Maximise your Avios, air miles and hotel points

Why you should use AwardWallet to track your frequent flyer miles and hotel loyalty points

Links on Head for Points may pay us an affiliate commission. A list of partners is here.

There is only one miles and points tool that I use every day – and have done for a number of years – and that is AwardWallet.

It turns out, however, that I haven’t done a single article in 2020 which talked about AwardWallet.  With a few days of the year left, I want to remedy that.

AwardWallet allows you to store the log-in and password details for pretty much all of the loyalty programmes you are in. It isn’t just travel, either – Nectar, Boots Advantage, Tesco Clubcard, Harrods Rewards …. they cover over 700 programmes from across the world.

Across their entire membership, they are tracking over 179,000,000,000 miles and points for 661,000 users!

AwardWallet review

You can store programmes for various different people inside one AwardWallet account. When I log in, I see over over 30 different accounts across my family. A clever part of AwardWallet is the ability to sideline schemes which are dormant or rarely used.

You can sit and back and do nothing with AwardWallet if that is how you want to play it. Once a week, AwardWallet will automatically log in to each of your programmes and update your balance. It will then send you a weekly email with all of your balance changes.

For the more obsessive, like myself, you can log in to AwardWallet and simply click ‘Update’. AwardWallet goes off and updates all of your ‘active’ balances immediately (it takes 3-4 minutes to check my active ones). On a PC you can leave it running in another window.  There is also an impressive app which lets you check all your miles and points balances on the move.

If you are not already a member of AwardWallet, you can sign up for free here.

What is AwardWallet Plus?

Whilst AwardWallet is free, you can pay $30 per year to upgrade to ‘Plus’ status.  This comes with a number of extra benefits:

  • Balances update in parallel rather than one at a time (claims a 5x increase in updating speed)
  • The expiry dates of your miles are shown, based on what AW knows about the expiry rules of the programme, your status and your recent activity
  • You receive email warnings if miles are heading towards expiry
  • You can see historical transactions for some programmes and a graph of changes in your total balance for all programmes
  • You can update your balances multiple times per day (although the free version lets you do it twice per day, which is more than enough for most people!)

What is AwardWallet?

A note on security

Some people, understandably, are worried about the security of their account details. (AW is owned privately by a couple of guys in the US.) If you are, you can choose to have AwardWallet store all of your log-in and password data locally on your PC, not on their server. The only impact of this is that you are limited to checking your balances on that one device.

My personal view is that using AwardWallet improves your security.  When my Tesco Clubcard vouchers were stolen, it was AwardWallet that notified me.  If I hadn’t seen my balance change, I may not have noticed for months.  AwardWallet has been in business for 15 years now without any serious issues.

I am a big fan of AwardWallet, and if you have never used it I recommend taking a look.  It doesn’t take long to set up, and once you have all your data there it becomes quite addictive checking your balances a couple of times a day.  You can sign up here and there is no charge unless you decide to upgrade to Plus at some point.

Comments (52)

  • Andrew says:

    I always think the security concerns are played down too much on here. If BA are breached directly then you’ll get your avios back. If AW are breached then BA won’t want to know. By giving your password to a third party you’ve broken their terms of use. Even the ‘save passwords locally’ functionality relies on trusting that it’s doing what AW says it is. AW explicitly excuses themselves from any liability even if them or one of their employees are negligent.

    No one would hand over all of their online banking passwords to a third party with literally no guarantees as to security so think carefully before doing so with your loyalty accounts which may be just as valuable.

    • KP says:

      Agree

    • GaryC says:

      I agree with the security concerns. I’ve been through their security FAQ and none of it gives me the confidence I’d need to hand over all my credentials. I would be concerned that the size of team (30 full time employees, 10 part time), simply doesn’t give them the scale needed to implement information security commensurate with the scale of the prize on offer to hackers (over $3 billion in loyalty points). The sort of very concentrated personal/login data across so many loyalty programs has got to make them a prime hacking target. And as noted, good luck getting your points back when you’ve given your credentials to such a third party.

    • Roy says:

      Also, don’t forget, in most cases it’s not *really* just a loyalty account. It’s your main login for the company concerned, will full access to your bookings, etc, and in which you’ve almost certainly saved your credit card details!

  • Steve says:

    Am sure at $30 a year and with not that many members paying for plus, that can’t be their main revenue source.

    So it begs the question, if it is free how is it funded? Most “free” things make their money from leeching your data or advertising. Often both.

    Which is it with AW?

    • Rob says:

      If you are in the US, they will sell you credit cards for up to $300 commission per application. Works well as they can see what programmes you are in and what might interest you. You don’t see all this stuff if you are UK based.

    • GaryC says:

      There’s an interesting interview with their founder here: https://www.starterstory.com/frequent-flyer-program-tracking-app

      Revenue of around $2m in 2019, less this year due to Covid, but not disclosed. That doesn’t pay for 40 employees plus the other costs of running the business, particularly in tech jobs where 6 figures plus are easy to come by just a couple of years out of college. So I suspect they are burning through some VC.

      • Rob says:

        No VC money, the article is clear on that. Frankly I have no idea what 40 employees do, they only need a couple of developers though. The rest will be working on the blog and social media stuff.

        • GaryC says:

          Fair enough on VC, I only skim read it. I’d be amazed if it was only a couple of developers though – the sheer number of loyalty programs to keep track of and in line with will make work for several, and then there’s general bug fix, new feature development, plus regular upgrades as underlying platforms evolve. Given a pretty sizeable user case, they’re probably a nice niche takeover target for a company like google. Perhaps that’s what the 40 staff are waiting on, whilst not being paid very much.

          • The Savage Squirrel says:

            Most companies try and big themselves up in this regard.

            40 “employees” probably include a random assortment (large majority?) of occasional contractors, zero hours contracts, the office cleaner on 5 hours/wk and the like.

    • Not Angry says:

      They make money from (or at least, they offer to sell) their APIs for email and loyalty account scanning.

      The auto-login sometimes uses affiliate links, so if you use that and subsequently book a flight or a hotel then they are earning.

      I wonder how much they make from that. Rob makes enough from it to have tempted him away from a Wolf of Wall Street life so it’s certainly a lot more than enough to “keep ticking over”.

      • Rob says:

        Yes, sorry, forgot that one.

        Use their auto-login feature to visit, say, the IHG website and they get a cut of your IHG bookings for the next 4 weeks.

        HfP was my retirement project, as I have said in numerous interviews. It just got a bit of control. I had been fired from my banking job at that point and 40 was a sensible age to try retirement, but I wasn’t very good at it. There was never a binary choice between any City job and HfP, it was between doing nothing for next 50 years or HfP.

        • ChrisW says:

          Fired? Huh??

          • Rob says:

            What I did ceased to exist for a couple of years post-Lehman. I would have fired me if I was in charge 🙂

          • Pangolin says:

            Packaging up toxic ABS products and selling them to clueless German bankers? You should have moved to Risk or Compliance when winter came 😉

  • Jon says:

    Loyalty schemes really ought to add two-factor authentication to their accounts, I would have thought (especially for those with high balances). Not sure whether any already have? Not aware of any. I guess that might undermine the efficiency of AW?

    • GaryC says:

      I agree. And some of them, I think it’s either IHG or Marriott, which requires simply a 4 digit PIN are laughably insecure.

      • memesweeper says:

        IHG is appalling.

        • Genghis says:

          I thought IHG had changed so requires a more secure password now? It promoted me and my wife maybe about 6 months ago to change it.

          • Doug M says:

            I certainly have a complex password with IHG. The 4 digit went went some time ago, not sure when as this year has rather blurred time frames.

          • Rob says:

            All our family accounts are still on four digit numbers.

          • Roy says:

            If you try to change your IHG PIN, you’ll find it will ask you for a password, conforming to modern complexity rules, I think.

            I’d recommend doing this, given that IHG allows log in with email address, too (they don’t need to guess your IHG membership number). It’s relatively easy for criminals to harvest email addresses from various sources and just try random PINs until they get locked out. They’ll get into a small proportion of accounts just by chance.

        • Andrew says:

          Despite having a decent balance there I actually really hope ihg get breached. A four digit numeric password is about as bad as it can get.

      • Chrism20 says:

        IHG have allowed more secure passwords for the best part of a year now.

        • Dave B says:

          Yes changed mine a few months ago, have lost balances twice on IHG. Which they also resolved after a quick investigation.

    • Max says:

      AwardWallet itself supports multi-factor authentication, everyone should switch on this feature.

      • Alex Sm says:

        How does it work in practice? For example, a similar service Points.com just had to drop programmes which require two-factor authentication as they simply didn’t work and returned errors all the time

        • Not Angry says:

          2FA on AW is only to protect access to your AW account.

          AW can’t always handle 2FA on loyalty program accounts. Sometimes it works because there is an alternate verification method such as answering extra security questions – that’s intended for when you don’t have access to your phone to retrieve an SMS, but it gives AW a mechanism – and sometimes you only get prompted for a token every month or on a new device, which gives AW the chance of sometimes working but not always.

          It’s shocking how few loyalty programs offer proper 2FA, but in about 50 years when they finally catch up with security standards, AW will have a much harder time.

    • Lyn says:

      Qantas has added this.

  • memesweeper says:

    When I started with the hobby I used AW. Now I have significant balances I’ve deleted my account. Risk vs reward isn’t worth it for me — once a month I update a spreadsheet I’ve created. I might revisit the ‘locally stored’ option if it gets too tedious.

    Regardless of if you trust AW or not, you should always use a different, randomly generated password for each loyalty account, and secure all your passwords with a good password manager. Bitwarden is excellent for security and functionality.

    • Rob says:

      But you are trading off the risk of your airline account getting hacked and not knowing about it because you never log in …..

      • Andrew says:

        That’s not really a risk though insofar as if it is hacked the airline will give you your miles back. Several people have reported avios being hacked and used for random hotel bookings in Russia but I’m not aware of anyone ultimately being left out of pocket. If AW are hacked no one is going to recompense you.

        • Dave B says:

          Yes and expect a mail storm to the email address to try and cover the email from avios when it lands in you inbox.

      • memesweeper says:

        Correct. But I do check all of them regularly, hence the spreadsheet.

    • Roy says:

      When I looked at this, as far as I could tell, it seemed likely that even with the local option, your passwords are still sent to their servers to perform the queries to the underlying websites (although, of course, the passwords aren’t retained in the servers except transiently).

      A solution would have to be client-side for me to be willing to consider it. Until then, I use a spreadsheet.

  • Chrism20 says:

    I had numerous problems with my Accor account being blocked over a period of around six months from Sep 2019 through to March this year and I am convinced that it was Award Wallet accessing my Accor account that was causing it to be blocked. On one occasion Accor unlocked the account, I ran Award Wallet and shortly afterwards the account was locked again. It got to the point that a new Accor account was set up for me and my points etc were transferred over to this. Have never used Award Wallet on it since and there has never been an issue with the new account.

    • Not Angry says:

      Same. There is definitely an issue with Accor.

      Auto-update triggers “unusual activity” alerts from many other loyalty programs because the update runs on servers in USA or AUS etc.

      Auto-update capability is gradually disappearing anyway because of 2FA etc.

      With local passwords and manual update the 2 useful features of AW are expiration tracking and reminders, and at the bottom of the page where you can see the total of all your balances grow into a satisfying number of millions. Make that 1 useful feature.

  • Rob says:

    Agree. Just deleted my award wallet account. Never used it and don’t like them having all my details or stays, points, and other information.

  • David S says:

    I use the premium version. There are limitations. I can’t see my Delta balance for instance and it seems to fail miserably when programs like Hilton ask you to complete a Captcha or when programs have additional security in place by sending you an access code. Have to put my phone on silent at night because of this. That said, the features that tell you when points come close to expiry is invaluable

    • Alex Sm says:

      Yes, the increased use of two-factor authentication may be a major obstacle for services like AW. And unfortunately their warnings about the miles / points expiry are often false

    • Rob says:

      I have Hilton disabled for this reason. It’s fine because I can run it after a stay and my points total never moves otherwise.

  • Doug M says:

    I have the paid service and I’m considering stopping. I get fed-up with accounts locking out because they don’t like the AW login attempts. I like the AW service, and find it useful, but having to keep stopping certain accounts from updating is frustrating and makes it less valuable.

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.