AM: Mobile number OTP commencing 16 Apr (mandatory 16 Jun)
#1
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,795
AM: Mobile number OTP commencing 16 Apr (mandatory 16 Jun)
Dear Mr Smith,
In an effort to enhance our security and protection of your account from unauthorised transactions, Asia Miles will implement a verification process that requires each member to verify their mobile phone number. This will help authenticate and verify any future profile changes or online transactions.
After. 16. April. 2018, members who login to asiamiles.com will be notified to verify their mobile phone number or to update and verify their mobile phone number under the contact information section of their profile.
If you have registered your mobile phone number, you will receive an One-Time Password (OTP) via text message to verify.
If you have not registered your mobile phone number, you must update it in your profile under the “Contact and Communications” first which is verified through a OTP via your registered email address.
Members may continue using all online functions without mobile verification for the coming 6-8 weeks but access will be ceased thereafter until verification process is complete.
Yours sincerely,
The Asia Miles Team
In an effort to enhance our security and protection of your account from unauthorised transactions, Asia Miles will implement a verification process that requires each member to verify their mobile phone number. This will help authenticate and verify any future profile changes or online transactions.
After. 16. April. 2018, members who login to asiamiles.com will be notified to verify their mobile phone number or to update and verify their mobile phone number under the contact information section of their profile.
If you have registered your mobile phone number, you will receive an One-Time Password (OTP) via text message to verify.
If you have not registered your mobile phone number, you must update it in your profile under the “Contact and Communications” first which is verified through a OTP via your registered email address.
Members may continue using all online functions without mobile verification for the coming 6-8 weeks but access will be ceased thereafter until verification process is complete.
Yours sincerely,
The Asia Miles Team
1. One mobile number can be bound to three AM accounts (needed for family travel managers like me)
2. Not sure how mobile number changes will be handled post-16 Apr but probably like email (OTP to old number, and passport copy otherwise)
3. Mobile number OTP will be required for
a) Changing details (e.g. contact, redemption group)
b) Redeeming non-flight awards
*not* flight awards to self or existing redemption group members
Last edited by percysmith; Apr 10, 2018 at 4:16 am
#3
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,795
#4
Join Date: Aug 2013
Location: HKG
Programs: CX DM, Watsons Wine Burgundy
Posts: 415
#5
Suspended
Join Date: Jun 2002
Location: Hong Kong
Programs: None any more
Posts: 11,017
Well here is yet another example of CX's utter IT incompetence...
They send out emails asking people to verify their account using a OTP by email. They ask you to click resend for a new OTP if the first one isn't received in 4 minutes.
Sadly, they use an email service (messagelabs) which takes about 14 minutes to process the message en route to me.
Clicking resend as instructed after 4 minutes causes the previous OTP to become invalid even before it has arrived.
Thus, by following the instructions, I would never be able to update my profile.
Has CX ever in the last 20 years employed anyone in IT who has the slightest clue what they are doing?
They send out emails asking people to verify their account using a OTP by email. They ask you to click resend for a new OTP if the first one isn't received in 4 minutes.
Sadly, they use an email service (messagelabs) which takes about 14 minutes to process the message en route to me.
Clicking resend as instructed after 4 minutes causes the previous OTP to become invalid even before it has arrived.
Thus, by following the instructions, I would never be able to update my profile.
Has CX ever in the last 20 years employed anyone in IT who has the slightest clue what they are doing?
Last edited by christep; Apr 9, 2018 at 11:00 pm
#7
Join Date: Oct 2014
Location: HKG
Posts: 1,053
Well here is yet another example of CX's utter IT incompetence...
They send out emails asking people to verify their account using a OTP by email. They ask you to click resend for a new OTP if the first one isn't received in 4 minutes.
Sadly, they use an email service (messagelabs) which takes about 14 minutes to process the message en route to me.
Clicking resend as instructed after 4 minutes causes the previous OTP to become invalid even before it has arrived.
Thus, by following the instructions, I would never be able to update my profile.
Has CX ever in the last 20 years employed anyone in IT who has the slightest clue what they are doing?
They send out emails asking people to verify their account using a OTP by email. They ask you to click resend for a new OTP if the first one isn't received in 4 minutes.
Sadly, they use an email service (messagelabs) which takes about 14 minutes to process the message en route to me.
Clicking resend as instructed after 4 minutes causes the previous OTP to become invalid even before it has arrived.
Thus, by following the instructions, I would never be able to update my profile.
Has CX ever in the last 20 years employed anyone in IT who has the slightest clue what they are doing?
#8
Join Date: Nov 2017
Programs: MPC-DM, Enrich-Plat
Posts: 1,310
Or so to say, if your provider does not allow mobile access abroad, you are stuck.
#9
Join Date: Jan 2006
Programs: AAdvantage Asia Miles Air China
Posts: 870
Literally straight after I wrote my comment I received the AM email. It took me 5 minutes to work out what they were trying to say, it is written badly.
However once I realised just needed to confirm, I then received the AM confirmation email and verification number which I entered.
From original confirmation to acceptance of confirmation took 60 seconds.
Then recieved a confirmation email "Thanks for updating your information! We have confirmed your updates of your account (membership number: XXXYYYYZZZ) on your account details at 'Date/Time'"
CX could have come up with a far easier way of doing this.
However once I realised just needed to confirm, I then received the AM confirmation email and verification number which I entered.
From original confirmation to acceptance of confirmation took 60 seconds.
Then recieved a confirmation email "Thanks for updating your information! We have confirmed your updates of your account (membership number: XXXYYYYZZZ) on your account details at 'Date/Time'"
CX could have come up with a far easier way of doing this.
#10
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,795
Well here is yet another example of CX's utter IT incompetence...
They send out emails asking people to verify their account using a OTP by email. They ask you to click resend for a new OTP if the first one isn't received in 4 minutes.
Sadly, they use an email service (messagelabs) which takes about 14 minutes to process the message en route to me.
Clicking resend as instructed after 4 minutes causes the previous OTP to become invalid even before it has arrived.
Thus, by following the instructions, I would never be able to update my profile.
Has CX ever in the last 20 years employed anyone in IT who has the slightest clue what they are doing?
They send out emails asking people to verify their account using a OTP by email. They ask you to click resend for a new OTP if the first one isn't received in 4 minutes.
Sadly, they use an email service (messagelabs) which takes about 14 minutes to process the message en route to me.
Clicking resend as instructed after 4 minutes causes the previous OTP to become invalid even before it has arrived.
Thus, by following the instructions, I would never be able to update my profile.
Has CX ever in the last 20 years employed anyone in IT who has the slightest clue what they are doing?
#11
Suspended
Join Date: Jun 2002
Location: Hong Kong
Programs: None any more
Posts: 11,017
I was simply removing old business phone numbers from my profile. I got there in the end by not hitting the "send a new OTP" button and just waiting for it to arrive after about 15 minutes. The OTP itself is valid for an hour or so, if not superseded by another.
Last edited by christep; Apr 9, 2018 at 11:44 pm
#12
Join Date: Apr 2014
Location: Hertfordshire, UK
Programs: SQ,CX,LX
Posts: 343
Well, it gives us a problem right away. We often travel to NZ for lengthy periods and have always bought a Spark Visitor SIM to replace our PAYG UK SIM so would not be able to receive the SMS as it would go to my registered UK PAYG number. In February this type of problem was brought home to us as we have a similar two-stage verification process for access to our UK bank, as it happens we needed access to the account urgently but found that somehow we had lost our UK SIMS when they were changed over to the NZ Spark SIM so couldn't get access to the account until new SIMS had been sent from the UK, this in itself was a problem as the telco refused to send them anywhere but the registered address so extra time was lost getting them sent then forwarded, in all it took 4 weeks to get it sorted out. I suppose I'm highlighting a problem of swapping SIMS. I guess the only solution to this is to have either a dual-sim 'phone or a completely separate 'phone for the Spark SIM.
#13
Join Date: Aug 2013
Location: HKG
Programs: CX DM, Watsons Wine Burgundy
Posts: 415
Well, it gives us a problem right away. We often travel to NZ for lengthy periods and have always bought a Spark Visitor SIM to replace our PAYG UK SIM so would not be able to receive the SMS as it would go to my registered UK PAYG number. In February this type of problem was brought home to us as we have a similar two-stage verification process for access to our UK bank, as it happens we needed access to the account urgently but found that somehow we had lost our UK SIMS when they were changed over to the NZ Spark SIM so couldn't get access to the account until new SIMS had been sent from the UK, this in itself was a problem as the telco refused to send them anywhere but the registered address so extra time was lost getting them sent then forwarded, in all it took 4 weeks to get it sorted out. I suppose I'm highlighting a problem of swapping SIMS. I guess the only solution to this is to have either a dual-sim 'phone or a completely separate 'phone for the Spark SIM.
#14
Ambassador, Hong Kong and Macau
Original Poster
Join Date: May 2009
Location: HKG
Programs: Non-top tier Asia Miles member
Posts: 19,795
In February this type of problem was brought home to us as we have a similar two-stage verification process for access to our UK bank, as it happens we needed access to the account urgently but found that somehow we had lost our UK SIMS when they were changed over to the NZ Spark SIM so couldn't get access to the account until new SIMS had been sent from the UK, this in itself was a problem as the telco refused to send them anywhere but the registered address so extra time was lost getting them sent then forwarded, in all it took 4 weeks to get it sorted out.
We can't use biometric authentication for everything.
P.S. HK banks are almost certainly going to require HK branch visit to replace a fob. No you cannot visit their Australian branches in lieu even if they have one (e.g. HSBC)
Last edited by percysmith; Apr 10, 2018 at 3:28 am
#15
Join Date: Jun 2004
Location: Hong Kong
Programs: CX MPC
Posts: 592
Your points are all correct, with increased security there is always a "mafan" factor. Its why I have to keep one phone with my China number on at all times. SMS OTP is also considered quite an outdated technique, but nevertheless its employed by many companies, because people still use easily guessed passwords and they use them on multiple sites and most people accept the hassle rather than turning away from the service. Any other type of 2 factor would have massive impact on the adoption, and its not like they will shell out for keyfobs for all of us (and the banks are moving away from those too). A bit of social engineering with a telco can get you someone's SIM card too. I guess, statistically they know this will result in less fraud and attrition of customers as a result will be minimal.