PGberkshire

if this is your biggest worry in life, you have it good

Schind

I had this with my bank. Their website wasn't working and showed a phone number to ring to report the problem. I rang the number, they started asking me all these questions so I hung up.

carrotjuice

Indeed. Imagine this interaction.

Me: We just spoke. Can you see the email address of my Exec Club account?

Agent: Yes.

Me: That was supposed to be on my PNR. You had typed it incorrectly by two letters. It needs to be corrected, else emails from BA regarding this booking won’t reach me.

Agent: Yes, I’m sorry for that.

Me: Please correct it.

Agent: Give me your BAEC number, name, email address, physical address, credit card last 4 digits and expiry date….

Faceslam.

Jimmie76

I work in luxury retail and the same thing applies here. It doesn’t matter if I know the person and have been dealing with them for years. I still have to ask them security questions if we’re going to be discussing anything considered personal information. Even if we were just talking seconds ago and they passed the security questions then. They can have all the info about what we were talking about but they need to satisfy the security questions.

It’s just company policy so that we don’t inadvertently reveal anything we shouldn’t to the wrong people. Frustrating, yes but keeping us GDPR compliant, also yes.

BRITINJAPAN4

The think here is that the OP is looking at this from a customer viewpoint, however the policy is in place not to protect his data, as much as to
protect the company, in this case BA, from penalty if there is a security breach, in other words its CYA, and it will only get worse, not better.

RichieMc

I’ve never been able to do this. I’ve used chat to ask if there’s upgrade space on a given flight on a given day and been forced to give a PNR and all the data protection nonsense. There’s either availability or not.

scottishpoet

it could be 20 minutes between the first call and the second call and the agent could have dealt with several other calls.
.
How long after the 1st call is it acceptable to say the agent 'recognised the caller' and avoid the checks? 1 hour? 6 hours? A day? A week?

sorry but this would not be an acceptable, auditable, working practice.

I have run a call centre

13901

Another case of damned if you do, damned if you don’t.

The policy is there - as is the big investment in PCI compliance the airline is doing - as a result of the data breach, when BA was found with its metaphorical trousers lowered and customers suffered. A few fines, court cases and brand damage later they are learning how to avoid this in the future. As somebody who had his card data stolen and managed to prevent my life’s savings from being nicked just by sheer accident I’m grateful for having to waste a few seconds of my life in order to avoid a repeat of that experience.

Frankly this whole thread reminds me of one day in Iceland. I was flying what was then called Air Iceland, the little prop planes, to Isfjordur in Westfjords. Weather was rather flatulent over there and so we were delayed while it got to the point when the plane could at least land sideways. All of the passengers just drank coffee and waited it out but for one Brit, the kind of man who has a high-pitched nasal voice and begins every complaining sentence with a “Surely…” that could wake up cats. He goes to the gate to moan about the delay, and the activities they have booked, and supper at some restaurant and how the delay is inconveniencing them. The gate agent just shot him down with the best Icelandic deadpan: “do you want to crash and die when you come in to land? If not, wait”.

megaloman

I see no issue when I'm at home and I know that no one listens to me. But it has happened to me before that I had to urgently call BA from lounge / public space - someone could have listened/recorded all my personal details - not only to access my BA account, but they would learn where I live and other few important bits - e.g. when I'm travelling next and for how long for.

Then we have another issue - BA asking me to provide personal information in every email I sent them - email is (still) sent in plain text over the internet - it may be securely encrypted on my server, and securely encrypted on BA's server, but it travels unencrypted through the network of servers who can collect/retain copy of my personal information - this is in direct violation of GDPR.

Then they ask you for all personal information on twitter/facebook/instagram - these are platforms BA does not own, some of them allow users to have a really poor security setup with weak passwords and no 2FA - so BA asking too much personal details is basically putting customers at risk.

In all above cases - why I can't authenticate my twitter account with BA so when I talk to BA they see my account as linked to my BA account? so then I can ask/exchange minimal information required to get issues solved? why do they have to ask for personal information every single time? can't they scroll up? if I can scroll up and see them, anyone who has access to my account can.

As someone mentioned above - BA protects their own business by putting their customer's data at risk.

My accountant required me to verify my email once, then I can email them back/forth with questions - they don't ask for my personal details, they trust my email came from me. I know you can spoof my email, but spoofed email won't get reply - it will come to me. Far less damage than having all my personal information at hand with BA email/twitter account.

PAL62V

Am I the only person reading this who has spotted the bleeding, bloody obvious? That the OP actually got through to BA and spoke to someone??? Surely this whole thread is based on a fictional account.

scottishpoet

twice!! And the 2nd tine quick enough after the 1st that the agent could remember him

carrotjuice

It's easy when calling at around midnight UK time - calling from Singapore, I always get through to the same 2-3 people in India on the GGL line, with negligible wait time.