web Musings of The Global Traveller

Thursday, February 19, 2009

Identity theft (still) from airline/frequent flyer websites

The other day I had forgotten a password for a website and had to ask for it to be reset. It was simple to do, and it got me thinking. Friends know I'm easily distracted and so instead of the job at hand I decided to take a look at other websites where I have accounts and see how easy it is to get passwords and access.

As this is a travel-related blog, I'll restrict my comments to airline and frequent flyer websites. From a modest sample of sites I got scary results. I'm no computer or security expert, but it looked like I would be able to gain access using only my name and easily guessed/looked up information at a good proportion of sites. This surprised me. I think it was a couple of years ago there was an expose on identity theft starting only with a British Airways boarding pass. While undoubtedly many security holes have been plugged, I did not expect it to be as easy to get access to not just one but several accounts.

Security of airline websites is particularly important. Not only do they hold information on credit cards and passport details (which proved surprisingly difficult for me to remove - without airline IS help the only option was to put in false information), but there is your address and information on when you are not going to be home. In the case of frequent flyer accounts there is also a (possibly significant) asset available for the taking by a thief.

No comments: