We have written before about how British Airways Executive Club account details are openly sold on the ‘dark web’.
However, whilst there is a market for your stolen log-in details, Avios has never been a big target for hackers.
Why? Because the options for spending your points if your account is hacked are slim. Not zero, but slim.
Unless you were planning to fly within hours, you’d be a bit dim to book a flight using Avios from a hacked account. Not only would you need to find a stolen credit card to pay the taxes, but you’d need to supply your real name for the ticket. The chance of being arrested at the airport is high.
The Avios hotel booking platform also carries risk. You could book a room under a false name from a hacked Avios account and turn up a couple of hours later. The risk of getting caught is lower, especially as getting the police on site would be harder than at an airport, but it remains too risky for most hackers.
The Laithwaites wine redemption offers are open to fraud if you hack an Avios account but you still need to provide a drop-off address for the wine. This route is also of no interest to hackers based outside the UK.
There is one factor which makes your loyalty scheme a target for hackers
I went to a conference on loyalty fraud a couple of years ago which was eye-opening. (If you work in loyalty, you might be interested in the Loyalty Security Association.)
You would never think of some of the things that go on. For example, in the Middle East, there are only a handful of surnames. This makes it easier to ‘share’ loyalty accounts.
In China, there are apparently criminal gangs who train people to get jobs at hotel reception desks in order to siphon off loyalty and payment information.
There is also a lot of scope for ‘fixing’ names on bookings due to common surnames and the trend to have a made-up ‘English’ name as a first name.
In general, though, loyalty programmes only become major targets for fraud when it is possible to transfer points into something close to untraceable cash.
For years, the weak spot was Amazon gift codes. Many programmes offered the option of redeeming points for Amazon credit. If your account was hacked, it could be emptied for Amazon gift codes within minutes. Those codes become virtually untraceable because they can be added to any Amazon account.
Over the year many programmes have dropped Amazon gift codes for this reason. I was surprised when Hilton Honors brought it back a while ago.
What has this got to do with Avios?
From last Monday, you can convert Avios into Nectar points. This article explains how to link your Avios and Nectar accounts and make transfers.
Nectar points are virtually as good as cash. You can swipe a Nectar card in a Sainsbury’s supermarket or Argos store and walk out with free items.
The details on the Nectar account do not even need to match the personal details on the linked BA account.
Once points are on a Nectar card, they can also be sent to an eBay account as credit. From there, the hacker could buy an item off themselves, using a 2nd eBay account which they also control. This would turn the eBay credit into real cash sitting in a PayPal account. Whilst a Sainsbury’s shop requires the hacker to be in the UK, the eBay route can be managed from anywhere.
Avios accounts are now less secure – not for any technological reason, but because hackers now know that there is an easy way of turning Avios points into pseudo-cash which cannot be easily traced. They will make more of an effort to access them.
Is there anything you can do?
Stick to the obvious and you will be fine. Keep your Avios account secure with a strong password which you do not also use on other sites.
(I can hear Rhys laughing at this point, since he knows that there are few people worse than me for setting weak passwords.)
If you rarely access your account, consider using a service such as AwardWallet to keep track of balance changes. Consider whether it is better having points sitting in Nectar or Avios from a security perspective. It is highly likely that you won’t have problems, but there are things you can do to help yourself.
How to earn Avios from UK credit cards (April 2021)
As a reminder, there are various ways of earning Avios from UK credit cards. Many cards also have generous sign-up bonuses.
There are two official British Airways American Express cards:
You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points, such as:
Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.
If you have a small business, we especially recommend Capital On Cap’s Visa card which comes with a generous bonus worth 10,500 Avios:
(Want to earn more Avios? Click here to visit our home page for our latest articles on earning and spending your Avios points and click here to see how to earn more Avios this month from offers and promotions.)