Why do frequent flyer accounts have such awkward security questions?
What’s up with those security questions airlines ask when you log into your frequent flyer account?
You know, the ones that ask what you wanted to be when you grew up (looking at you, United); the strangest food you’ve ever eaten (I’m pretty experimental, American); or even who your date to prom was — which can be awkward if you, like me, didn’t have a date.
For the latest travel news, deals and points and miles tips please subscribe to The Points Guy daily email newsletter.
A tweet about a security question went viral last month after the user claimed a JetBlue question asked who their favorite child was. The airline even played along by tweeting back, “Say it. You know you have one.”
While JetBlue told TPG the question it actually asks is, “What is the name of your favorite childhood friend?” it still made us curious about an airline’s process for creating a security question.
And who is even responsible for dreaming up these sometimes ridiculous questions? Is there a copy editor at an airline’s headquarters writing queries designed to make millions of frequent flyers cringe, or a team of developers crafting clever ways to stump potential hackers in their tracks?
I reached out to all of the domestic airlines, and those that responded said technology teams are responsible for those strange security questions that, however personal, you’ll still never remember how you responded.
“Our security questions are suggested from our IT security business partner,” a JetBlue spokesperson said. Southwest, too, relies on a technology team to “[develop] password-protection questions that ask customers to provide unique answers that will enhance online security.”
OK, so the questions aren’t posed by some moonlighting comedian or clandestine copy editor, as I initially thought. But though trained professionals are responsible for designing the questions, some industry security experts say the questions aren’t doing enough to safeguard accounts. One reason may be the increase in social media use.
“Criminals can use social media,” explained Charles Henderson, IBM’s global managing partner of X-Force Red. “You can find out a lot about an individual [there]. Because of that, a lot of these questions aren’t thought out.” For him, security questions such as, “What month did you meet your significant other?“ are poor because there are only so many answers to pick from — in this case, 12.
Regardless of whether the questions make you chuckle or wince, now is the time to mention how important it is to safeguard your frequent flyer accounts. That means thinking carefully about those security questions, and asking yourself if a hacker could easily determine your answers — or look them up on social media.
Henderson has an interesting suggestion for how travelers can really safeguard their frequent flyer accounts, but it’s something your mother told you never to do: lie.
“This is the time to lie,” said Henderson. “Don’t tell the same lie on every site … what you want to do is use a unique, non-correct answer for those security questions … something that is nonsensical, even.”
Lying — or bending the truth — can save you headache, time and points. It’s estimated that $1 billion a year is lost to crimes related to travel loyalty programs, according to the Javelin Strategy & Research firm. And hackers recognize how much information about travelers is out there — and how valuable frequent flyer miles and credit card points are.
According to the 2019 IBM X-Force Threat Intelligence Index, the travel and transportation industry is the second-most attacked industry, attracting 13% of all observed attacks. That’s a huge increase since 2017, when the industry was 10th-most targeted. Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches.
“The problem is, most consumers don’t pay nearly as much attention to their points as they do their credit card statements,” Henderson said. “And if you’re a criminal, you can use points to bankroll a black-market travel agency.”
That means your mother’s maiden name or the name of your first dog (sorry, Migo) probably aren’t the best questions to answer, unless you want your hard-earned points to end up in somebody else’s account.
Featured image courtesy of Getty Images
Welcome to The Points Guy!
WELCOME OFFER: 80,000 Points
TPG'S BONUS VALUATION*: $1,650
CARD HIGHLIGHTS: 2X points on all travel and dining, points transferrable to over a dozen travel partners
*Bonus value is an estimated value calculated by TPG and not the card issuer. View our latest valuations here.
- Earn 80,000 bonus points after you spend $4,000 on purchases in the first 3 months from account opening. That's $1,000 when you redeem through Chase Ultimate Rewards®. Plus earn up to $50 in statement credits towards grocery store purchases within your first year of account opening.
- Earn 2X points on dining including eligible delivery services, takeout and dining out and travel. Plus, earn 1 point per dollar spent on all other purchases.
- Get 25% more value when you redeem for airfare, hotels, car rentals and cruises through Chase Ultimate Rewards®. For example, 80,000 points are worth $1,000 toward travel.
- With Pay Yourself Back℠, your points are worth 25% more during the current offer when you redeem them for statement credits against existing purchases in select, rotating categories.
- Get unlimited deliveries with a $0 delivery fee and reduced service fees on eligible orders over $12 for a minimum of one year with DashPass, DoorDash's subscription service. Activate by 12/31/21.
- Count on Trip Cancellation/Interruption Insurance, Auto Rental Collision Damage Waiver, Lost Luggage Insurance and more.
- Get up to $60 back on an eligible Peloton Digital or All-Access Membership through 12/31/2021, and get full access to their workout library through the Peloton app, including cardio, running, strength, yoga, and more. Take classes using a phone, tablet, or TV. No fitness equipment is required.