Does data privacy equal no common sense?

Old Aug 18, 22, 6:10 am
  #16  
Original Poster
 
Join Date: Apr 2007
Location: Anywhere
Posts: 5,670
This is where SQ is miles ahead of BA. Its system immediately recognizes the phone number from which you're calling against your Krisflyer profile, and prompts you to key in your 6-digit Krisflyer PIN. No more spending close to a minute authenticating yourself once an agent picks up.
choosethedrew likes this.
carrotjuice is offline  
Old Aug 18, 22, 6:14 am
  #17  
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
 
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 55,980
Originally Posted by carrotjuice View Post
This is where SQ is miles ahead of BA. Its system immediately recognizes the phone number from which you're calling against your Krisflyer profile, and prompts you to key in your 6-digit Krisflyer PIN. No more spending close to a minute authenticating yourself once an agent picks up.
I would be surprised if that approach survives more than another year or two. Given that incoming telephone numbers can be easily manipulated, this isn't a secure system in a world of keyboard logging.
corporate-wage-slave is offline  
Old Aug 18, 22, 6:21 am
  #18  
FlyerTalk Evangelist
 
Join Date: Mar 2014
Location: Ville des LumiŤres
Programs: UA 1K, DL PM
Posts: 10,473
Originally Posted by carrotjuice View Post
But surely, if someone audits the call, the agent could ďlinkĒ the current conversation to a previous one, furthermore it wouldíve been obvious from the conversation itself that itís a continuation of a conversation between the same people within a short space of time.
I take it you have never worked in a call center.
TomMM is online now  
Old Aug 18, 22, 6:28 am
  #19  
Original Poster
 
Join Date: Apr 2007
Location: Anywhere
Posts: 5,670
Originally Posted by TomMM View Post
I take it you have never worked in a call center.
No. But I design systems, so know this can be done - if someone cared to think about the customer experience.
Captain Schmidt and lhrsfo like this.
carrotjuice is offline  
Old Aug 18, 22, 6:30 am
  #20  
Senior Mod and Moderator: Aegean Miles&Bonus and British Airways
 
Join Date: Jan 2009
Location: Norwich, UK
Programs: A3*G, BA Gold, BD Gold (in memoriam), IHG Spire Ambassador
Posts: 7,503
As has been said, you will finding this level of checking to be commonplace across the UK & EU. Try ringing a credit card company, where you need to be transferred through to another person or department - despite the fact you're on the same call, none of the authorities transfers and you will be put through re-screening.

We live in a very different cyber world to even five years ago, and scammers are ever more clever. The companies are already chasing their tails, so don't expect this to get any better anytime soon - it's an inconvenience we have to live with to protect ourselves. I'm sure we'd all be less than delighted if our entire stash of Avios suddenly disappeared because it was easier for a bad guy or gal to impersonate us, hence why there are these tollgates that have to be passed each time.
NWIFlyer is offline  
Old Aug 18, 22, 6:36 am
  #21  
 
Join Date: Jul 2006
Location: Glasgow, UK
Programs: BA, UA, Marriot
Posts: 1,973
I had a call from Scottish Power asking me if I was interested in getting a smart meter installed. I was happy to say yes until they asked me to divulge my full name, address, email address and best of all the phone number that they had just called so that they could make the appointment to come and install. I wasn't particularly interested in doing so to someone who had called me, so declined the "opportunity" and suggested that they find a solution that I was comfortable with if they wanted to do the installation. It's several months later and they've yet to come back to me.
nancypants likes this.
Captain Schmidt is offline  
Old Aug 18, 22, 7:06 am
  #22  
FlyerTalk Evangelist, Ambassador, British Airways Executive Club
 
Join Date: Jun 2008
Location: Somewhere between 0 and 13,000 metres high
Programs: AF/KL Life Plat, BA GfL+CCR, Aclub Plat, Hilton Diam, Marriott Gold, blablablah, etc
Posts: 27,425
The whole point of data protection legislation is to not be able to use the excuse of common sense to justify breaches.

it maybe common sense that your wife might need to know on which flight you are as the taxi has just asked; but then equally, she might just be suspecting you flew away with your mistress and planned to trap you.

it maybe common sense that plenty of ggl agents recognise my voice be it every time or after a few minutes, but then someone could easily be impersonating me and my brother almost has the same voice as me.

it may be common sense that your Secretary is trying to change your ticket but equally she might not be your secretary or she might want to change your ticket against your will or extract information you didnít want her to have or you may be James Bond and she is a Spectre agent who knows.

data protection is about legal obligation. Ba does not have discretion on when to respect or not to respect those obligations and thus cannot transfer such protection to its agents.

itís a bit like wanting your taxi driver to go at the red light because you are in a hurry and can see that there is no pedestrian, bike, or other car around. Itís irrelevant : it is still a red light, and it is not for them or you to decide which red lights have to be respected or not.
hbtr, nancypants, etiene and 2 others like this.
orbitmic is offline  
Old Aug 18, 22, 7:11 am
  #23  
 
Join Date: Jul 2014
Location: WAW ✈ LHR
Programs: BA GGL/CCR, HH Diamond, IHG Spire Ambassador
Posts: 2,328
Originally Posted by carrotjuice View Post
An observation, and a bit of a rant.

Iíve had several interactions with the GGL helpline in recent weeks.

Itís fair that for every new interaction, Iím asked to confirm my name, BAEC number, email address, first line of my address with postcode, and last 4 digits of my saved credit card and expiry date. After all BA is presumably extra cautious after the data breach incident of some years back.

But there was an occasion, while I was mid-conversation with someone, the line got abruptly terminated, I called back right after and spoke to the SAME person (who recognised me immediately, and was fully aware that the line was dropped barely 2 minutes earlier) - yet she required me to go through the rigmarole of repeating the same verification information.

And on another occasion, after hanging up the phone with another person, I noticed that he had typed my email address for a booking incorrectly (even though my email address was recorded correctly in my BAEC account, and I had earlier confirmed that he should use that for all booking related correspondences). So I immediately called back, and got through to the SAME person, who again recognised me (after all we only just spent the past 40 minutes in a conversation to make the booking). He clearly understood that heís made a typo error - yet required me to go through the same security verification the second time round before he would correct an error - that he had personally made!

Do operational procedures trump common sense these days?
BA does not understand what their obligations from the GDPR are. My bank asks less questions when I want to speak to them.
BA also does not want to invest in better / more robust system of authentication - I'd happily enter my membership number, then my secret pass code, and then be connected with a right agent - seems to be too much for BA.
megaloman is offline  
Old Aug 18, 22, 7:22 am
  #24  
 
Join Date: Jul 2014
Location: WAW ✈ LHR
Programs: BA GGL/CCR, HH Diamond, IHG Spire Ambassador
Posts: 2,328
Originally Posted by corporate-wage-slave View Post
I would be surprised if that approach survives more than another year or two. Given that incoming telephone numbers can be easily manipulated, this isn't a secure system in a world of keyboard logging.
Telephone number can, but passcode/pin cannot. It's like logging on the website - you enter username and password and you're in - no need to provide any additional security details, yet can do more damage and has access to more information than over the phone.

In the end of the day:
* airlines don't keep my cash, just miles - if anything is booked using my miles - this is easily traceable and recoverable
* airlines don't store my credit card information - if they do, it usually requires me to enter CVV number and card number is partially displayed - so not a big deal here, although could be a vector
* malicious person could change my seat, my meal selection - they can still do it knowing my lastname and the PNR - severity of it is minimal
* malicious person could ask to cancel/refund my trip - this is a tricky one - money would go back to the original payment, but reinstating the ticket could be tricky - again my lastname + PNR is just enough...

So to me, having to enter my secret passcode when calling the airline would be good enough security instead of having to recite all my personal details.
megaloman is offline  
Old Aug 18, 22, 7:24 am
  #25  
 
Join Date: Aug 2014
Posts: 2,294
Originally Posted by megaloman View Post
BA does not understand what their obligations from the GDPR are. My bank asks less questions when I want to speak to them.
BA also does not want to invest in better / more robust system of authentication - I'd happily enter my membership number, then my secret pass code, and then be connected with a right agent - seems to be too much for BA.
BA is investing in some changes from what Iíve heard which might come into being later this year.
Anonba is offline  
Old Aug 18, 22, 7:29 am
  #26  
 
Join Date: Aug 2014
Posts: 2,294
Originally Posted by RichieMc View Post
The data protection song and dance is nonsense. The lesson here is that if you want to modify, cancel or upgrade your cousin's colleagues' sister's former roommate's booking to first class, do it on the web. There you only need PNR and last name.

It's silly that I can't even just ask a general question unrelated to me or a specific booking on something like avios availibility on a given flight without giving a load of silly information. I once had to go through data protection 3 times on the same call: 1. to get the ball rolling and make changes to booking, 2. againwhen I got called back and 3. again on the call back to use a voucher that was attached to my name and BAEC number. This is a major reason that wait times have been so insane these last months, although things haave certainly gotten better lately.

You can ask a general question without clearing data protection, but then the answer is only a general answer. Its usually better to pass DPA so the agent can discuss your Exec Club account or booking.

The more information given and that can be discussed, the more accurate the answer.
Anonba is offline  
Old Aug 18, 22, 7:33 am
  #27  
FlyerTalk Evangelist
 
Join Date: Mar 2014
Location: Ville des LumiŤres
Programs: UA 1K, DL PM
Posts: 10,473
Originally Posted by carrotjuice View Post
No. But I design systems, so know this can be done - if someone cared to think about the customer experience.
Ah the ole ĎI do X so I know about Yí delusion. This is common in the IT world and some think it leads to complicated systems and IT meltdowns. Pumps up the billable hours though. Want to solve a problem spend time in the environment understanding all of the issues.
TomMM is online now  
Old Aug 18, 22, 7:39 am
  #28  
 
Join Date: Jul 2014
Location: WAW ✈ LHR
Programs: BA GGL/CCR, HH Diamond, IHG Spire Ambassador
Posts: 2,328
Originally Posted by Anonba View Post
BA is investing in some changes from what Iíve heard which might come into being later this year.
Last time they've done changes, they just started asking for extra information...
megaloman is offline  
Old Aug 18, 22, 7:43 am
  #29  
 
Join Date: Jul 2014
Location: WAW ✈ LHR
Programs: BA GGL/CCR, HH Diamond, IHG Spire Ambassador
Posts: 2,328
Originally Posted by Anonba View Post
You can ask a general question without clearing data protection, but then the answer is only a general answer. Its usually better to pass DPA so the agent can discuss your Exec Club account or booking.

The more information given and that can be discussed, the more accurate the answer.
"Hey BA, your multicity booking tool is broken, it only displays 6 flights a day, can you fix it?" - BA's reply on twitter? "Please provide us with your full name, email, address, exec club number, your next flight and passport number, so we can investigate" - what they need it for? bug is affecting anyone trying to book a flight.
nancypants and RichieMc like this.
megaloman is offline  
Old Aug 18, 22, 8:43 am
  #30  
 
Join Date: Dec 2009
Location: near Heathrow
Programs: BA GGL/CCR, GfL (OWE), SA LifePlat (*G), BD Gold to the end, Hilton Diamond
Posts: 2,559
I really don't see it as an issue having to go through three data protection questions when BA Exec Club have to call me back. It takes no longer than a minute or two of my life. I've spent way longer than that reading this thread
gcuk is offline  

Thread Tools
Search this Thread