No more AA on Award Wallet....kind of

Discussion in 'American Airlines | AAdvantage' started by alohastephen, Dec 2, 2011.  |  Print Topic

  1. alohastephen

    alohastephen Gold Member

    Messages:
    1,202
    Likes Received:
    5,007
    Status Points:
    3,970
    Dear alohastephen,

    American Airlines has contacted us and stated that we may not access its website on your behalf and that we may not store any of your American Airlines account data on our servers.

    As a result, in the coming weeks we will release a browser extension which will enable you to check your balance and still display that balance along with the rest of your loyalty account balances; however, the data, such as your username, password, balance and any other attributes will only be stored in your browser so we will never have access to it.

    Also, this browser extension will be accessing American Airlines website from your computer and not from our servers.

    Since we do not have this extension ready yet, please save all of your American Airlines accounts and password in a secure place so that you can enter that data when we release the extension.

    :(
     
  2. TheBeerHunter
    Original Member

    TheBeerHunter Silver Member

    Messages:
    834
    Likes Received:
    1,398
    Status Points:
    845
    I got the email too. This is very customer unfriendly of American to "bully" Award Wallet like this. Big thumbs down, AA. However, kudos to Award Wallet for coming up with an inventive work-around to keep their customers happy!

    Hopefully AA's lawyers don't find a way to bully them out of allowing us to access our own account info via the browser extension. :mad:
     
  3. miles and smiles
    Original Member

    miles and smiles Gold Member

    Messages:
    17,531
    Likes Received:
    61,942
    Status Points:
    20,020
    I just wrote AAdvantage a letter and told them I was unhappy with this decision and they are driving me away as a customer. Maybe if enough of us complain, they will change their minds.
     
  4. Liucoke

    Liucoke Silver Member

    Messages:
    56
    Likes Received:
    95
    Status Points:
    275
    Got the same email - big dislike to AA on this. One might think a company in bankruptcy wouldn't take actions that annoy their best customers while generating only a little speculative revenue...

    In any case, looks like AwardWallet's extension plan might let them get around the letter of the rule, so hoping they succeed. I'm a big fan of AwardWallet, and wouldn't want to have to check my balance at about 50 different programs on their sites, so here's let's make sure the negative response AA see scares others off from doing the same :)
     
  5. Jimgotkp
    Original Member

    Jimgotkp Gold Member

    Messages:
    12,834
    Likes Received:
    80,011
    Status Points:
    16,495
    Very disappointed to hear as well. This was one of the requests that people mentioned on Maya's thread too in regards to what we wanted. :(
     
  6. Lyssa
    Original Member

    Lyssa Silver Member

    Messages:
    172
    Likes Received:
    133
    Status Points:
    350
    It's frustrating for sure. Being Chicago based SWA and AA are two of my main programs and it was already a pain having to check SWA seperately. Ugh. Hopefully the extension works, it's just a pain becuase I usually check award wallet from multiple computers.
     
  7. Mike Reed

    Mike Reed Gold Member

    Messages:
    2,414
    Likes Received:
    3,574
    Status Points:
    2,025
    I have an open letter to AA about this very topic posted on my blog. I'd love feedback from the community on this...
     
  8. ceieoc

    ceieoc Silver Member

    Messages:
    195
    Likes Received:
    210
    Status Points:
    420
    I think I understand the concern of American Airlines who apparently had the goal of attempting to better protect the account security of 67 million frequent flyers registered with the AAdvantage program. I do not view American Airlines action as corporate bullying. Hopefully the third party "mileage aggregation" providers and American Airlines can add to this discussion. Mike Reed, in his open letter to American Airlines, expresses my shared concerns regarding the loss of access and ease of access to our AAdvantage accounts using the services of mileage aggregators.

    You would be upset if someone accessed your AAdvantage account without your authorization, and used your earned frequent flyer miles for travel. Hopefully this security enhancement by using a browser extension can be used across the applications at Awardwallet.com, Gomiles.com and others to allow secure access to our American Airlines accounts using third party software.

    At American Airlines, safety, in the air, for their employees, customers and computer assets is their number one priority. After the recent AMR bankruptcy, profits will be quickly moving up to American Airlines number two priority.
    .
     
    alohastephen and zpaul like this.
  9. miles and smiles
    Original Member

    miles and smiles Gold Member

    Messages:
    17,531
    Likes Received:
    61,942
    Status Points:
    20,020
    alohastephen likes this.
  10. TheBeerHunter
    Original Member

    TheBeerHunter Silver Member

    Messages:
    834
    Likes Received:
    1,398
    Status Points:
    845
    With all due respect, I don't buy this as being the actual reason behind it. I think AA wants your eyeballs at their site, not some third party's. Therefore, they're playing the "security" card.

    If I have my Award Wallet settings set to store my credentials on my local PC, what does AA care?

    Why doesn't AA go after any of the password management tools out there too, under the same pretense?
     
  11. ceieoc

    ceieoc Silver Member

    Messages:
    195
    Likes Received:
    210
    Status Points:
    420
    I was under the impression that American Airlines was having the same issue will all third party aggregators.

    To respond to your question BeerHunter, if your computer was hacked, only your individual AAdvantage account can be accessed without authorization. If however an aggregators server was hacked, where your AAdvantage account number and password were accessed with thousands or millions of other AAdvantage accounts, the exposure risk to American Airlines regarding compromised account access is significantly more extensive.

    Regarding American Airlines additional motive that they want your "eyeballs at their site", I agree with you. American Airlines and most other companies would prefer total control of their information distributed to their customers. That is why I invited American Airlines and the "mileage aggregators" to add their comments to this Milepoint discussion so we may learn their viewpoint on this issue.
     
    alohastephen likes this.
  12. MLW20
    Original Member

    MLW20 Gold Member

    Messages:
    8,363
    Likes Received:
    4,911
    Status Points:
    6,545
  13. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    Looking at the AwardWallet site, it seems they are using cookies for that. I wonder why they don't use the HTML5 local database storage. Seems a lot less volatile (people are often asked to clear their cookies to try to work around unexplainable issues with websites, and most probably don't do that selectively).

    I personally would be more inclined to use it if they went down that route.

    Ideally, of course, the aggregators and the loyalty programs would just come to agree upon a common approach to security (such as OAuth) to avoid the whole problem of handing over the credentials to a 3rd party. Then again, we're talking about (mostly legacy) airlines and hotel chains here that have computer systems dating back to the dark middle ages ;)
     
  14. daninstl

    daninstl Gold Member

    Messages:
    1,288
    Likes Received:
    1,677
    Status Points:
    1,120
    Yeah I just wrote them an email about this. Hopefully if enough people complain they will change it back. It's just so easy to link there from Award Wallet why they would do this is beyond me. Funny that at the same time they are in a law suit with the reservation system people because they dropped American from the reservation sites or whatever. Poor business decision. In fact I've done less business with Southwest because of this simple fact.
     
  15. Espan

    Espan Silver Member

    Messages:
    532
    Likes Received:
    981
    Status Points:
    750
    and another one who got the letter. I like the way Award Wallet handles CS, and will certainly be writing AA.
     
  16. arkleseizure
    Original Member

    arkleseizure Silver Member

    Messages:
    250
    Likes Received:
    338
    Status Points:
    500
    <sarcasm>
    Well, after that minor news of the bankruptcy filing earlier this week, its reassuring to know that this is the most important thing going on in AAdvantage land.
    </sarcasm>
     
  17. PanAm
    Original Member

    PanAm Silver Member

    Messages:
    342
    Likes Received:
    465
    Status Points:
    545
    Are AA's servers that much more immune to hacking than AW or any other site? I guess I don't have any more confidence that my AA account wouldn't get hacked via the AA.com website, than AW.

    And look at how many third party partners AA teams with, who have databases full of AAdvantage account numbers - they may not have passwords tied to them but they do have names and addresses associated with them. We give our AA number to DirecTV, FTD, you name it - all of those entities get our name, address, and phone number along with our AA number. Someone could still easily book awards on the telephone with that information - no online password needed. Is AA going to cut off partner promotions too, under the security premise?
     
  18. ceieoc

    ceieoc Silver Member

    Messages:
    195
    Likes Received:
    210
    Status Points:
    420
    PanAm, I was under the impression when you booked a ticket over the phone, you would also be required to give your correct PIN associated with your AAdvantage account to complete your transaction. If anyone could call American Airlines and simply use your account number without PIN to book travel, I would also be concerned.

    I believe the computer systems at American Airlines have more security due to the millions of transactions processed through their systems over the last few decades. In fact, American Airlines has more experience with on-line transactions than many other companies as they worked with SABRE (Semi-Automatic Business-Related Environment), a computer reservation system or GDS which was developed to automate the way American Airlines booked reservations since the 1960's.

    Your PIN helps protect your AAdvantage account from unauthorized access. If you have other information PanAm, please let all of us know.
     
  19. DestinationDavid
    Original Member

    DestinationDavid Milepoint Guide

    Messages:
    6,846
    Likes Received:
    12,715
    Status Points:
    11,770
    I was under the impression PINs were optional. Many people conduct airline account business on the phone without them.

    Classic example? A well known travel blogger's ticket was changed by a reader simply by calling the airline and impersonating him. He uses a PIN now. :)
     
    TheBeerHunter likes this.
  20. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    many large companies with supposedly secure systems have been hacked, including credit card processors (Google "Heartland Hack").

    About a year ago I found a pretty easy way to access confidential account data on one of the major hotel companies' loyalty program sites. I notified them and it's been fixed, but the hole was so obvious to anyone with a basic understanding of how websites and web apps should be secured (or could have bugs) that I no longer put much faith into the IT skills of these companies.

    I have no idea if AwardWallet's (or for that matter, any of its competitors) systems are bullet proof. But as lazy as I generally am, I don't put all my passwords into one basket owned and operated by someone I know nothing about, especially when most of the accounts don't have frequent activity and thus don't need constant monitoring. I don't use account aggregators for my financial accounts, and as I value the various miles and point in the tens of thousands of dollars, I apply the same rules here.
     
    ceieoc likes this.
  21. Eloy Fonseca Neto
    Original Member

    Eloy Fonseca Neto Silver Member

    Messages:
    843
    Likes Received:
    1,024
    Status Points:
    870
    I hope the AA representative read all of our thoughts and address us, as a big part of its frequent flyers "customers". I looking forward to hear from AA about this matter, because if I allow third party to access my account, why would AA forbid it?
     
  22. KtownTraveler
    Original Member

    KtownTraveler Silver Member

    Messages:
    81
    Likes Received:
    72
    Status Points:
    255
    Milepoint members a "big part" of AA's customer base? No way. A vocal part, yes. And very often a whiny part too. But surely not a big part by any reasonable numerical measure.
     
  23. DestinationDavid
    Original Member

    DestinationDavid Milepoint Guide

    Messages:
    6,846
    Likes Received:
    12,715
    Status Points:
    11,770
    We tend to get inflated senses of size and importance on FFer forums. We should dub the term "Flyerpointitis". :)

    That being said, seems like people are passionate about the changes. With AA reading and responding at times perhaps they will take some time to explain their position. I suspect AA and its customers will be on opposite sides of these issue regardless though.
     
  24. ceieoc

    ceieoc Silver Member

    Messages:
    195
    Likes Received:
    210
    Status Points:
    420
    Thank you for proactively taking the time to help fix an access problem to our account data at a major hotel website. You also offer good advice not to put your passwords into one website. Computer account security is a complex issue.

    It is possible there is a concern of a breach in security from a third party web site which resulted in a policy modification from American Airlines. My inquiring mind wants to know.
     
  25. Mike Reed

    Mike Reed Gold Member

    Messages:
    2,414
    Likes Received:
    3,574
    Status Points:
    2,025
    Considering that my letter was posted on October 19th, and there were others before me, I fail to see how the fact that AA filed bankruptcy more than a month later has any bearing on the continuing discussion of this issue.

    Or is it your opinion that the ONLY thing we should discuss is the bankruptcy, especially given AA's statement that everything continues unchanged at this point?
     
    LETTERBOY and miles and smiles like this.

Share This Page