"Your account has been suspended due to a security risk" frustration
Oct 31, 2018, 3:09 pm
#16
Join Date: Sep 2009
Location: HNL
Programs: DL PM/1MM, BW DE (lifetime), HH DE, Marriott PE (lifetime), National Emerald Executive
Posts: 7,205
Oct 31, 2018, 3:22 pm
#17
Join Date: Jan 2008
Programs: DL Diamond; Marriott Silver
Posts: 109
I got this message, too, and my account has also been locked, although the DM rep (who can see the account activity) told me that the last successful login to my account was several weeks ago and that there have been no recent attempts to use any miles (all my miles -- about 600k -- are still there). I'm guessing that someone whose number is very similar to mine perhaps transposed two digits (I do this occasionally), kept trying without realizing that the number, not their password, was what was wrong, and eventually locked my account.
As I am an attorney in the financial services industry, I quite understand the need to suspend accounts for suspicious activity. But I am extremely upset that DL doesn't have a procedure to resolve these sorts of issues quickly over the phone. When attempted fraud occurs on one of my credit cards (happens at least twice a year), I get a text or call from their fraud department; I contact the fraud department; they verify me; they discuss the suspicious attempts to use the card (to determine if I made them or not); and then they reactivate the account (sometimes after changing the account number). If they have changed the number, then the next day, FedEx delivers me my new card. Everything is done quickly over the phone. I don't have to send them a copy of my driver license via e-mail and then wait for an e-mail reply up to 30 days before I can use my card again. At most, I have to wait until the next day for FedEx, and even then, I know precisely what the time line is (and I have online access to my account in the interim).
Has anyone else experienced this problem? And has DL been able to resolve it?
Cheers,
Mike
As I am an attorney in the financial services industry, I quite understand the need to suspend accounts for suspicious activity. But I am extremely upset that DL doesn't have a procedure to resolve these sorts of issues quickly over the phone. When attempted fraud occurs on one of my credit cards (happens at least twice a year), I get a text or call from their fraud department; I contact the fraud department; they verify me; they discuss the suspicious attempts to use the card (to determine if I made them or not); and then they reactivate the account (sometimes after changing the account number). If they have changed the number, then the next day, FedEx delivers me my new card. Everything is done quickly over the phone. I don't have to send them a copy of my driver license via e-mail and then wait for an e-mail reply up to 30 days before I can use my card again. At most, I have to wait until the next day for FedEx, and even then, I know precisely what the time line is (and I have online access to my account in the interim).
Has anyone else experienced this problem? And has DL been able to resolve it?
Cheers,
Mike
Oct 31, 2018, 3:27 pm
#18
Join Date: Jan 2008
Programs: DL Diamond; Marriott Silver
Posts: 109
It would be far better if DL had a simple customer-facing statement such as, "the matter is under investigation. Because we take these matters seriously and all investigations are different, we do now know how long this one will take. We do our best to complete this in a thorough way."
Something like that does not disclose anything by way of a time-frame and also makes it clear to the customer that there won't be any more detailed information coming.
The alternative is to tell everyone that it may take as long as 90 days, knowing that it won't take that long.
Something like that does not disclose anything by way of a time-frame and also makes it clear to the customer that there won't be any more detailed information coming.
The alternative is to tell everyone that it may take as long as 90 days, knowing that it won't take that long.
Oct 31, 2018, 3:28 pm
#19
Join Date: Jan 2008
Programs: DL Diamond; Marriott Silver
Posts: 109
In fairness, they have to verify your identity somehow. If you are in a situation where IDV is required, you need to get to a private location.
Oct 31, 2018, 3:39 pm
#20
Join Date: Mar 2016
Posts: 1,884
I have the same problem with the relatively recent similar change on Twitter. I have been required to provide my full name, SkyMiles number, and street address before the Twitter team would apply a regional upgrade certificate for me. Before this year, they were able to see that my twitter username was linked to my SkyMiles account, and that was good enough. They have told me that the change was to "improve security". I have 2 problems with that - 1) Shoulder surfing is a thing, and I am almost always in either an airport, a lounge, or on an airplane (on wifi) when I use Twitter rather than calling, which means that I am surrounded by strangers. 2) If they are using that for verification due to concerns that my Twitter account might be compromised... if that happened, all the "bad actor" would have to do is scroll back through my DMs to find the information. 3) Am I the only one who visualizes Nicolas Cage when I hear the term "bad actor"?
Last edited by Qwkynuf; Oct 31, 2018 at 3:49 pm
Oct 31, 2018, 5:36 pm
#21
Join Date: Jan 2008
Programs: DL Diamond; Marriott Silver
Posts: 109
My bank accomplishes this with a security phrase. This is much easier to change/update than my birthdate and street address, after being required to repeat it out loud where the potential for someone to overhear is non-zero.
I have the same problem with the relatively recent similar change on Twitter. I have been required to provide my full name, SkyMiles number, and street address before the Twitter team would apply a regional upgrade certificate for me. Before this year, they were able to see that my twitter username was linked to my SkyMiles account, and that was good enough. They have told me that the change was to "improve security". I have 2 problems with that - 1) Shoulder surfing is a thing, and I am almost always in either an airport, a lounge, or on an airplane (on wifi) when I use Twitter rather than calling, which means that I am surrounded by strangers. 2) If they are using that for verification due to concerns that my Twitter account might be compromised... if that happened, all the "bad actor" would have to do is scroll back through my DMs to find the information. 3) Am I the only one who visualizes Nicolas Cage when I hear the term "bad actor"?
I have the same problem with the relatively recent similar change on Twitter. I have been required to provide my full name, SkyMiles number, and street address before the Twitter team would apply a regional upgrade certificate for me. Before this year, they were able to see that my twitter username was linked to my SkyMiles account, and that was good enough. They have told me that the change was to "improve security". I have 2 problems with that - 1) Shoulder surfing is a thing, and I am almost always in either an airport, a lounge, or on an airplane (on wifi) when I use Twitter rather than calling, which means that I am surrounded by strangers. 2) If they are using that for verification due to concerns that my Twitter account might be compromised... if that happened, all the "bad actor" would have to do is scroll back through my DMs to find the information. 3) Am I the only one who visualizes Nicolas Cage when I hear the term "bad actor"?
Oct 31, 2018, 5:58 pm
#22
FlyerTalk Evangelist
Join Date: Jul 2001
Location: Phoenix, AZ
Programs: HH Gold, AA Gold
Posts: 10,458
I got this message, too, and my account has also been locked, although the DM rep (who can see the account activity) told me that the last successful login to my account was several weeks ago and that there have been no recent attempts to use any miles (all my miles -- about 600k -- are still there). I'm guessing that someone whose number is very similar to mine perhaps transposed two digits (I do this occasionally), kept trying without realizing that the number, not their password, was what was wrong, and eventually locked my account.
As I am an attorney in the financial services industry, I quite understand the need to suspend accounts for suspicious activity. But I am extremely upset that DL doesn't have a procedure to resolve these sorts of issues quickly over the phone. When attempted fraud occurs on one of my credit cards (happens at least twice a year), I get a text or call from their fraud department; I contact the fraud department; they verify me; they discuss the suspicious attempts to use the card (to determine if I made them or not); and then they reactivate the account (sometimes after changing the account number). If they have changed the number, then the next day, FedEx delivers me my new card. Everything is done quickly over the phone. I don't have to send them a copy of my driver license via e-mail and then wait for an e-mail reply up to 30 days before I can use my card again. At most, I have to wait until the next day for FedEx, and even then, I know precisely what the time line is (and I have online access to my account in the interim).
Has anyone else experienced this problem? And has DL been able to resolve it?
Cheers,
Mike
As I am an attorney in the financial services industry, I quite understand the need to suspend accounts for suspicious activity. But I am extremely upset that DL doesn't have a procedure to resolve these sorts of issues quickly over the phone. When attempted fraud occurs on one of my credit cards (happens at least twice a year), I get a text or call from their fraud department; I contact the fraud department; they verify me; they discuss the suspicious attempts to use the card (to determine if I made them or not); and then they reactivate the account (sometimes after changing the account number). If they have changed the number, then the next day, FedEx delivers me my new card. Everything is done quickly over the phone. I don't have to send them a copy of my driver license via e-mail and then wait for an e-mail reply up to 30 days before I can use my card again. At most, I have to wait until the next day for FedEx, and even then, I know precisely what the time line is (and I have online access to my account in the interim).
Has anyone else experienced this problem? And has DL been able to resolve it?
Cheers,
Mike
Seriously, though, the airlines don't put a lot of effort into activities which do not directly generate revenue. Don't get me started on those antique schedule change algorithms...And I can tell you first hand that the bank procedures were not nearly as good 20 years ago when I had a significant credit card fraud situation. It was literally like "you need to talk to Joan and she is out sick today. No, nobody else can help you". I remember asking, "Don't you have algorithms which spot fraud???"
Oct 31, 2018, 9:14 pm
#23
Moderator: Hyatt; FlyerTalk Evangelist
Join Date: Jun 2015
Location: WAS
Programs: :rolleyes:, DL DM, Mlife Plat, Caesars Diam, Marriott Tit, UA Gold, Hyatt Glob, invol FT beta tester
Posts: 18,928
"My voice is my passport, verify me" 
Do any airlines implement 2FA?
I'd be happy if they'd implement fingerprint auth in the mobile app.
I'd be happy if they'd implement fingerprint auth in the mobile app.
Oct 31, 2018, 10:29 pm
#24
FlyerTalk Evangelist
Join Date: Sep 2003
Location: San Antonio
Programs: DL DM, Former AA EXP now AY Plat, AC 75K, NW Plat, Former CO Gold, Hilton Diamond, Marriott Titanium
Posts: 27,042
Yes I'm getting tired of being asked for all this info. Even for basic things. I'm calling from a phone number registered in the system. I shouldn't need to provide name, DOB, email/physical address, and phone number. If someone knows which number I have on file and is able to spoof the phone number they likely have the other info as well.
Oct 31, 2018, 11:40 pm
#25
Join Date: Jan 2008
Programs: DL Diamond; Marriott Silver
Posts: 109
I'm not keen at all about not having account access, and not being able to use miles, for 30 days. Just insane.
Nov 1, 2018, 7:31 am
#26
FlyerTalk Evangelist
Original Poster
Join Date: Aug 2001
Location: Finally back in Boston after escaping from New York
Posts: 13,644
Nov 1, 2018, 10:33 am
#27
Join Date: Apr 2017
Posts: 189
Hell, my university scrambles your password if they think it's possibly been compromised, and then have no way to notify you that they've done that until you call in on why you can't log in. And then the process to get access back to the account is to contact them and have the id office mail or fax you a new pin number to use to reset your password. I've been able to get the process short circuited sometimes when working with people in the id office that I've called enough that they know who I am, but in general, it's not a quick process to deal with.
I've also heard that Microsoft has turned off blocking accounts with office 365 that are trying to have passwords brute forced because it was causing too many accounts to end up getting locked. So if you're using the same password elsewhere that you're using with office 365, well, don't.
I've also heard that Microsoft has turned off blocking accounts with office 365 that are trying to have passwords brute forced because it was causing too many accounts to end up getting locked. So if you're using the same password elsewhere that you're using with office 365, well, don't.
Nov 1, 2018, 2:54 pm
#28
Join Date: Sep 2006
Location: Santo Domingo, Dom. Rep. / Washington, DC
Programs: AA PPro/DL PLT, PPass, Marriott / Hilton Gold, JetBlue Mosaic, Hertz Presidents Circle, Amex Plat
Posts: 4,630
I've also heard that Microsoft has turned off blocking accounts with office 365 that are trying to have passwords brute forced because it was causing too many accounts to end up getting locked. So if you're using the same password elsewhere that you're using with office 365, well, don't.
Nov 5, 2018, 10:14 am
#30
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,413
IME it can help to experiment with going lighter (or darker) on a photocopy machine. It's also very useful to magnify the size so that the fax is easier to read.