A Southwest Airlines customer recently discovered their Rapid Rewards account had been hacked. The hacker bought tickets worth $1,200 for strangers using the account.
The customer noticed the fraud through a credit card alert and an email with the booking details. Surprisingly, Southwest Airlines does not offer two-factor authentication (2FA) or require CVV codes for stored cards, making accounts vulnerable.
Lack of Two-Factor Authentication and CVV Protection
Southwest’s system does not have basic security features like 2FA. It also does not ask for CVV verification when paying with saved cards. This leaves customers’ payment data at risk of misuse.
Customer Support Could Not Fully Assist
When the customer contacted Southwest, the representative had limited access to the account. They could only add a note on the reservation and advised the customer to resolve the issue through their credit card provider.
Timely Cancellation Saved the Customer
With the flight due to depart in 30 minutes, the customer logged in and cancelled the tickets themselves. Thanks to Southwest’s policy allowing cancellations up to 10 minutes before departure, they received a full refund.
Security Concerns for Southwest Airlines
This incident highlights gaps in Southwest’s security measures and customer support. Storing payment information without strong safeguards increases fraud risks. Also, limiting help from representatives leaves customers in tough situations.
In today’s digital world, not having basic protections like 2FA and CVV verification is unacceptable. Southwest Airlines must urgently update its security to protect its customers better.
