S7 BAEC redemptions no longer available online.
Jul 12, 2016, 10:46 am
#1
Original Poster
Join Date: Oct 2012
Location: LCA/KUL/RGN
Programs: RJ Gold, AZ E+, Air Asia Platinum
Posts: 2,189
S7 BAEC redemptions no longer available online.
Tried to book a reward flight on BA.COM for DME-LED and got the following message:
I then tried to call BA and was told that this is due to "high fraudulent avios usage" and that from now on all S7 awards have to be issued via the call centre. There is a thread on the Russian analog of FT (forum.awd.ru),where people report simmilar experiences too.
Ridiculuos.
British Airways and its partners do not fly this route. Please consider alternative destinations or call your Executive Club Service Centre.
Ridiculuos.
Jul 12, 2016, 11:00 am
#2
Join Date: Dec 2004
Programs: BA GGL, A3*G, Mucci de l'expertise des Apps
Posts: 3,366
Great to hear that BA are doing something about this. Every single time you see someone reporting that their avios account has been compromised and all their avios have been spent, it's always on Russian flights, so it seems sensible to cut this avenue off as they can't ensure people protect their account better.
Jul 12, 2016, 11:20 am
#3
Join Date: Nov 2014
Posts: 935
Great to hear that BA are doing something about this. Every single time you see someone reporting that their avios account has been compromised and all their avios have been spent, it's always on Russian flights, so it seems sensible to cut this avenue off as they can't ensure people protect their account better.
I have previously tried to change my password on BA to one that is 45 characters in length but it would appear that BA have some limit on the length and not just the minimum 6 characters that they state.
Last edited by strichener; Jul 12, 2016 at 11:23 am Reason: Password info
Jul 12, 2016, 11:31 am
#5
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 63,809
Edit: BA don't unfortunately allow symbols/non alphabetic/numeric characters, but they do allow uppercase/lowercase.
Last edited by corporate-wage-slave; Jul 12, 2016 at 11:57 am
Jul 12, 2016, 11:49 am
#6
Original Poster
Join Date: Oct 2012
Location: LCA/KUL/RGN
Programs: RJ Gold, AZ E+, Air Asia Platinum
Posts: 2,189
Great to hear that BA are doing something about this. Every single time you see someone reporting that their avios account has been compromised and all their avios have been spent, it's always on Russian flights, so it seems sensible to cut this avenue off as they can't ensure people protect their account better.
Jul 12, 2016, 1:21 pm
#7
Join Date: Nov 2014
Posts: 935
From what I've understood, the main cause is people using the same password on BA.com as in some other application, be it LinkedIn, an email account, Amazon or some other travel application. The latter is particularly easy if people leave their PNRs and/or BAEC numbers lying around. It's not really brute force any more, and there are now various blockers on that. I very much doubt people who have a dedicated password for BA, changed regularly, involving at least 12 characters (ideally more), upper and lower case, numbers and symbols, are the issue here.
Edit: BA don't unfortunately allow symbols/non alphabetic/numeric characters, but they do allow uppercase/lowercase.
Edit: BA don't unfortunately allow symbols/non alphabetic/numeric characters, but they do allow uppercase/lowercase.
1. Allow extended characters in passwords.
2. Force passwords to be changed on a regular basis.
3. Increase the minimum and maximum length of passwords.
4. Use two factor authentication.
5. Periodically send a access code during the login process.
Just off the top of my head.
Jul 12, 2016, 3:20 pm
#8
Join Date: Feb 2005
Location: Moscow / Aylesbury / Leeds
Programs: BA-GGL, SU-G Agean, G,, Hhonours D, Starwood G, IHG G,
Posts: 1,531
Tried to book a reward flight on BA.COM for DME-LED and got the following message:
I then tried to call BA and was told that this is due to "high fraudulent avios usage" and that from now on all S7 awards have to be issued via the call centre. There is a thread on the Russian analog of FT (forum.awd.ru),where people report simmilar experiences too.
Ridiculuos.
I then tried to call BA and was told that this is due to "high fraudulent avios usage" and that from now on all S7 awards have to be issued via the call centre. There is a thread on the Russian analog of FT (forum.awd.ru),where people report simmilar experiences too.
Ridiculuos.
I use DME to various Russian cities redemptions and apprieciate the extra validation I go through to spend on these routes. The availability is the same but they do a Q&A validation that you are really you to protect you and your account.
I guess you would prefer that BA did nothing and then suspended your account for potential fraud instead of validating you are you..
Oh well each to their own.
Jul 12, 2016, 3:30 pm
#10
Original Poster
Join Date: Oct 2012
Location: LCA/KUL/RGN
Programs: RJ Gold, AZ E+, Air Asia Platinum
Posts: 2,189
Jul 12, 2016, 3:41 pm
#11
Join Date: Dec 2014
Programs: British Airways Executive Club Gold
Posts: 1,073
WOW!
Looks like its not just CX its now S7 as well!
CX and BA previously jointly blocked close in redemption between HKG and China and Taiwan, because of improper use of the system...
Here is the thread that focuses on this matter:
https://www.flyertalk.com/forum/brit...departure.html
Looks like its not just CX its now S7 as well!
CX and BA previously jointly blocked close in redemption between HKG and China and Taiwan, because of improper use of the system...
Here is the thread that focuses on this matter:
https://www.flyertalk.com/forum/brit...departure.html
Jul 12, 2016, 4:33 pm
#14
Join Date: Nov 2011
Location: Netherlands
Programs: BA Gold; Flying Blue Platinum, Hilton Diamond
Posts: 481
The point being made was that BA cannot ensure that people protect their accounts. Some things that could be done:
1. Allow extended characters in passwords.
2. Force passwords to be changed on a regular basis.
3. Increase the minimum and maximum length of passwords.
4. Use two factor authentication.
5. Periodically send a access code during the login process.
Just off the top of my head.
1. Allow extended characters in passwords.
2. Force passwords to be changed on a regular basis.
3. Increase the minimum and maximum length of passwords.
4. Use two factor authentication.
5. Periodically send a access code during the login process.
Just off the top of my head.
Jul 12, 2016, 4:42 pm
#15
Join Date: Aug 2013
Posts: 8,770
Whilst I don't disagree that more can be done regarding password security, things like 2 factor authentication effects 100% of BAEC users, whilst S7 redemptions are less than 1% of 1% of all tickets sold on BA.com. Whilst frustrating for you, it has minimum impact and on the majority of BAEC users - whilst still allowing S7 tickets to be purchased via the call centre.
The fact is OTT security for everyday functionality drives people nuts. If making people book S7 redemptions over the phone helps solve a specific issue, I'm all for it.