK*G (E+), AA OWE (EXP), IHG Plat
Posts: 6,392
Originally Posted by GUWonder View Post


I have to wonder how in or out of legal compliance A3 is with regard to GDPR when it demands and handles such information as it demands to unlock accounts which it has flagged as being suspicious accounts and/or as being accounts with suspicious transactions.
Not only GDPR - IMHO point 4 also breaks PCI (Payment Card Industry) regulations. If you forward their message to your CC issuing organization (like Visa or AMEX - CVC code is on the face of AX card) A3 may be in deep troubles.
TPJ is offline  
Old Nov 26, 18, 9:57 am
  #9  
 
Join Date: Jun 2010
Location: SFO
Programs: A3*G, AA-Exec, DL, UA*S, AS
Posts: 172
Originally Posted by tzhang5 View Post
- Photo of credit card used to purchase the miles.
Oh wow I completely misread this. Agree this is an overstep. I read it as a statement of the credit card for some reason, which I believe is more reasonable as it can be used to match the person to the last four digits (usually on the statement), but usually isn't enough for someone to try to use the card.
swgsword is offline  
Old Nov 26, 18, 12:12 pm
  #10  
 
Join Date: Nov 2017
Location: BRU
Programs: A3*G, FB Platinum, HH Diamond, IHG Spire Amb
Posts: 241
Wow,this is indeed invasive. Maybe they have had some problems with new accounts buying miles with hacked credit cards.
unusualtravelblog is offline  
Old Nov 26, 18, 1:50 pm
  #11  
A FlyerTalk Posting Legend
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 42,960
The process is nonetheless risky. At a minimum anything submitted ought to be done through a secure webform with the documents as attachments.

While the submissions requested turn out to be a bit less intrusive and risky, any document which links an individual to a number is a risk and one more piece of the puzzle which an identity thief can use to steal yours.
Often1 is offline  
Old Nov 28, 18, 6:15 am
  #12  
 
Join Date: Apr 2016
Location: Argentina
Programs: AR, AA, IB, EY, UA
Posts: 41
I agree that this is ridiculous.
Bought miles during Black Friday and made a redemption.
Next day got an email requesting:
- Selfie photo of yours holding your national ID
- Photo of your national ID
- Photo of any utility bill
- Photo of credit card used to purchase the miles

They threatened me to cancel my award booking if I didn't send all the requested documents... so that left me no choice but to do it.
tzhang5 likes this.
SPiKA85 is offline  
Old Apr 17, 19, 11:01 am
  #13  
 
Join Date: Sep 2017
Posts: 11
Fraud Prevention Contact number

Does anyone have a phone number for Aegean fraud prevention center? I have a flight that departs Friday from Singapore and didn't realize until I tried to check in that my account was being audited. It's a bit complicated because I transferred miles from my child's and spouse's account recently.
prpilot17 is offline  
Old Apr 17, 19, 11:17 am
  #14  
 
Join Date: Jun 2006
Posts: 4,732
Originally Posted by prpilot17 View Post
Does anyone have a phone number for Aegean fraud prevention center? I have a flight that departs Friday from Singapore and didn't realize until I tried to check in that my account was being audited. It's a bit complicated because I transferred miles from my child's and spouse's account recently.
Best to go through switchboard 0900-1700 Greek time. +30 210 62 61 700. Although not sure they always take calls.
DELLAS is offline  
Old Apr 17, 19, 12:03 pm
  #15  
 
Join Date: Sep 2017
Posts: 11
thanks! I'll give that a try in the morning
prpilot17 is offline  

Thread Tools
Search this Thread