Maximise your Avios, air miles and hotel points

Avios theft – hackers cancel your redemptions to boost their haul and BA won’t reinstate

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

Two weeks ago we wrote about the experience Rhys had when a hacker got into his brother’s Avios account, which was part of a family account including Rhys, and drained over 500,000 Avios from family members.

British Airways reinstated the Avios and all was good.

If you thought this meant that you could rest easily about Avios security, because BA will see you right, I’ve got some bad news.

It appears that the people who hack into Avios accounts are smarter than you think.

I have heard multiple reports of hackers checking the account to see if any unflown Avios reward bookings are in place.

If the hackers find reward flights, they cancel them.

Why? It’s simple. British Airways returns the Avios to your account immediately. The hacker now has a larger pot of Avios to steal.

Now, as Rhys found out, British Airways will return the stolen Avios to your hacked account. It doesn’t have to and you should be grateful that it offers this as a goodwill gesture.

However, it appears that British Airways will NOT reinstate Avios bookings which have been cancelled.

You will, for clarity, get the Avios from those bookings returned to you. Unfortunately this isn’t much help if you had made a redemption many months ago and have little chance of finding replacement seats.

To quote one of the comments to our original article:

One of the most worrying things I saw on a Facebook group was how a few accounts have been hacked and their existing reward flights cancelled to obtain more points to withdraw fraudulently.

BA refused to reinstate the flights once the Avios were returned, as presumably the reward availability was no longer there. This devastated one couples holiday which from memory was roughly 10 days away from when the account was hacked.

In response to this another HfP reader wrote:

Yes, my colleague had this. Luckily their flights were reinstated as there was availability, but he was told otherwise it would be a no.

So …. don’t let the knowledge that British Airways will reimburse your stolen Avios stop you from beefing up your account security.

Whilst your Avios will be returned, you are still at risk of losing any redemption flights on your account.

PS. It’s worth noting that, for household account members, a flight can only be cancelled by the original booker. No-one else in a household account, or any other passenger on the ticket, can initiate a cancellation. This gives you a little more protection.

If you are the only person who ever books from your household account, your existing bookings are not at risk if another member is hacked. This was good news for Rhys, since he was two weeks away from heading off to New Zealand with three family members when his brother had his account compromised.

PS. If you are not a regular Head for Points visitor, why not sign up for our FREE weekly or daily newsletters? They are full of the latest Avios, airline, hotel and credit card points news and will help you travel better. To join our 65,000 free subscribers, click the button below or visit this page of the site to find out more. Thank you.

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2025)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

Get 5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

30,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on the ‘free for a year’ American Express Preferred Rewards Gold card is increased from 20,000 Membership Rewards points to 30,000 points. Points convert 1:1 into Avios (30,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

SPECIAL OFFER: Until 27th May 2025, the sign-up bonus on American Express Platinum is increased from 50,000 Membership Rewards points to a huge 80,000 points. Points convert 1:1 into Avios (80,000 Avios!) and many other programmes. Some people may see even higher personalised offers. Click here to apply.

American Express Preferred Rewards Gold

Your best beginner’s card – 30,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

80,000 bonus points and great travel benefits – for a large fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, and the standard card is FREE. Capital on Tap cards also have no FX fees.

Capital on Tap Visa

NO annual fee, NO FX fees and points worth 1 Avios per £1 Read our full review

Capital on Tap Pro Visa

10,500 points (=10,500 Avios) plus good benefits Read our full review

There is also a British Airways American Express card for small businesses:

British Airways American Express Accelerating Business

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

50,000 points when you sign-up and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Category

British Airways and Avios

Comments (185)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • FCP says:
    21 Feb21 February 05:33

    “So …. don’t let the knowledge that British Airways will reimburse your stolen Avios stop you from beefing up your account security.”

    Any suggestions how? Are you just meaning ensure a strong password?

    • PeteM says:
      21 Feb21 February 06:27

      A password manager (like 1Password) would be a good start + 2FA via your mobile or the password manager.

      • James says:
        21 Feb21 February 07:22

        why, thats one source waiting to be hacked, in fact if 1password makes it easier to get hacked

        • Mark says:
          21 Feb21 February 08:57

          Because a decent password manager is designed for one purpose: to securely store your unique, random passwords for every site using zero knowledge encryption meaning that even they cannot tell you what your master or site passwords are in the event of you forgetting your master password, nor can they reset it. It’s not inflatable – you need to start with a strong master password, and if someone does manage to steel your encrypted password vault then in theory it could be cracked by brute force with a lot of time/compute power. However if anyone is using common passwords across sites, variations on a theme, even writing passwords down there is absolutely no comparison in terms of the security a password manager provides. I’d be interested to hear what other suggestions people have for better securing passwords in a way that doesn’t compromise their own access to their accounts.

        • Richard says:
          21 Feb21 February 10:04

          To back up what Mark says, I’m an information security professional and I evaluated 1password in detail a couple of years ago.

          The key thing to understand is that 1password themselves never see the information necessary to decrypt your passwords. So, even if someone managed to steal all the data that ever passes through 1password’s servers, it would be of no use to them.

          To decrypt the passwords you need two things: a “secret key”, which lives on your own device (e.g. laptop), and a “master password”, which ideally should live only in your own head. In case you lose your device you are also prompted to create an “emergency kit”, which is basically a printout of your secret key and which you can keep in a safe place at home.

          Realistically, the only way an attacker is going to get past all this is to hack into your device for a reasonably sustained period, so they can both steal the secret key (and the encrypted passwords themselves) AND watch you typing in your master password. While this is possible, if they have that kind of access, you are probably stuffed anyway.

          Nothing in life is completely free of risk, but using a password manager is much, much, MUCH less risky than any other practical approach.

          Footnote: all of the above applies to personal or family accounts with 1password. For business accounts things are slightly different, because there is a way for administrators to reset the user’s master password. It is cleverly-designed, but a malicious administrator (in your own company) with sufficient access to IT systems could break into your password vault. So I wouldn’t store my own personal passwords in my employer’s 1password system, even if company policies allowed that.

          • Roy says:
            21 Feb21 February 15:16

            I second the recommendation for 1password. It has the best technical design IMO – or at least did, when I looked at it a few years ago.

          • CarpalTravel says:
            21 Feb21 February 18:52

            @Richard – that is a great write-up. I use Bitwarden, I don’t suppose you happened to review that too did you? I’d be interested to know your thoughts.

          • Roy says:
            21 Feb21 February 22:10

            I’m not the person you’re asking, but my opinion: I think Bitwarden is decent, but it’s broadly modelled on the LastPass architecture – although I’m not at all saying it’s at risk of the same compromise that LastPass suffered – just that the 1password architecture is better.

            I like 1password because the team behind it is obviously smart – they write papers describing the architecture and the architecture is IMO excellent. (Of course, the architetcure of open source projects like BitWarden is also transparent – this is more a comparison to other closed source password managers).

            Compared to most other password managers (including BitWarden), I like the secret key that is mixed in with the passphrase during key derivation. It’ was implemented to ensure that a compromise of 1password’s systems cannot in any way impact your security, but it also reduces your exposure in the event that your master passphrase is compromised (e.g. by shoulder surfing). I like the fact that the browser extension minimises the exposure of the password database to the browser by talking to an external process that accesses the database, rather than implementing the database access in the browser extension. It’s a small thing – ultimately if your computer is compromised you’re probably in trouble anyway – but it’s a sensible design decision to minimise the attack surface. Basically I like their approach, and (this is highly subjective) based on the technical documentation they have released, I have a high degree of trust in their competence.

            I don’t by any means think that BitWarden is a bad option, but if you’re willing to pay the (small) monthly subscription, I do think that 1password is a better option.

            All IMO, and based on research I did a number of years ago, that may not be completely current.

      • memesweeper says:
        21 Feb21 February 09:48

        Bitwarden is a superb password manager and is free. Works on iPhone, Android and desktop PCs (with a browser plugin) and you can access all your passwords through a website, which is handy if you have a work PC and installing extensions is blocked.

        I know people think keeping passwords in a password vault is dangerous, but the alternatives are worse. Nobody can remember a thousand different passwords, so people use the same ones, or similar ones. If one site is hacked, all their accounts are at risk.

        Bitwarden generates passphrase instead of passwords if you want, so instead of

        24sd8@£$39e23rr$0fjr98u34t

        as a password (which is impossible to type or read aloud) you get something like

        Horse-7Battery-Staple

        which, in the unlikely event you need to type it out, is easy to do. And yes, this type of passphrase is sufficiently secure to the UK NCSC standard.

        The Bitwarden company cannot read you passwords and their plugins are open source and audited for adequate security.

      • CarpalTravel says:
        21 Feb21 February 19:01

        What I don’t think has been mentioned as a huge benefit is the “data on death” scenario. If I die things will go a lot easier for my family/executor if they can access all the relevant information. Better than having it all listed in an XLSX…

        Bitwarden premium has an Emergency Access feature for this.

  • Crisisguy says:
    21 Feb21 February 06:07

    And yet British Airways don’t make it very easy for us to secure our accounts. I can’t activate two factor authentication on my account – all I can do is have a secure password that’s not shared elsewhere.

  • meta says:
    21 Feb21 February 06:09

    If BA has such a weak IT, it’s their problem. I would take them to court if they wouldn’t reinstate an Avios booking especially because it’s not just Avios but real cash involved. I would be pretty confident to win it.

    It is BA’s responsibility to ensure the safety of your account. It seems it is so weak that even 2FA, facial/fingerprint recognition can be bypassed.

    • NorthernLass says:
      21 Feb21 February 06:16

      I don’t know where customers would actually stand here, @meta, because the avios belong to BA. As Rob points out, technically they don’t even have to reinstate them. It could be that a court would say that your only loss has been any cancellation fees incurred.

      • JDB says:
        21 Feb21 February 06:22

        The terms that suggest the Avios belong to BA and only have a nominal or no value are there for purely technical reasons and a court will look at the real or underlying nature of the transaction. I suspect BA would settle before the case got very far, but it would require the passenger a bit of savvy and take time.

        • mhughes says:
          21 Feb21 February 09:39

          and likely by the time it gets to a resolution the flight might well now be in the past, so it wouldn’t be much of a victory.

        • meta says:
          21 Feb21 February 10:10

          Exactly my point. BA does not want to test validity of their Avios T&C in court. It would be very easy to prove that cancellation was made by fraudster with IP addresses and all. You just need to request right documentation from BA via SAR.

          It wouldn’t take long, but probably longer than the usual MCOL case.

      • BJ says:
        21 Feb21 February 08:12

        Does this matter though, the customer has paid cash and avios for a flight and BA has entered into an agreement to provide it. Surely if BA security failings are the cause of loss of that flight then under the agreement they are still responsible for getting the customer(s) from origin to destination under the terms of that agreement? Isn’t that what @meta would be testing in court? IMO the availability of avios seats or even BA (or other operating carrier) seats should be irrelevant because the contract is to get the customers from A to B and it is that which is lost; recovery of loss could be on any carrier with revenue seats available.

        • Andrew says:
          21 Feb21 February 09:23

          The difficulty comes from proving that “BA security failings are the cause of loss of that flight”. BA will provide evidence that the vast, vast majority of their accounts aren’t subject to fraud, that they’ve been open in the past when they’ve suffered breaches and that your specific account was not subject to a breach on their end. BA will probably even be able to produce evidence showing all of the other websites where the customer’s email address was subject to a breach. It’s going to be very difficult to prove that, on the balance of probabilities, the breach was down to BA’s failings rather than the customer reusing passwords, logging on on shared machines, using dodgy wifi networks, using AwardWallet or any myriad of other possibilities.

          • memesweeper says:
            21 Feb21 February 09:51

            If you are able to prove (balance of probabilities) that the cancellation was made by a fraudster not you then BA have to reinstate. The law does not permit a company to exit a contract because a non-participant impersonated someone and purported to cancelled or change the agreement.

          • Andrew says:
            21 Feb21 February 10:56

            It all depends how that fraudster got the information to be able to impersonate you. BA would show that they took all reasonable steps to secure your account and that there’s no way they could have known it was a third party cancelling the booking rather than you.

            Clearly if you published your BA username and password on social media it would be you who was responsible for any fraudulent activity and not BA.

    • masaccio says:
      21 Feb21 February 06:23

      Would that practically help you? It would take time to get into court by which you could well have passed the point where you missed the flights. So you still need to rebook and claiming the cost of new flights seems quite a stretch.

      • NFH says:
        21 Feb21 February 07:09

        You would probably need to make an expensive non-Avios booking to replace the cancelled Avios booking, and then issue a County Court claim for the non-Avios booking The issue here is that the cost would in many cases be more than the £10,000 limit of the Small Claims track with the result that the successful party could recover their legal costs, including expensive representation by counsel, from the unsuccessful party.

        I wonder whether it’s possible to claim for cancellation under EU261.

        • JDB says:
          21 Feb21 February 07:19

          You are best anyway to make one claim per passenger and then join the cases, so the £10k small claims track limit should be fine. CEDR has a limit of £10k per PNR.

          EC261 cancellation wouldn’t be relevant as it refers to cancellation of a flight (with a specific definition). You could try turning up and claim denied boarding but that might be a bit silly.

          • NFH says:
            21 Feb21 February 08:11

            The passenger is going to turn up for the same flight anyway, first using the original Avios booking reference, which BA would reject as cancelled, and then using the later non-Avios booking reference. On what basis would an EU261 claim for denied boarding not succeed?

          • JDB says:
            21 Feb21 February 08:21

            @NFH – you can’t claim denied boarding for a flight you travel on! Again, as with cancellation, it’s not about the booking.

          • NFH says:
            21 Feb21 February 08:25

            @JDB – you can claim denied boarding if an airline denies you boarding on one booking reference (or tells you in advance that it will deny you boarding) and therefore you have to buy another ticket on another booking reference. I’ve issued a County Court claim for this scenario in the past, and the airline settled.

          • JDB says:
            21 Feb21 February 08:40

            @NFH – that’s ridiculous and frankly lacks credibility particularly in view of how check-in systems work. BA’s defence would be so simple. It also makes no sense because if someone is going to go to the lengths of making these sort of fantasy, they would certainly have had the nous to resolve the underlying issue anyway.

          • NFH says:
            21 Feb21 February 08:53

            @JDB – No, it’s not fantasy. I’ve issued a County Court claim where an airline cancelled a booking, notifying us in advance that boarding would be denied, and so we had a make another booking. I had professional legal advice, and the eventually airline settled the claim after filing a weak everything-is-denied defence. It has nothing to do with how check-in systems work, but how the law works. It is not fantasy but reality.

      • BJ says:
        21 Feb21 February 08:17

        For me it is all down to how I value my time and as a result I’d personally only push so far. It has become apparent here in recent years that some are driving by the provides and admirably so, and will always pursue matters toba conclusion.

    • Paul B says:
      21 Feb21 February 07:18

      Is there any evidence that BA security is so weak that “even 2FA can be bypassed”? (Genuinely interested, not trying to stand up for them). Almost all of the stories one hears of hacking like this comes down to the individual having reused the same password as they use for BA elsewhere and not having 2FA, or the individuals email account being compromised and not having 2FA enabling the BA password to then be reset. Neither exactly failings on BA’s part.

      • BJ says:
        21 Feb21 February 08:29

        Well , read the article by @Rhys … seemed to me they were more concerned about protecting the hackers privacy than addressing Rhys’ loss. I’ve got the same experience personally with bank and cc fraud and it’s maddening.

        I think there are serious issues industry-wide, it always struck me that security of MMB in particular is a total farce. It would be so simple for anybody with a mind to do so to create travel chaos with MMB.

        • memesweeper says:
          21 Feb21 February 09:56

          This weakness in PNR protection is not unique to BA and has been flagged by many security researchers and official bodies. I know of no initiative to add authentication to PNRs on any of the “big three” GDS systems sadly 😕

        • Rui N. says:
          21 Feb21 February 11:03

          When Ben at One Mile at a Time started to become famous, people would check his blog for his upcoming trips (where he would say “I’m travelling on BA First JFK-LHR on Friday!”), then call the airline to cancel his flights.
          That’s why he now only gives concrete details about his travels after they happened.

    • James says:
      21 Feb21 February 07:24

      why? the article says the booking wont be reinstated but if the hacker cancelled and did so with the intention of getting the avios returned and stealing a bigger pot, then why are you complaining? you will get those avios back, if its a valid fraud claim

      • Throwawayname says:
        21 Feb21 February 13:03

        Why on earth would you want to confuse matters by purchasing the flight they’re not letting you change? You just buy a ticket with another airline and submit a claim for the cost. I have done it twice, not only did I get the cash both times but there were no queries whatsoever about whether I was denied boarding, whether I should’ve booked a less flexible fare etc.

  • NorthernLass says:
    21 Feb21 February 06:11

    Presumably anyone this happens to is also going to be out of pocket for any cancellation fees incurred? If they had several award flights cancelled this could run into £00’s.

    • JDB says:
      21 Feb21 February 06:17

      If that happened, it would be the least of your worries…

      • VinZ says:
        21 Feb21 February 06:55

        Well yes and no. I have reward flights from now until January next year. It would be £100’s and if they refuse to reimburse that’s also concerning. But yes, as you said I would take them to court.

        • James says:
          21 Feb21 February 07:25

          your spending 100,000’s of avios without travel insurance…?

        • BJ says:
          21 Feb21 February 08:38

          The issue was not getting the cash associated with booking back but the other losses that might be incurred if one cannot travel as planned. I am not sure where travel insurers generally stand in relation to consequential losses resulting from fraudulent activity in one aspect of the travel plans.

  • Andrew J says:
    21 Feb21 February 06:17

    Yet another reason to stop collecting Avios and spending them on flights.

    • Charlie says:
      21 Feb21 February 06:37

      Exactly this. When points are being peddled and people – me included – are paying £x000’s for them, if they are not treated like cash by BA or Virgin then it’s time to regulate their Bloody Awfulness and the Bearded one’s dodgy taxi operation. These aren’t Green Shield stamps or Texaco stickers waiting to be redeemed for a Gloria Estefen CD.

      • Ken says:
        21 Feb21 February 08:39

        They’re really not that different from Green Shield stamps… collect enough and you could get a Ford Escort

    • VinZ says:
      21 Feb21 February 06:56

      This is just silly tbh.

      • JDB says:
        21 Feb21 February 07:24

        Yes, it is silly! People also get money nicked from banks with supposedly high security or have credit card fraudulent transactions. It happens and it gets resolved as long as the account holder is innocent.

        • Andrew J says:
          21 Feb21 February 07:34

          Although the article suggests it won’t get resolved. And if the aim is to spend them on flights and stay up half the night booking them a year in advance to then have the flight cancelled without them being rebooked, means, as I said, best not to spend them on flights.

        • Matarredonda says:
          21 Feb21 February 07:52

          And that is the rub as BA will reinstate the points so more than likely legally they have met their obligations. If the flight is full they can’t reinstate as no room.at the Inn as the dating goes.
          Security and all the hoops required to jump through has become a nightmare.
          A friend of mine who worked for a Bank in security said unfortunately hackers are always two jumps ahead and in all honesty we, the punters, are frequently at fault for not using a different password for every account we have.

        • Paul says:
          21 Feb21 February 10:01

          Its very different.
          Avios belong to BA (in my view this is ludicrous and should be stopped) Money in the bank is mine!
          Moreover it is for the bank to prove that the fraud was committed by me. For example if my card is used at an ATM using my PIN, the bank must still show that the transaction was undertaken by me or that I deliberately and willing provided the thief with the means to access my account.
          By not reinstating a booking BA is behaving disgracefully.

    • BBbetter says:
      21 Feb21 February 07:38

      Yes, convert to nectar which has better security! 🙈

      • Spurs drive me madvt says:
        21 Feb21 February 08:34

        You know you can lock your nectar account now, so points can’t be spent? No idea how successful this will be but a step in right direction. Started last week I think. And no doubt hackers will find away round but as someone who had £600 worth of nectar robbed any deterrents are better than none.

        • Mark says:
          21 Feb21 February 09:05

          Except that if someone hacks your Nectar account they can unlock it. The lock only provides protection against someone turning up in store with your Nectar card number and redeeming your points.

          • sayling says:
            21 Feb21 February 10:28

            I don’t believe the loss of Nectar points is, in the main, down to account hacking.

            From what I’ve seen/ read/ experienced, it is mainly Nectar card impersonation – no account access required

      • JDB says:
        21 Feb21 February 09:01

        Or put some money into Revolut or some other fintech for it to vanish. Dozens of FOS cases with very mixed success.

    • BJ says:
      21 Feb21 February 08:42

      I used to maintain a 24 month cushion in my balances but I’ve let that slip and feel happier having done so.

    • Inf says:
      21 Feb21 February 17:27

      Too true……along with shameful loyalty system devaluation, their beyond-a-joke IT system with negligible security, it’s a wonder they have any loyal customers ! As many have said on here, try to change you password……..just a basic function, and you’re met with blank screens, error codes, bad request messages, and in frustration you just simply try and sign out……and that even becomes a flipping click fest !!! Wow, just embarrassing BA ! Yet again.

  • Lili says:
    21 Feb21 February 06:18

    Out of all the options for collecting Avios that allow back and forth transfers with BA, does any have a properly functioning 2FA? BA’s 2FA is an absolute joke (starting from the fact that it doesn’t even appear in the account and you can’t set it up unless you’re lucky to get an email to do so, it’s impossible to reset/change, app-based auth doesn’t work, and there are multiple reports from people being locked out of their accounts with customer service taking weeks of repeated calls before situation is resolved).
    I’m thinking it may be wise to move avios to a better home, at least until they are actually needed – doesn’t help with redemptions, but at least would prevent what happened to Rhys.

    • Charlie says:
      21 Feb21 February 06:45

      Finnair have – at what seems to me – a decent system in place in terms of security, and a far better website in general. But unless you are booking one of the better priced AY redemptions, or adding a complimentary group one connection, you’d still book using BA for better cancellation terms and better BA availability if gold, although I find this is nowhere near as widespread as it used to be – incidental evidence and all that.

    • VinZ says:
      21 Feb21 February 06:58

      Probably Qatar? Seems a better site to me with much stronger security.
      Oftentimes I log out of my BA account because I manage a fee, and when I click on log in I’m automatically logged into my account without any password etc. it’s annoying and worrying. I have to repeat the process multiple times before I’m actually logged out and can log in again.

      • Bagoly says:
        21 Feb21 February 07:10

        But if something goes wrong at Qatar and you have to call their Customer Service, BA will seem good!

      • S says:
        21 Feb21 February 08:35

        Annoying, but you are more likely just not being logged out at all, rather than ‘automatically logged in’

  • observer says:
    21 Feb21 February 06:30

    “It doesn’t have to and you should be grateful that it offers this as a goodwill gesture.”

    I have no doubt that this is BA’s position, but even if you assume this is technically true — which I’m not so convinced — I can’t imagine ever feeling “gratitude” at a program that wants to take that position.

    • Throwawayname says:
      21 Feb21 February 13:09

      There’s a binding contract and they have to make good for losses caused by their failure to comply with s. 49 of the consumer rights act 2015 (which obliges them to deliver services with reasonable care and skill).

  • Swiss Jim says:
    21 Feb21 February 06:32

    On a similar point to @Lili, wondering if it makes sense to hedge your bets and split large balances across BA, Iberia, Qatar & Finnair. All under different passwords.

    BA’s approach does seem outrageous though. No surprise there…

    • JDB says:
      21 Feb21 February 07:10

      The problem is that you have far better recourse(s) in this country vs BA if anything does go wrong.

    • Mikeact says:
      21 Feb21 February 08:44

      So, which OW carrier has the best security, and I’ll move my substantial amount over today, and move them back again for any redemptions ?

      • memesweeper says:
        21 Feb21 February 09:59

        As @JDB notes, getting redress from BA might be easier.

        Of the Avios family of airlines, Finnair has the better IT protections based on my observations as a customer, but that is no assurance of anything.

    • Throwawayname says:
      21 Feb21 February 13:13

      When I had to sue Finnair, they got some senior admin person (neither legally qualified nor based in this country) to draft a defence which didn’t address about 60% of my claim, then paid up a couple of weeks before the hearing (earning me a cool £100 for having booked half a day’s annual leave to attend).

This article is closed to new comments. Feel free to ask your question in the HfP forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

Get 25,000 Avios with the Barclaycard Avios Plus Mastercard

GET A SIGN-UP BONUS OF 18,000 VIRGIN POINTS!

Latest Forum Posts

Get 80,000 bonus points (worth 80,000 Avios) and £400 of dining credit with The Platinum Card (Offer ends 27th May)

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get up to 10,000 bonus Hilton Honors points

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? GET THE ONLY FREE SMALL BUSINESS CREDIT CARD WHICH CAN EARN AVIOS

Get points worth 30,000 Avios with 'first year free' American Express Gold (ends 27th May)

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!