Kacee

You need to get out more

These fake cancels were very very common an UA and AP issued CA award tickets for a while. It got so bad that AP stopped ticketing CA awards for a while. It was suspected (but never proven) that there were CA employees involved selling ticket info.

And yes, the fraud works because the carrier releases the seat back into the award pool, where it can be snatched up and sold by a broker.

And btw, UA was pretty good about helping people get where they needed to go. It obviously helps that they have quite a bit of lift to/from Asia on their own metal. That's one of the downsides of ticketing an international award through AS, as it has no ability to fly you home on its own metal.

Colin

Nazdoom

In the UA & Air China case, it would be: be someone with access to passenger lists at a local airport (e.g. ground staff), the local airport get that info a few days before departure as usual, have a buyer come looking for cheap X flight in business or first class, you use the PNR/name from pax list to cancel someone else who had used award space (e.g. J class) to book a seat on that flight, use stolen miles to book that award space once it is re-released (depending on carrier, may be instant), then the risk of the illicit reservation being noticed/cancelled rests on the buyer who will be flying (who probably doesn't know it's booked on stolen miles/account) and not the anonymous broker. The need to cancel someone else's reservation first is due to the need to make the booking as last minute as possible to deter detection of the stolen miles, and because seats last minute on a specific TPAC flight can be hard to find otherwise. It sounds like basically a way to liquidate stolen air miles / accounts into cash without the risk of being the person flying. By mixing currencies (canceling UA tickets and booking using CA's program) they also try to fly under the radar.

VegasGambler

This is completely AS' fault though. It would be easy to require some piece of information that the partner airline does not have in order to cancel.

rustykettel

According to some of the posts in the UA thread, TravelSky has extremely poor security where certain travel agents can obtain passenger names & PNRs without going through an CA employee. UA blocked the ability to cancel award tickets without being logged in which is how that happened. If AS allows award tickets to be modified or cancelled without logging in, then that's what they need to fix, particularly for HU bookings.

Establish a PIN/security phrase for voice calls and require award ticket modification to be only made from a logged in account.

Nazdoom

100% agree. Unfortunately AS doesn't want to bother investigating to figure it out. Instead, I'm seemingly on the hook, and AS doesn't have any escalation channel above the supervisor who told me I need to find a lawyer to figure out which jurisdiction to file a police report and then file it so the authorities (in China or Taiwan or Canada?) can investigate the points black market themselves. Total runaround.

I'm hoping reaching out via email to the corporate contacts posted above might get the ear of someone who might actually care to look into it. This is something you would think AS would have an interest in addressing to prevent future incidents. Implementing better controls is entirely in their ability, as is getting me a confirmed ticket home -- just as I had booked (I'm supposed to leave in 4 days).

halamadrid

Is it possible that in logging in to your AS account at some point in Asia your account was compromised and that's how someone managed to log in and cancel the reservation? Not saying this is what happened or trying to blame OP, but since the cancellation was done online, this is one possibility that comes to mind.

Nazdoom

I didn't log into the account in Asia before I noticed the cancellation. I was in Asia less than a week and hadn't logged in for more than a full week.

It's worth noting that my AS booked CX F and JL F reservations also on the same account were not compromised. Those are for the middle of 2019 whereas the HU was cancelled same day as the first flight's short-haul departure (around a week before the long haul which is the only flight whose space was taken when I was rebooked 8 hours later). I find that aspect inconsistent with the notion my account were to be compromised.

rustykettel

I think someone at AS does care about award ticket fraud, given their response to Asia bookings last year. The problem is getting to that person.

As for police report, file it with the FBI Internet Crime Complaint Center: https://www.ic3.gov/default.aspx

They handle internet facilitated crimes, which is what this appears to be: an unknown person without authorization cancelled your airline ticket online

ETA: did you ever receive a cancellation confirmation email from AS?

Kacee

I don't. I'm not aware of any reports of cancel/sell fraud with CX tickets, likely because you can't count on the seats being dropped back into award inventory.

That said, this fraud really only works in scale if they have an inside source. Randomly hacking FF accounts of travelers in Asia seems much less likely.

VegasGambler

IMO this is completely ridiculous. They are trying to pass the responsibility on to you, saying that your information was compromised.

You need to change the narrative. Their site was accessed by an unauthorized person causing the flight to be cancelled. This is their responsibility. If they want to file a police report for the unauthorized access to their web site, that's up to them. That doesn't remove their obligation to make you whole. It's their responsibility to secure their website; they have chosen not to.

Maybe their advice that you get a lawyer is good.

dayone

Although the known information suggests that fraud is likely, I don't share the certainty that others have posted. The opacity of returning canceled HU award inventory and the one-off nature of this incident make it a head scratcher.

VegasGambler

This is Hainan, isn't it?

dayone

Oops, you're right. Fixed. I had CX on the brain.

CDKing

This likely isn't the first time nor the last. There is a a reason AS added the 3 day block for booking intra-asia. I bet AS adds inability cancel within 3 days as well or based on history re-introduces block on to international itins.