A man pled guilty today and is expected to get probation after scamming American Airlines out of $160,000 in tickets paid for with gift cards.
Billy Schwarze booked travel for friends and family. He bought gift cards to pay for the tickets, and then refunded the tickets – to his own credit card. This cost American $160,000 “and his friends and associates..$20,000.”
William Joseph “Billy” Schwarze, 27, told people that he was affiliated with a travel agency and was planning to open his own travel business, prosecutors said. He referred to himself online as a travel agent who had “elite airline and hotel statuses,” and claimed to log “about 200,000 flight miles a year. My background allows me to optimize airline and hotel customer experience programs to build exceptional travel value for you,” his plea records quoted him as saying.
In reality, Schwarze was exploiting a glitch in American’s computer systems. From January 2016 through October 2018, Schwarze bought gift cards online using his personal credit cards, then used those gift cards to buy airline tickets for family, friends and associates to travel across the globe, Assistant U.S. Attorney Hal Goldsmith said in court.
Apparently the glitch, that’s since been fixed, let cancelled tickets credit back to a credit card – rather than splitting payment back to non-refundable gift cards. I imagine that after buying the ticket with a gift card he’d reissue the ticket, paying an additional charge with a credit card, and then when he requested a refund the American Airlines system only saw the card as source of the payment.
Thanks to this glitch Schwarze “bought 690 gift cards online using his credit cards, in amounts ranging from $50 to $150.” He also earned miles on those purchases.
Surprisingly the prosecutor will recommend probation as part of he plea, along with repaying the claimed $180,000 in losses. That suggests to me that there’s more to the story – either a weaker case than imagined, or details of the story the government or airline would prefer not get out.
On the other hand it’s possible that in exchange for his plea he’s provided information on others. I believe he was a member of some of the Facebook groups that I’m in, and I’ve heard about his offers for discounted airfare and now wonder whether anyone I know will get further caught up in this. (I haven’t to the best of my knowledge had interactions with him myself.)
American might consider trying something like United or like Hyatt with a bug bounty program. Of course at the beginning of the year, before the global pandemic, American was pushing over $60 million worth of sales through its website a day so they may just consider $160,000 in losses to be rounding error – and getting the services of law enforcement and taxpayers free rather than investing in proactive IT fixes to avoid these losses in the first place is probably cheaper.