We have written before about how British Airways Executive Club account details are openly sold on the ‘dark web’.
However, whilst there is a market for your stolen log-in details, Avios has never been a big target for hackers.
Why? Because the options for spending your points if your account is hacked are slim. Not zero, but slim.
Unless you were planning to fly within hours, you’d be a bit dim to book a flight using Avios from a hacked account. Not only would you need to find a stolen credit card to pay the taxes, but you’d need to supply your real name for the ticket. The chance of being arrested at the airport is high.
The Avios hotel booking platform also carries risk. You could book a room under a false name from a hacked Avios account and turn up a couple of hours later. The risk of getting caught is lower, especially as getting the police on site would be harder than at an airport, but it remains too risky for most hackers.
The Laithwaites wine redemption offers are open to fraud if you hack an Avios account but you still need to provide a drop-off address for the wine. This route is also of no interest to hackers based outside the UK.
There is one factor which makes your loyalty scheme a target for hackers
I went to a conference on loyalty fraud a couple of years ago which was eye-opening. (If you work in loyalty, you might be interested in the Loyalty Security Association.)
You would never think of some of the things that go on. For example, in the Middle East, there are only a handful of surnames. This makes it easier to ‘share’ loyalty accounts.
In China, there are apparently criminal gangs who train people to get jobs at hotel reception desks in order to siphon off loyalty and payment information.
There is also a lot of scope for ‘fixing’ names on bookings due to common surnames and the trend to have a made-up ‘English’ name as a first name.
In general, though, loyalty programmes only become major targets for fraud when it is possible to transfer points into something close to untraceable cash.
For years, the weak spot was Amazon gift codes. Many programmes offered the option of redeeming points for Amazon credit. If your account was hacked, it could be emptied for Amazon gift codes within minutes. Those codes become virtually untraceable because they can be added to any Amazon account.
Over the year many programmes have dropped Amazon gift codes for this reason. I was surprised when Hilton Honors brought it back a while ago.
What has this got to do with Avios?
From last Monday, you can convert Avios into Nectar points. This article explains how to link your Avios and Nectar accounts and make transfers.
Nectar points are virtually as good as cash. You can swipe a Nectar card in a Sainsbury’s supermarket or Argos store and walk out with free items.
The details on the Nectar account do not even need to match the personal details on the linked BA account.
Once points are on a Nectar card, they can also be sent to an eBay account as credit. From there, the hacker could buy an item off themselves, using a 2nd eBay account which they also control. This would turn the eBay credit into real cash sitting in a PayPal account. Whilst a Sainsbury’s shop requires the hacker to be in the UK, the eBay route can be managed from anywhere.
Avios accounts are now less secure – not for any technological reason, but because hackers now know that there is an easy way of turning Avios points into pseudo-cash which cannot be easily traced. They will make more of an effort to access them.
Is there anything you can do?
Stick to the obvious and you will be fine. Keep your Avios account secure with a strong password which you do not also use on other sites.
(I can hear Rhys laughing at this point, since he knows that there are few people worse than me for setting weak passwords.)
If you rarely access your account, consider using a service such as AwardWallet to keep track of balance changes. Consider whether it is better having points sitting in Nectar or Avios from a security perspective. It is highly likely that you won’t have problems, but there are things you can do to help yourself.
How to earn Avios from UK credit cards (November 2022)
As a reminder, there are various ways of earning Avios points from UK credit cards. Many cards also have generous sign-up bonuses!
In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.
You qualify for the bonus on these cards even if you have a British Airways American Express card:
There are two official British Airways American Express cards with attractive sign-up bonuses:
You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points.
Run your own business?
We recommend Capital On Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, along with a sign-up bonus worth 10,000 Avios.
You should also consider the British Airways Accelerating Business credit card. This is open to sole traders as well as limited companies and has a 30,000 Avios sign-up bonus.
There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.
Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.