Last month I wrote a letter to the editor of Inside Flyer arguing that it was unreasonable for Award Wallet not to be able to track American AAdvantage account balances.
Randy Petersen had defended American’s decision in the August issue of the magazine, arguing that American’s position was consistent with their terms and conditions, they weren’t the first to do it (Southwest was), and it’s a reasonable move to protect member data.
I suggested that blocking Award Wallet from helping members manage their American AAdvantage frequent flyer balances was an unreasonable move because:
- Award Wallet wasn’t even storing member account data at all. They didn’t see American account numbers or passwords or mileage balances. Their browser plugin, which members downloaded, kept all that information on their own computers only.
- It reduces security when members aren’t watching their account balances closely. Award Wallet lets them easily see with a single click changes in their balances. Members check in every day and notice changes both big and small. As opposed to checking in less frequently on an individual program website, which displays current balance but doesn’t currently flag changes in that balance. You get better security by having more vigilant members who are likely to quickly notice anomalies. That’s the sort of system that’s robust and responds well to problems.
- It’s short-sighted, Award Wallet makes it easier for members to stay engaged in programs. And that means they do more business with those programs, credit more miles. Making it harder for members to access their data creates barriers between a program and its members.
Randy published my letter, and used the opening remarks of his September issue of the magazine to respond.
He and I disagree, but I thought it respectful — especially because he published my thoughts — to share his in return.
You mention trying to persuade me to “join the call” to let members manage their own data. What I find strange about this comment is that I’m pretty sure history shows I was the absolute first to make that call and still do. In fact, you likely weren’t even in high school when I first introduced a solution to help members manage their miles and data. What exactly were you doing in 1987? Fact is, I’m all for members being able to manage their own data or I would have never introduced the original Mileage Manager in 1987. And while I’m not big on this recent move by both Southwest and American, I do respect where they are coming from. I can assure you that in the original conversations I had with Southwest about their stance on this, the idea of a commercial agreement was not the topic of concern they spoke of–it was their members’ information security. Reading Ms. Rubin’s comments from the recent Milepoint chat, I can see that AA might be sensitive to a third party company having the ability to “profit” from their data. There it is, that ugly capitalist word–profit.
Now, concerning commercial agreements–to get access to any travel industry information and/or inventory, you must have a commercial agreement in place to utilize that data. Individual customer data is not freely available–companies must pay for it.
Granted, the amount of money required to get access to this member data may in many cases be a high hurdle to clear for the smaller startups, but frankly I see that as a positive. Here’s why. Over the past 20 years, I’ve seen more than 50 screen scrapers come and go with business models to help aggregate mileage and other types of loyalty balances with maybe two or three identified as “making it”. Gary, you are a CFO, what kind of business market is that? With the move toward commercial agreements, it likely will force this segment to become more accountable to their business model, and as well, more responsible to their customers. And I’m not saying I agree that this is the best solution, but if it brings some level of responsibility and protection for the members and their data, then I’m all for it.
I’m sure the reasons why AAdvantage has suggested a commercial agreement are complex, but the main reason is that they likely have spent a lot of time and money creating the membership data and why should they give it away? I know the reply … because it’s their customers’ data, not AAdvantage’s. I get that, but I think by and large that average members need some level of protection for what happens to that data if released by a loyalty program.
Here’s a really funny look at this situation, Gary, because you mention the issue of “terms and conditions to the detriment of their members” and, “members have to take extra steps to check their frequent flyer balances.” I visited two of the leading mileage aggregators today and here are excerpts from these third party companies’ own terms and conditions: “Your Membership is solely for your personal use, and you agree not to authorize others to use your Membership account …” and “While XXXX may show award expiration dates it is the user’s responsibility to verify expiration dates directly with the provider of miles/points”. I find it ironic that the very industry you are defending has the very same rules as the industry it does not want to honor. And to verify the information on a third party website, you are being asked to return to where that information came from.
Historically, all loyalty programs have been accused of jealously guarding their members’ data. But the suggestion from AAdvantage of a commercial agreement might mean that the program is working to become a gateway–becoming a more open model for those who wish to work with AAdvantage. Without realizing it, we may be witnessing the next phase of the customer–apps for everyone.
Gary (and all frequent flyers)–we are all on the same call, let’s respect their rules and concerns and work toward making it safe and responsible for all of us.
I do think Randy has credibility on this, he’s managed miles for large numbers of frequent flyers and helped them organize their account information and balances. And he clearly believes that the programs are on reasonable ground in taking steps to limit third-party website access to their members’ data.
I would simply again respond though that:
- Award Wallet stopped accessing American’s member data entirely. It was only the members’ own web browsers that ever held account numbers or balances or pinged the American Airlines servers. Randy doesn’t address this.
- Helping members to notice changes – both large and small – closer to real time is a huge boost to security. Members are much more likely to notice a breach of their information if they track their balances on Award Wallet than if they have to log in separately to an individual program website, and do so perhaps once a week or once a month or even less frequently. Randy doesn’t address this, either.
- While American may have the legal right to do what it’s doing, I am arguing that it is misguided – against its own long-term interest in generating member engagement.
Of course Award Wallet and other websites have terms and conditions, they don’t want to get sued — especially over things outside of their control like mileage expiration. Programs frequently behave in ways that run counter to their published procedures. If Award Wallet says miles expire in 18 months because that’s a program’s rules, and the program doesn’t actually expire miles in inactive accounts (hotel programs usually don’t adhere strictly to their rules in this area), someone might argue that they incurred unnecessary expense to keep their miles active and that that’s Award Wallet’s fault.
But just because we live in a litigious society doesn’t mean we have to be litigious ourselves. And a program’s terms and conditions aren’t a suicide pact, either, that must be enforced in the extreme. Award Wallet now does its best to police members who might add a ‘custom program’ where they enter the program name, account number, and balance themselves. They report being warned by American’s lawyers that they’d better not have any account numbers that even look like AAdvantage numbers in their system.
So while Randy and I agree on a great many things, we do disagree on this. But I’m genuinely honored he took the time to respond in-depth to my concerns and in such a significant way.
I’m with you on this one Gary. You’ve articulated some very well thought out and valid points to which I’ve never seen a direct counter-argument.
When I have a choice between airlines that are not my elite airline (or a partner), I realized I’ve been dragging my feet on booking American, just because I’m not sure where my FF# is at any given time.
+1
I also think it would be nice if there were a secondary password that could ONLY be used for account viewing and NOT for redemptions or account activity.
That would really reduce the security concerns companies like American and Southwest have and increase security for all concerned.
Apparently we should have gone long on Mileage Manager in 1987 instead of Microsoft.
After reading Randy since 1988, even when I disagreed with him, he was always right. His in depth research bears out the facts. Same can be said in this case.
Your valid point (IMHO) is that Award Wallet allows me to easily monitor for intrusions to my account. Although statistically, I’m sure that’s a number close to Zero.
Disclaimers:
I’m a long time fan of Randy, and I recently (finally) signed up for Award Wallet.
By the way Gary, I’m having issues with you needing to get the last word on things (Ben’s point valuation and the AA/Randy issue come to mind).
Well, since you asked us all – I am with Randy on this one.
While I agree it would be convenient if AA were on AwardWallet, that doesn’t mean AA are wrong to disallow it.
Nor does it mean that allowing access from AwardWallet is the 1st, 2nd, 3rd or even 50th most important thing AA can do for its customers right now.
Thanks for hosting the debate.
@ Jeanne. Its annoying for sure. But don’t let AA stop you storing your AA numbers where you want them: I have added all my family’s 5 AA numbers into Award wallet (so its in the same place as all the others) but as a custom program which needs manual updates. Awardwallet wont let you call it “AA”, so just call it something else 😉
@Scott That’s brilliant! Thank you, I’ll do that right now!
I have voted with my wallet (no pun intended). I have 2XX,000 miles in American and don’t ever actively track it. As a result I chose to fly other airlines that are part of my active points/status strategy. Would my patterns change if I saw those miles every day? Probably..
I find it a little ironic that I can have Quicken store my password for my bank account, but that I cannot have Award Wallet store my password for AA.
@Clayd33, +1
I switched from AA to CO now UA.
We are not in 1987 anymore. It looks like Randy likes being accepted in the “in” crowd at American and Southwest. He is really part of their propaganda program. It would seem that he has lost touch with the everyday guy and their struggles with trying to remember 35+ reward program account numbers and passwords.
Remember, when you put your AA mileage into Awardwallet, make to list the name of the airline as UNamerican Airlines. I wish I could take credit for this brilliant moniker.
If most every bank allows it with mint and yodlee, either it is just an excuse or they should step up their security.
Sounds like this Randy fellow has his head up his butt. Too many industry cocktail parties.
Ditto Stvr. When are we going to realize that Randy stopped having the TRAVELER’S best interest at heart YEARS ago.
I don’t often agree with Gary but I certainly do here. The fact that Randy may have a long history in the industry doesn’t make him necessarily right. Perhaps a bit of Stockholm Syndrome from hobnobbing with the industry bigshots too long.
As posted above, I store my bank account number on Quicken – that is FAR more valuable and sensitive than any mileage program.
I have a lot of respect for Randy, but lean towards Gary on this one. I don’t think either position is a slam dunk case, even as a biased (and happy) AwardWallet member. I think if I knew AA was working to a solution on this in some transparent way, I’d be fine with it. But, it’s very unclear from the information we have at hand to tell if they are working towards (or away from) a solution.
The suggestions above, like a secondary password for read-only access, make sense, but at what cost to AA? I would agree with AA if there were significant costs associated with protecting the data in the way they want.
I suspect the process will stay opaque at best.
It’s no secret that Randy panders to the airline loyalty programs. His position on this one is not defensible from a traveller’s perspective.
Some odd comparisons going on here.
Quicken is hardly the same as award wallet – this is a bit like comparing Jon’s Old Model Airplane Shoppe to Singapore Airlines.
On a related note, I wanted to put my bank account password into a program I bought for free called UncleTomsFancyWalletGizmo. It’s all online and they told me it’s safe, and I believe them.
Unfortunately while Citi do partner with Quicken, they don’t partner with UncleTom.
I don’t know where Citibank get off. If I think Uncle Tom is safe and the right partner for Citi, where the hell do they get off having a different opinion? They don’t even have a right to an opinion on their “business model” or their “risks”. Those big words are just a lame excuse for them not doing exactly what I tell them.
I guess it is in AA’s right to be AAnnoying and not let AwardWallet use their data, BUT WHY ON EARTH CAN’T YOU A LOG IN AA.COM WITH A USER NAME OR EMAIL!
SInce AwardWallet doesn’t store my AA number anymore, I have to go into my email and find my number every time I need to log into AA.
Almost every other airline allows you to use something other than your FF# to log in.
It is time for AA to follow suit.
@Frequent Flyer University: Get a program like 1Password that stores all your usernames and passwords and fills them in for you with a simple keystroke. It generates random passwords for you, too, so every site can have its own password.
You’re right. Randy’s way off on this. I am actually very puzzled by his defense of AA. AA has always claimed this was a security issue, but it is providing this same data to Points.com and I seriously doubt that site’s security is any better than Award Wallet’s. Clearly the only motivation for not allowing Award Wallet members to access their OWN ACCOUNTS through whatever method they like, is money.
@scott, you cannot put http://www.aa.com as url as awardwaller will refuse. Its good to know your balance but, you cannot program a semi auto touch process to go directly to your account…
I think it’s up to me to determine the amount of security I want to assign to “my” accrued AA miles!
If I chose to let Award Wallet be my “watcher” of my AA points, then I, and I only, will give Award Wallet my password to access my AA data! Is this not my choice?
I think this is a “control” issue of Citi and American!
Being in any business or industry way before many doe not mean a thing, I can be a newbie today and in a year know 10x what this Randy guy knows,many of these bloggers or inside flyers are in it for free giveaways and $$$$, as in any venture do your own research, learn as you go .
I am with you on this one Gary, i think Randy is way off with his reasoning, i myself do not pay attention to what he says anymore.
As I would say to Citi, “Who’s the customer here?” Who pays the CEO of Citi million per year? Yep, it’s you and I!
@Daniel – agreed. I just manually update my balances for AA in awardwallet. But, at least it stores all the numbers in one place. I don’t carry any FF cards ever, but do keep my 90+ account numbers on awardwallet, whch is always available in one place on the phone app.
Randy’s argument is long winded and rambling as usual. Sure sounds like an old man suffering from Dementia!
So now in the course of a week you’ve beaten up a kid and an old man, lol!