Skip to main content

Southwest Airlines Community

Rapid Rewards needs more security than DOB

cmk32886
Explorer C

My Rapid Rewards account was basically taken over by someone with a similar name.  They were allowed to add contact information, email address, change the home address, add another cell phone number and THEY CHANGED THE DATE OF BIRTH.  If you are using the date of birth as the security for the account then you should not allow basic representatives the ability to alter it without manager approval. My account was started in 2016 and these transactions were recent.  If an RR account exists with that name and the information of the customer doesn't match they shouldn't be able to merge the customer account with the RR account.  The DoB can only be changed by SW reps, you can not alter it if you log in to RR.  (my acct. was not logged into, this was all done by reps.)

 

My account had 2 security questions and a unique username; however, they "merged" it with a customer account with the same name.  These features just seem to protect someone from logging onto it, but do not provide any security on the SW side. 

 

This person booked a flight and has a credit card tied to the account. I was on the line (mostly on hold) with customer service for over an hour and a half burning up my cell phone time while they tried to fix this.  Then the customer service rep said they had to contact the other person they put on the account and put me on hold.  I finally hung up because I shouldn't be punished for your mistakes.

 

It is partially the employee's fault that merged the accounts; however, the system itself needs more protection.  Hopefully, when this is resolved I will still have all of my points. There should be more diligence with the protection of personally identifying information.