In this post:
Up to 50% off luxury hotels with Barcelo
Barcelo has a wide range of hotels, from the luxurious Asia Gardens in Spain, which is a member of Leading Hotels of the World, and the Royal Hideaway resorts, to more standard 4-star Barcelo properties, which tend to be modern hotels of a decent standard.
There is another good discount offer for up to 50% off if you are a member of My Barcelo, their loyalty program, which is free to join. You get 40% off in the sale and then can use a code for an extra 10% off. To take advantage, log into barcelo.com and use the code 25HDAYS10.
The offer is available for hotels worldwide with a minimum 3-day stay in Latin America. Stays are mostly non-cancellable, but check the terms for each hotel. Some hotels may request a 10% deposit.
You 25HDAYS10
Avios fraud update
The number of reports of Avios fraud where accounts have been emptied has continued to grow in recent months, so I thought it was worth a quick recap of what steps you can take to keep your account safe. Previously, most of the fraud I had read about involved changing the email address associated with your BA Club account and flooding your current email address with spam, so you wouldn’t notice the change notification. These may be related to data breaches where you have reused your password from another site Your first preventive step should be to ensure you have a unique, complex password. If you notice a sudden search in email spam, this can be a sign that an account has been hacked.
The latest way of emptying accounts that I have seen is involving other Avios schemes, such as Iberia or Qatar. A new account is created for Iberia or Qatar and linked to your BA account, and then the Avios are transferred across and removed. What remains a mystery is how they are managing to do this since the information on both should match exactly.
A simple way to prevent this type of fraud is to make sure that you have already linked your account to other Avios schemes. That way, they can’t link your account to a different Iberia/Qatar/etc account. Obviously, make sure they all have unique passwords.
It’s a shame that BA doesn’t have a simple 2-factor authentication like Qatar, where I have to do it every time I log in. With BA’s 2FA, it seems to only be very occasionally when I am on a new device, but so far, I have rarely seen it pop up for me since it first started, despite using several different devices.
What has your experience been with B A’s two-factor authentication? Have you had Avios stolen from your account? Let us know in the comments below.
American Airlines offers one-stop security for connections
We reported a while ago that the US was trialing connecting passengers not having to collect their bags and recheck them. Now, AA has announced that it will be the first airline in the United States to offer seamless connections for travelers and their checked bags. In partnership with the U.S. Transportation Security Administration (TSA), U.S. Customs and Border Protection (CBP) and the U.K. Department for Transport (DfT), the new process allows customers traveling from London Heathrow Airport (LHR) and connecting through the airline’s largest hub, Dallas Fort Worth International Airport (DFW), to clear U.S. Customs right at the arrival gate. So if you are looking at options for connections in the US for the Western side, then it could be worth prioritising Dallas. I have connected through there several times, and although it is a very busy airport, I have had no real issues with it.
Once you have cleared customs at the gate, you can then proceed directly to your connecting flight without reclaiming and rechecking your checked baggage or passing through TSA security. Checked bags are automatically transferred to the connecting flight, streamlining the process.
This first-of-its-kind program, known as One Stop Security (OSS), is expected to cut connection times — which typically include clearing U.S. Customs, claiming checked bags, rechecking bags and then clearing TSA security — by more than half. I usually allow around 3 hours for a connection into the US even with Global entry, so this will definitely be a big benefit.
“One Stop Security is one of the most forward-thinking enhancements we can bring to international travel — and importantly, to our customers — as it delivers a level of convenience and time-savings that’s never been available before to customers connecting from international flights,” said David Seymour, Chief Operating Officer at American. “With this game-changing program and thanks to our federal partners at CBP and TSA, along with DFW Airport, our customers will spend significantly less time worrying about an onerous connection process and more time enjoying their travel journey.”
The U.S. launch at DFW follows a successful pilot earlier this year at LHR, where OSS was introduced for travelers connecting to non-U.K. destinations.
The airline plans to explore opportunities to expand OSS to additional flights and U.S. airports in the future. It would be fantastic if this were available for all airlines and major airports in the US in the future. Either that or the UK getting US Pre-clearance like Dublin which would also solve the issue.
10 comments
I suffered from the fraud that you had described 18 months ago. I immediately contacted BA with the details including those of the imposter- from the spam emails and the new email address on my account. Basically I did a lot of the work for them. Honestly they did not seem that bothered. My account was frozen and the avios re credited within several weeks. I discovered too that they had gone into my flights and changed my seats which I thought was particularly nasty. I immediately installed 2 factor identification on my email account but this was and still is not possible- something that I find bizarre.
It taught me to be very wary and to check all security settings, I heard nothing further from BA though and I can only assume that they accept this type of fraud as normal…
I’m guessing in the grand scheme of Avios the amounts are paltry to BA but they seem to be missing the stress and inconvience caused to customers by these events.
Recent multiple problem with updating passport number. On line. Has to enter old expired number to try and correct. Upon check in seat allocation for my wife not granted as booking resulting on flight arrival to be seated apart. Now having to provide a copy of her passport to correct this. With their leaky web site that gets hacked such detail as a full copy of ones passport to correct the number is dangerous and over the top.
Three weeks ago upon returning from the US, I opened the BA app to discover 1.3 million Avios points I’ve been removed from my account.
I immediately phoned the Gold line and clearly this event was no surprise. I was informed the security team at BA had already locked my account.
I was told they would be in touch with me over the next 5 to 7 business days. Despite repeated requests, the Executive Club would give me no more information on the extent of the compromise of my personal information.
The Avios were eventually credited to my account after providing proof of ID on an insecure email link.
I have now written to the BA data protection officer with a subject asset access request for the full details of the method nature and extent of the compromise of my data.
I await their response.
I’m glad you at least got the Avios back. It would interesting to hear what you get back from them.
Have tried to set up 2 factor authentication for BA Avios. I
Cannot find how to set it up and there is nothing in “Search” to help.
Have to say that BA and Avios sites are very poor.
I think it’s automatic. I’ve never found a way to do it. I totally agree. How hard is it for a large company to add 2FA properly?
Re: the Dallas OSS post. It mentions clearing Customs at the gate and proceeding directly to the connecting flight, but what is the process for clearing Immigration? Apologies if I have missed that
No you didn’t miss that. It was not explained in the press release. I will see if I can find out as it’s quite a crucial question!
Properly implemented MFA shouldn’t require authentication every time you log in. It should be possible to set a device as ‘trusted’ after first passing MFA; once a device has been identified as a trusted device, irregular and infrequent requests to re-authenticate should be all that’s required. And, in that respect, I think BA has it right