Warning for divulging pin

 
Old May 18, 99, 3:13 pm
  #1  
Original Poster
 
Join Date: Apr 1999
Location: Bay Area
Posts: 675
Warning for divulging pin

In case you didn't receive this email, I'll post it here. I didn't realize that by giving access to your FF account, anyone with it could "steal" your miles...

It has recently come to our attention that some web sites are requesting
that visitors disclose their OnePass number and Personal Identification
Number (PIN) to view OnePass account information. We want our members to
know that Continental Airlines does not have a business relationship with
these web sites -- they access our OnePass account information without our
consent or involvement through the use of PIN numbers provided by members.

Currently Continental is investigating a number of unauthorized OnePass
mileage withdrawals, which in most cases, involve the disclosure of a
OnePass PIN to a third party. In the interest of protecting members from
these potential abuses, Continental discourages members from providing
their OnePass PIN to any third party, as this gives the third party the
ability to withdraw miles from the member's account.

In order to protect your account, you should access your account
information directly through Continental's web site at
www.continental.com/onepass. If you have provided your OnePass number and
PIN to a third party, we recommend calling the OnePass Service Center
InfoPass at 713-785-8999 to change your PIN. If you have any questions
about this issue, please contact the OnePass Service Center at
[email protected]

Thank you.

Richard Metzner
Vice President, Marketing Programs

------------------
g'day
wl


wanderlust is offline  
Old May 19, 99, 11:42 am
  #2  
 
Join Date: Apr 1999
Location: Cambridge, MA 02138
Posts: 2,101
I use MaxMiles to check various freq. flyer program data (incl. Continental), and you need to give them your PIN in order for it to work.

I wrote them and got the following response:

Dear Steve,

Thanks for voicing your concerns and allowing us the chance to put your mind
at ease.

We agree with Continental -- we too believe that you should never disclose your PINs for anything to a disreputable company. And since MaxMiles has earned the trust & respect of our major partners like American Express, Microsoft, AOL, Excite, two dozen travel agencies, and potentially some of the major airlines, we are the ideal, trustworthy, reputable company who deliver great service. These companies have conducted extensive security audits and found we more than sufficiently complied to very high standards.

First and foremost, MaxMiles does not utilize membersí individual information for any purpose other than the collection of frequency program data. Specifically, MaxMiles does not use information to redeem, transfer, or otherwise deduct miles or points from any program account for any
purpose.

MaxMiles collects program information using a secure, proprietary server and SSL technology. All data in transit from frequency program providers uses the same security protocols that members would use to access this information themselves. Information in transit from MaxMiles to its members uses password protection, data encryption, and SSL technology.

We understand the need for security, especially when it comes to the Internet. In this day and age where e-commerce is new territory, security is a top priority for consumers and merchants alike. We would also like to remind all of our users that unlike some airline frequency programs, MaxMiles DOES NOT PROVIDE ANY PERSONAL INFORMATION OR ACCOUNT DATA, IN ANY WAY OR FOR ANY REASON, TO ANY THIRD PARTY. We want to reassure all of our members that we are committed to the security of our individual membersí frequency program data and personal information.

We thank all of our members for their understanding and continued trust. If you have any questions or concerns about this letter, our Privacy Policy www.MaxMiles.com/MileageMiner/Privacy.html), or any other issue regarding your MileageMiner account, please reply to [email protected] or call us at 1-888-MAX-MILES (1-888-629-6453).

Sincerely,

Marianne Embree
Customer Service Manager
steve100 is offline  
Old May 19, 99, 1:51 pm
  #3  
 
Join Date: Apr 1999
Location: SFO
Programs: No status anymore. Former CO PLT, NW PLT, AS MVP
Posts: 502
Frankly, MaxMiles hasn't said enough. What is their legal obligation? For example, if they are the only ones (besides you) who have your PIN, and unauthorized withdrawals are made, will they reimburse you for the lost miles? Obviously, they can't simply redeposit them, but they could either purchase the miles or give you a cash equivalent. In my opinion, any organization that is in this position must be ready and willing to make this sort of guarantee.
mweiss is offline  
Old May 19, 99, 2:00 pm
  #4  
Original Poster
 
Join Date: Apr 1999
Location: Bay Area
Posts: 675
I agree. If they are so confident in their security, they should be willing to back their words with a solid guarantee. If those miles do disappear, say they've got a rogue employee who wants to take off to Tahiti, what's to stop him? If these miles are lost, what will they say, "Well, you knew the risk, dude. Too bad, so sad."

I say: show me the guarantee!

------------------
g'day
wl


wanderlust is offline  
Old May 19, 99, 2:05 pm
  #5  
 
Join Date: Apr 1999
Location: Cambridge, MA 02138
Posts: 2,101
I am not sure who the Continental letter was aimed at... I just use Maxmiles and emailed them regarding this. Does anybody know other other systems that CO might be referring to?

Regarding the statements you all made on Maxmiles - I do see what you are saying, and somewhat agree. The only reason that I still use them is that Microsoft (w/ Expedia), AmericanExpress (with Membership Rewards), AOL, Excite, and many others have all trusted them. If there is a problem with Maxmiles, then all hell will break loose. Being in the company of these billion dollar companies who have trusted Maxmiles, makes me feel secure.
steve100 is offline  
Old May 19, 99, 4:19 pm
  #6  
FlyerTalk Evangelist
 
Join Date: May 1998
Location: Kansas City, MO, USA
Programs: DL PM, WN A-List, HH Dia, Hyatt Plat, National ECE, Hertz PC
Posts: 15,379
I think the problem is with "brokers" who buy FF award tickets. People will sell the "brokers" miles, and for the "brokers" to get to the miles they access your account and get a ticket issued. The problem is that they could take more miles than they are supposed to.

Of course if a broker does this and the accounts owner calls CO, they don't want to say they sold their miles to a "broker" ... that's against the rules ...

As for MilageMiner making a guarantee, I don't see that happening, because how can they be assured that you don't give your PIN to anyone else?
Beckles is offline  
Old May 20, 99, 2:23 pm
  #7  
 
Join Date: Apr 1999
Location: SFO
Programs: No status anymore. Former CO PLT, NW PLT, AS MVP
Posts: 502
Beckles,

You're right, of course, you can't prove that they're the only ones besides you to have the PIN.

But that doesn't change my real point, which is that as long as there's no such guarantee, it's foolish to divulge your PIN to ANYONE.
mweiss is offline  
Old May 24, 99, 11:01 am
  #8  
Moderator: Hotel Deals and MilesBuzz
 
Join Date: May 1998
Location: Washington, DC
Posts: 14,041
Call me paranoid but this is why I never post my travel itineraries on this board. Too much personal information for too many eyes. Also, the address I have shared online with others is not the same address I use for my frequent flyer accounts.

[This message has been edited by MileageAddict (edited 05-24-99).]
MileageAddict is offline  

Thread Tools
Search this Thread