adambrock

Two questions I couldn't find the answer to in this thread that I would appreciate JonNYC weighing in on:

1. What is the customer prohibited from doing when their account is frozen? Can they still travel on revenue itineraries? Will 500 mile / UDUs clear?
2. What is the recommended course of action if something like this is discovered over a weekend?

ijgordon

Clearly. Your post is all well and good, but you just can't ignore that we are talking about an airline here. And the appropriate high level supervisors are just not made available, or apparently don't work on the weekends.

But if there really is soooo much more behind the scenes here than we all know about that suggests that something like this particular scenario really won't ever happen again, then so be it. But I'll still be skeptical. Hacking in general is probably only going to become more prevalent.

RogerD408

I'm thinking what QueenofCoach is referring to is a CSR Supervisor with the ability to override that lock should be available 24/7. However, as reported in other posts, if you should happen to "discover" your account locked there is no one available to override that lock except the security dept and the AAgents can't/won't touch the account.

Just like your CC, if your bank should shut down the account you are SOL until you can reach someone during working hours. Some have 24/7 coverage, some don't.

Global321

Banning a passenger from an airline is easy to do. Any business can ban anyone they choose, for any reason. It is quite different to getting them to pay up.

(Hidden city - airline has one threat only - AA will cancel the rest of your ticket if you don't pay up (and possibly ban you). That can be worth it for some people to pay up. The jury is out how successful this is overall.)

In this case, assuming the passenger does not pull out their credit card for 10K, first step would be suing the passenger. And the airline would have the burden of proof. And this would not be small claims court. And if the passenger bought the ticket in Asia, Hong Kong would have jurisdiction.

So AA would need to sue a passenger in a foreign country, and prove it their case. If the passenger mounts an defense, there is all sorts of discovery - things the airline may not want to provide to the public. And even if they do, if they lose, how much has it cost AA? (And what if the passenger counter sues?)

Short of all that, the passenger can tell the airline to pound sand when asking for money.

Don't get me wrong, I am a law abiding, AA rule abiding citizen, I HOPE AA goes after him - and if possible - the broker - for as much as they can! And I hope they win. But I am a realist too.

ummgood

I was also a victim of identity theft 10 years ago. It was a royal pain. Just to answer some things on this thread.

1. All companies that have fraud departments request a police report when someone has something stolen that is of value. This includes phone companies, airlines, etc... In reality this is the only way to get them to do anything. They want to be able to have legal recourse.

2. Most PD's in the country won't do anything in regards to arresting or even talking to people that are guilty of stealing people's identity. While it seems big to us that are victims anything less than 10k probably won't even get a PD's attention. I know in my case there was probably a few thousand dollars involved and when I asked the PD where the crime was committed they said they were over booked and didn't even follow up with identity thefts. This is when the victim lives in another city from the perp. It makes getting a conviction difficult when you have parties involved in different parts of the country. In my case I was in Cali and the theft occurred in Florida.

3. Keep all documentation of this forever. For example the person who stole my identity opened up an account with Cingular wireless in Florida. I got a police report and their fraud department closed the account and after review sent me a letter stating that I was not accountable for any charges. 10 years later I tried to go into an AT&T store to move my cellular service from T-mobile to AT&T and they refused to give me service because I owed them $825 dollars. I went home and spoke to their fraud department and it turns out the amount was the same as Cingular had waived 10 years ago and the account number matched what I had in my records. Turns out when AT&T bought out Cingular somehow in the migration they had reopened the account and thought I still owed the money. If I didn't have the documentation I would be up a creek.

4. Like stated above in the thread please contact all credit bureaus. Make sure you have them put a fraud alert on all your accounts and also get them to send them a free credit report to you. Scan all those reports and verify that no new accounts have been opened you don't recognize. Also any credit inquiries you see that you don't recognize call those companies and ask why they ran your credit. Sometimes there is an account opening in process you can stop before it becomes a bigger problem.

5. Unfortunately there are account types that get opened without you knowing until you get collections after you. Phone companies are the worst. They will open up accounts in your name and you never know because there is no indication on your credit report or anywhere else. You only find out when they want to be paid months after the account has been unpaid. The fraudulent phone accounts opened in my name didn't start showing up until almost a year after all the credit based ones showed up. I had to do more police reports for the phone instances. This was especially difficult for me because I moved to Austin before I got the collection agencies after me and the police in Austin didn't want to do reports because the crime was committed when I lived in a small town in California. The small town didn't want to do it because I was a residence and the town in FL (Fort Lauderdale) refused as well. I finally went down to the Austin PD and told them I wasn't leaving until they gave me a police report so I could get the collection agencies off my back.

craz

If it was a 1 way tkt that was purchased once teh flight departs theers not much any airline can do as long as the passenger sticks to a friend gave me the name of a travel agent that deals in last min discounted tkts. I called them and booked a tkt thats all I know.

With a round trip tkt they can CX the return or nab them when they check-in as they usually do. But as long as they had a tkt that was issued and accepted by the airline, I would assume all the carrier can do is go after the broker or agent

If the person said something like yea I heard the tkt was not so legal or admitting somehow that they knew its origins then Id say they may be able to hold them liable for paying for it

Global321

Agreed. I believe OP was able to ascertain that it was indeed a one way ticket. If it was a return, I would think AA would just cancel it.

QueenOfCoach

It's just a matter of following the paper trail and seeing where that trail ends up.

Someone, somewhere used stolen FFMs to pay for a plane ticket. Someone, somewhere hacked into the account and stole the miles. They either

(1) used the miles to get a ticket for themselves or give it to someone they knew

or

(2) used the miles to get a ticket for someone else, accepting money for that ticket, possibly going through a ticket broker middle-man.

AA knows the identity of the passenger. It's a simple matter to send a message to the passenger saying "How did you pay for your ticket? Did you use an on line travel agent, ticket broker or what? What is the name, website, phone number (etc) of that on line agent or broker?"

The honest passenger will say "Sure, I bought the ticket from Bogus Travel, at bogus.com. You can check my credit card or PayPal acct for a charge to Bogus Travel for the ticket." And, sure enough, credit card bills show a charge to Bogus Travel. The passenger will be willing, as was the honest account holder, to sign legal documents attesting to these facts under penalty of perjury.

Now, it's time to go after Bogus Travel. "You acquired a ticket for Mr Smith, and paid for it with frequent flyer miles from an account holder who has filed legal documents stating that they do not know you. How did you obtain those miles?"


The dishonest passenger/hacker will either not respond or will go with "A friend of a friend, whose name I cannot remember, sold me the ticket for a good price, but would only take cash."

Granted, it could be difficult to pursue the dishonest passenger/ broker especially if they are offshore. But, SOMEONE stole miles and SOMEONE defrauded the airline out of a premium ticket. It's up to the business (airline in this case) to evaluate cost/benefit/risk of going after the thief, just as your local grocery store has a standard cost/benefit/risk analysis of prosecuting shoplifters.

As I do not work for any airline, I cannot in any way guess at their cost/benefit/risk analysis floor or ceiling. It's out there, somewhere, as evidenced by the cases of Vroom, Hayes, etc. It is non-zero, as evidenced by the zillions of people who get away with Hidden City or Buy Round, Fly On-Way a few times.

anabolism

As I mentioned, there are options to synchronize multiple devices without using the cloud (although Dropbox, which is the cloud, is easiest to use). iTunes sync, Wi-Fi sync, Unison, rsynch, etc.

Good thing you did an appropriate exam and didn't take the officer's word for it.

Good to hear that this case was quite unusual (and therefore that there aren't many flyers who will find themselves in the same situation).

I'm curious about two things, so if you could answer I'd appreciate it:

(1): Was it something to do with the unusual nature of this case that caused Gardyloo to br treated as a suspect at first, and not someone to be helped? Or is that just an aspect of the corporate security world?

(2): Was the fact that it was a broker who accessed Gardyloo's account part of what made this case so unusual? I could easily see how someone who seems, from corporate security's view, to have issued an award ticket for a broker's customer would be immediately treated as complicit rather than a victim. Or maybe it is now unfortunately common to have brokers hack into people's accounts.

I don't think anyone disagrees with this. What I think people object to is (1) the inability to report a problem to corporate security or have fraud-limiting account restrictions placed on one's account on nights or weekends; and (2) the fact that Gardyloo was treated as a suspect and not a victim (which is mostly a matter of how things are said, rather than what actions are taken).

Perhaps I am overly cynical or jaded, but I doubt that many passengers, honest or not, would respond to such a message. I suspect most people would just ignore it. Maybe if AA called them and spoke to them, the honest ones at least might explain how they got the ticket. I don't know.

kmersh

Likewise I am glad to hear that this particular case is rare/unusual and I echo the question about this particular case being rare/unusual which brought about the harsher than I would have expected response (at least initially) from AA Corporate Security.

I am also glad to hear that AA Corporate Security Help Many Many Many People with Account Issues, it is good to know that they are not just an investigative group but also an assistance group.

My other question is more about prevention (I AM NOT SAYING THAT ANYTHING SHOULD OR COULD HAVE BEEN DONE DIFFERENTLY), if a rare/unusual situation were to arise visa vie AA and miles being stolen would there be a best practice with regards to reporting the incident to try and mitigate the Super Trooper We Got A Hot One Here Attitude?

The answer might be NO and I am completely cool with that, I just wondered as my gut would have been just to call like the person here.

Thanks

JDiver

In my experience and knowledge, the AA Corporate Security - AAdvantage Fraud people are quintessential professionals, but as people enforcing the law or regulations they may well tend to get blasé because they have seen it all, heard it all, and maybe have even been taken in by one or more smooth-talking cons initially.

The best practice is to be forthcoming - honest, specific and thorough, and not take umbrage at or be surprised at questions they might ask.

IMO, to say much more might give ideas to the wrong people about how to develop a more effective"schpiel" when they're dealing with them. Like this very moment, we have fifteen signed in members reading this forum - and 55 who are not.

kmersh

I more than understand that, didn't even realize that the website tracks signed in vs. not signed in. I did not mean my question as a means to trick the system, more of a way to mitigate potential issues if fraud were to occur, but I realize it is probably best to just deal with it head on.

JDiver

No worries; I didn't doubt your motives.

lov2fly

Gardyloo - glad to hear that your issue has been resolved.
Thanks for sharing the story here - it's been a great read.

Hopefully, nobody else will experience the same issues that you had to work thru.

JDiver

Interesting article here about how much can be extracted from your boarding pass. I'll leave it to your imagination how all that can be used against you.

Destroy those; don't leave them behind in a seat pocket.