Fraud-Proof or Member-Proof? Unpacking New American Airlines Phone Redemption Policies

American Airlines is imposing new hurdles for identity verification when redeeming miles over the phone.

  • Redemption can only be done by the member, not someone calling on their behalf. That means, officially, you cannot delegate redemption to an executive assistant or a spouse. (In practice you can delegate to someone who sounds like they’re same gender probably as long as they know enough about you.)

  • To redeem, the caller has to have your name and account number; mailing address listed on the account; email address in the account; andrecent account activity details

  • This information is also required before they will release any information about the account as well.

You can get all of this information from an account on the American Airlines website. That means it’s information you have access to if you have the account number, last name, and password. In fact, agents tell the caller to look up the information online if they do not know it. And most fraud happens online. So I’m not sure how much this will help.

Here’s the internal memo:

In the scheme of things, probably a minor inconvenience in redeeming your miles. Do most people who aren’t super-engaged in the AAdvantage program know their most recent transactions credited to their account? It’s not hard to get, but that also means someone needs to know their account password (the fact that they don’t engage regularly online may be both why they do not and also why they’re calling in the first place) so they’ll need to recover the password in order to use their miles but without doing a lot to deter fraud which is mostly going to happen through compromised credentials in the first place.

And the optimal amount of fraud is not zero. It’s possible to build systems that are fraud proof, imposing processes that ensure no miles are redeemed that shouldn’t be but in the process also ensuring that no miles are redeemed. So short of that it becomes a balance between making the program easy to engage with and limiting the cost of fraudulent redemptions. Programs need redemptions because redemptions drive accrual. If the redemption experience is a poor one, members won’t continue to earn. If it’s a good one they’ll earn at a higher rate (in the aggregate).

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »

Comments

  1. Faux security designed to make them feel better. Feels like 2007.

    Why not launch real 2 factor MFA supporting authenticator or authy or passkeys ?

    As long as not as Terrible as Marriott Bonvoy that forces 2F every time I log in. Even Chase / Amex / Citi don’t do that !

  2. The only part of this that sucks is the inability to delegate. The rest is legit, from a security perspective.

    Hopefully they identify a way to allow spouses or other trusted persons, with pre-approval, to redeem miles in the near future.

  3. I’m curious, would you chance a 45 minute connection at DFW on a late flight midweek for a connection on AA (last segment would be to PHX) ?

    I see an award flight that fits my schedule although 45 minutes seems risky. While I would prefer not to miss the flight and get stuck overnight I guess I could use Chase SR trip delay money to get a hotel for the night.

  4. AA striving hard to reinforce the age old customer service motto….
    ~ There has gotta be a tougher way ~

  5. To Rich,

    45 minute connection time…
    That’s akin to playing Russian Roulette with 4 or 5 live rounds in a 6 chamber revolver.
    Not for me, anyway. AA has managed to not make 1:45 minute connections, in my past experiences. Since it’s almost inevitable to have something amiss in the last 10 years or so.
    AA is certainly not the Lone Ranger… just the airline I usually fly due to routes that fit where I want to go. And DFW at that. Personally I wouldn’t chance it.

  6. I’ll channel Tim Dunn and say that Delta is better than this..

    Recently they changed some flights on my daughter and me. I gave her my confirmation number and FF number and thry handled it over the phone in a matter of minutes.

    Sorry but we fly together almost 100% of the time and to have both of us trying yo call in would be a waste of time.

  7. This should work splendidly when you need to call and redeem/change a booking for your minor child…what could possibly go wrong?

  8. This would be more reasonable if all requests could be done on the website to begin with (I suppose chat technically is online). If you’re going to require people to essentially log in, just let me do everything online.

  9. Have noticed that suddenly the search engine functionality on routes served only by partner airlines suddenly doesn’t work and times out without returning any results. It was working quite nicely up until a few weeks ago.

  10. @rich – it is risky, the question is how badly constrained you are and the consequences of a misconnect.

    Traveling early in the day is usually better. Weather (thunderstorms) shut down DFW. Missing last flight of the day means an overnight. Do you absolutely have to be where you’re going? Can you fly earlier in the day? These are all, always tradeoff considerations.

  11. Aeroplan has a better way to deal with phone fraud. 6 hour hold times, or just don’t pick up at all.

  12. This won’t work. Someone will call AA, AA will question their validity because they don’t sound like a he/she based on the name of the AAdvantange account.

    Said person will record the call and blast AA on social media for being transphobic because Mike is now Michelle even though his voice is deep.

    Social media will either rally around said person or express distate for their existence, but either way it’s game over before it even starts.

  13. This will make it extremely difficult for me to help my mom redeem the miles she inherited when my dad died if it requires a phone call. No way she makes that call as she has me manage her loyalty accounts.

    Likewise, my wife loves to enjoy the perks of miles & points by only flying long haul with a flat bed but she absolutely detests having to speak to anyone on the phone. Therefore I always call in to make any reservations, adjustments, changes, etc. At times I’ve just used her phone and pretended to be her hoping that they won’t challenge me.

    I wonder if they will still allow her to come on the line to “verify” and authorize me to handle it and then let me handle it from there. In the past several airlines/hotels have allowed that.

Comments are closed.